I have one database which contains username, password and IsActive (data type is "bit") columns.
My requirement is that I have to display the user details when the user name and password is correct and when the active column of that user is true.
How can I check these 3 columns in Sql Server 2005?
How about something like the following?
SELECT username, password
FROM UsersTable
WHERE IsActive > 0 AND username = 'admin' AND password = '1234'
Related
When i try to execute the query in given bellow
is worked correctly and give the result
but when i change id into email then it will raise the exception
employee = connection.Query<Employee>("select id, email as email , password as password, role as role from Employee where email="+"chamin#gmail.com");
how do i fix this problem??
Strings have to be quoted in SQL :
employee = connection.Query<Employee>(
"select id, email as email , password as password, role as role from Employee where email='"+"chamin#gmail.com" + "'"
);
But your code is very permissive to SQL injection. You should use SQL parameters : it will prevent injection and avoid the issue you met.
this is my sample access database:
ID--UserName--Password--AccountType
1---- A123 --1234 --User
2-----B123 --1345 --Admin
I am using VS2012. In my VB.net Project I have username textbox, a password textbox,
and login button.
I add my database using a wizard. I can add, modify, delete, and query, but how to check if the entered username in username text box exists in UserName column?
I filled up my dataset using:
Me.UsersTableAdapter.Fill(Me.WSDataSet.users)
and if I want to get the user type I am using:
Me.WSDataSet.users.FindByUserName(IDtxt.Text).AcountType
but the main problem if user not exists I get the error below:
An unhandled exception of type 'System.NullReferenceException' occurred in user login.exe Additional information: Object reference not set to an instance of an object.
How can I check if the username exists or not?
Try doing this.
Dim user = Me.WSDataSet.users.FindByUserName(IDtxt.Text)
If not user is nothing Then
'Do what you want with the user object
Else
'Message User does not exist.
End If
you just check if the user exists then do what you want with it.
I have Users table to store user details with password and the authentication for the Application is working good with this.
But we want to integrate Facebook and Google Login in our system so please advise the related schema modifications.
CREATE TABLE dbo.Users(
UserId int IDENTITY(1, 1) PRIMARY KEY,
UserTypeId int, -- Admin = 1, End User = 2. (We have a master table for this, but eliminating here for simplicity)
UserName nvarchar(16) NOT NULL UNIQUE,
UserPassword nvarchar(16),
FirstName nvarchar(64),
LastName nvarchar(64),
DateOfBirth date,
Gender char(1),
PhoneNumber nvarchar(16),
Email nvarchar(128) UNIQUE,
IsActive bit,
UpdateTime datetime default CURRENT_TIMESTAMP )
Here is what I am thinking:
1) Once the user authenticated from Facebook or Google then the application will have claims (emailId)
2) The application should validate the emailId existence in Users Table and if exists it will allow login.
Q1> So will this require any update for the existing Row in Users Table?
Q2> If the user record does not exists (based on emailId claim record) then I think we should add the new record in users table?
Q3> In case of Add: What will be the Username and Password values?
Q4> Can the user (the added record) do a normal login without Facebook login?
Thanks.
In order to accept OpenID logins, you will have to accept and store the users' OpenID-URLs. This URL identifies the user just like an email address does.
Q1: Depends: If you want to allow both OpenID-logins and normal login for the same user, you will have to add another column to the table. If you don't allow mixed logins, you could use your Email column to store the OpenID URL.
Q2: Yes, if you see a new OpenID-URL, handle it just like an unknown email address
Q3: You will have to ask the user to pick a username - I assume you do the same for your current users. If you want to allow both logins for the same user, you will have to ask the user to set a password - otherwise they can only login through their OpenID provider.
Q4: Only if you did ask for a username and a password (see Q3)
Please note that allowing the same user to login through OpenID and using conventional username/password introduces potential security problem: A user might not unserstand that you're asking them to set a password and enter their Facebook (or Google) password. Or they might just not care and use the same password everywhere. If they do so and your database does not encrypt the password properly, your database will store the Facebook names and unencrypted passwords... even if just 10% used the same password on your site - just imagine what they could do with that.
I have a database with users and I want to have a random salt for each user that is saved in the column Salt and a hash of their salt+password in the field password.
I can insert them like this:
INSERT INTO users([Username], [Password], [Salt])
VALUES('David', HASHBYTES('SHA1', 'randomgeneratedsalt' + 'theirpw'), 'randomgeneratedsalt')
But how do I select them?
My own try is:
select *
from users
where Username = 'David'
AND Password = HASHBYTES('SHA1', Salt + 'enteredpw')
Of course I can select the salt for the user that is trying to login, but I'd like to do it without doing so.
You select them by username, which must be unique. After you locate the user you can compare the presented password hash against the stored one. Only need be careful to display the same error whether username was not found or hash don't match (ie. prevent information disclosure that the username is valid).
I have a table called login with a username and password both encrypted by using ENCRYPTBYPASSPHRASE
However when I insert a new login account I want to check wether the new login username doesn't exist already.
How can I check wether a username already exists in the database?
I've tried stuff like select * from login where username = encryptbypassphrase('username', 'passphrase') but that came out negative.
I would expect something like these to be used:
--- For INSERT
insert into login
(username, encryptedphrase)
values
('username', encryptbypassphrase('username', 'passphrase'))
--- Checking a specific username, passphrase combination:
select *
from login
where username = 'username'
and encryptedphrase =
encryptbypassphrase(username, 'passphrase')
--- Checking if a specific username already exists:
select exists
( select *
from login
where username = 'username'
) userexists