I would like to know how i could create a log in program with some method of data storage that stores the login information of registered users and then accesses it when users type in their log in details for verification?
I do know how to create a basic login program with labels,buttons and edit boxes but do not know how to store information about the users registered and then access this again.
The fact that you have included the 'database' tag in your question implies that you already know what the solution is - a database. If your program already uses a database, add a table for users which includes their real name, their user name and their encoded password. Your login screen will have to query this table to check whether the user is valid. Make sure that you use parameters to the query; this way you avoid the possibility of sql injection (query 'little bobby tables').
Related
This situation might not happen much, but I would rather be safe than sorry. I'm currently trying to make a sign in/sign up system with flutter MongoDB using API call to my database. On the signup screen, I am making checks to see if the data placed into the password and username text fields already exists within the database. In other words, if an account with those credentials already exists then I ask the user to try again, but if there isn't one then I allow for the user to go to the EULA and submit page.
The problem here is that I feel like that two or more users can do the same check at the same time, and will get the same result because, while their information might match, there isn't an instance of an account with those credentials uploaded to the database for the system to tell them to stop before they go to the submit page. And if they submit the data they wrote on their phones to the database at the same time, a situation is made where we have multiple instances of the same kind of account existing in the database.
I know that keys exist and can help in making each account unique from each other, but, in this situation, I am not sure on how to handle or prevent the concurrent uploading of similar or identical data from local devices to the same server. Are calls to my server and MongoDB asynchornous? Is this something that I need to worry about at all?
TL;DR: If you use a unique index on the username field, then it will raise an error on attempting to create a duplicate, and you can forward this to the user's sign up page and let them change their name.
The long answer:
This is more of a UX problem than a DB problem.
If I understand correctly, the user enters a username & password, then reads the EULA before the account is created.
I would disagree with this - you should make the account once they submit their name, and update it with a Boolean for eulaAccepted so that if this process fails (eg. bad connection) they can come back and accept it later.
You should do two sets of unique username validation:
When they type in the name, you can check for them and let them know the name is available. This still means someone else could take it before they hit save.
Once they hit save. Put a unique index on the username field. Then if a user tries saving a duplicate (even if submitted simultaneously, they will be processed sequentially) then it will raise an error. You can forward this onto the user, prompting them to try a different name.
Answering your other questions:
Are calls to my server and MongoDB asynchronous?
Yes, as they go over the network they are naturally asynchronous. But the saves inside the Database itself are sequential and atomic. MongoDB is ACID compliant. have a read through what it means, and what changed in version 4
Is this something that I need to worry about at all?
Yes, it's good to keep an eye on this sort problems. If you don't consider it now, you will have a nasty bug on your hand later.
How can we develop a voting website based on Wordpress where the landing page is login and password protected and logins and passwords are based on a preloaded database of users. The idea is to create a page for employees where they can enter after they provide the individual credentials. It cannot be based on a system where they register - their data should already be in a database.
I am assuming that you do not want different user roles for different users. If that is the case then you will need to create a function in your theme's functions.php file that will check if user is logged in using is_user_logged_in() and if not, redirect them to login page. In order to work around the problem of every user registering on site by themselves, you can create another piece of code that will iterate user details from a csv file, register them and set each user's password.
The reason for this suggestion/approach:
All the users are registered in your WP Users list so your passwords are not easily stolen.
You can assign custom user roles and capabilities later down the line if you wish.
You can do single or bulk addition of user down the line without redoing the same amount of efforts every time you need to add users.
You do not risk breaking the database structure in WP which is decently optimized.
Now do understand that you will need to leverage object caching and work using pre_get_posts to manage the large size of site.
Good Luck!!
I am developing a desktop application. Multiple users shall be using it to insert, delete and select data from database. As users shall be using it so they would not have to login to database.
I know how to use JDBC (for Java Applications), I need suggestions that I don't want to hard code the credentials of database like host address, username, password ... etc. So if change of credential is needed I can change it without changing the code. Also, I cannot just put database credentials in a text file and read every time when the application need to interact with database.
You can create a ApplicationConstants file which will store the host address, username and password.
If you need to change it you'll have to change it only in one location.
But this will require you to compile the code everytime you make changes.
The alternative is to encrypt the values and store the encrypted values in a text file.
You can use the javax.crypto for encryption/decryption. You can find an example on the following link :
Simple java AES encrypt/decrypt example
I have followed most of the tutorials on the luminusweb.net website, setting up a database system using the +h2 new app. What I have currently mirrors the guestbook setup like the tutorial shows. I am now wondering how I can access specific entries into the migrations up table. More specifically, I am trying to have restricted access to webpages (a login system) based on the entries inside of the table.
The migration file purpose is to create the tables in your database. To access those tables you will have to write queries in the file located here: your_project > resources > sql > queries.sql
Here you should write queries, there are a few examples on the Luminus website. When you see parameters with semicolumns, it means that you have to pass a map with those parameters when you call these queries in your program. Ex: if you have this query:
-- name: accounts_for_user
-- retrieve all accounts a user has access to and the associated rights
SELECT account_name, admin
FROM accounts_users
WHERE email = :email;
The call:
(db/accounts_for_user {:email "laurent#test.com"})
will return a lazy sequence like this:
[{"account_name":"account1","admin":false},
{"account_name":"account2","admin":true},
{"account_name":"account2","admin":true}]
Then if you want to restrict the access to a specific page based on what's in your database, there are a few options. The Buddy auth library offers a few options, the easiest to use is the session one. First, when a user enters a correct password, you inject their identifier in :session :identity in any request. For instance
(-> (redirect "/accounts-list")
(assoc :session {:identity "user#test.com"}))
The identity parameter will be in every request until the session dies (30 minutes by default) or you overwrite it. In your pages, you can test buddy.auth/authenticated? on the requests, and redirect to an error page or whatever you like if it returns false. I am currently writing a tutorial for webapps using Luminus, I'll update this answer when it's available.
I can print
System.Security.Principal.WindowsIdentity.GetCurrent().Name is #System.Security.Principal.WindowsIdentity.GetCurrent().Name
in a razor (.cshtml) file, however, I do not know how to print the app pool or verify that it is indeed accessing the database to login to it (as the login currently fails, that portion is an even tougher question).
This may require creating a string in the controller action trying to access the database, e.g. near something like:
db.myTable // etc
Thanks in advance.
The name you are returning in the code sample is the windows user id that the app pool is using (look in the app pool properties to see what windows username it is using).
This user name, complete with domain name, needs to have access to the db.
You may like to create your own windows user just for the app pool to use something other than local service as it may not be a good idea to give any local service access to your database.
As Will says in his comment, sql profiler should be able to help you find out what's happening if you are not sure.