...

View Full Version : Hashing Password on login to match the hash value in database



luke.arran
04-09-2011, 07:17 PM
Hello,
Users have already signed up through a webpage, When they signup it encrypts the passwords using MD5 Hash, They can log in through the webpage using their normal password but If I do it through VB then the only way to get in is to use the MD5 hash code and not the normal password.
So if I have the password "banana" it is encrypted in the database using md5 as "sfdhhf488348" or whatever, I can still login through the webpage with "banana" yet in vb.net I have to use "sfdhhf488348"

What do i have to add to the code so the password what they login to matches the password witch is already hashed in the database.


Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click

MySqlConnection = New MySqlConnection
MySqlConnection.ConnectionString = "server=aerolitegaming.co.uk;Port=3306; user id=walkerki_login; password=hidden; database=walkerki_testingphp"
MySqlConnection.Open()

Dim Myadapter As New MySqlDataAdapter
Dim sqlquary = "SELECT * From users WHERE Username='" & UsernameTextBox.Text & "'And Password= '" & PasswordTextBox.Text & "';"

Dim command As New MySqlCommand
command.Connection = MySqlConnection
command.CommandText = sqlquary
Myadapter.SelectCommand = command
Dim mydata As MySqlDataReader
mydata = command.ExecuteReader
If mydata.HasRows = 0 Then
MsgBox("Sorry! We can't find your Username and Password. Try Again or contact us on the forum")
Else
Form1.Show()
Me.Close()

End If
End Sub

Oh and i know about SQL Injecting

Brandoe85
04-10-2011, 06:55 PM
You have to md5 encrypt the password in your vb code and pass that into your query instead of the text box text.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum