Answered How to create case sensitive check on password and username

nhorton79

New member
Joined
Dec 17, 2015
Messages
2
Programming Experience
Beginner
Hi Everyone,

Very new to this coding stuff and have been developing my own application. Am now working on the login screen and have this working nicely, except for the fact that username and passwords are accepted despite the case being incorrect.
The username and password is checked against an MDB file I have:

See my code:
VB.NET:
Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
        'provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source="
        'Change the following to your access database location
        'dataFile = "C:\Users\nickh\Google Drive\SignNET\VisualStudio\SignNET\SignNET.accdb"
        'connString = provider & dataFile
        myConnection.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source='C:\Users\nickh\Google Drive\SignNET\VisualStudio\SignNET\SignNET.accdb'"
        myConnection.Open()
 
        'the query:
        Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM [tblStaff] WHERE [StaffLogin] = '" & txtUser.Text & "' AND [StaffPassword] = '" & txtPassword.Text & "'", myConnection)
        Dim dr As OleDbDataReader = cmd.ExecuteReader
 
        ' the following variable is hold true if user is found, and false if user is not found 
        Dim userFound As Boolean = False
 
        ' the following variables will hold the user first and last name if found.
        Dim FirstName As String = ""
        Dim LastName As String = ""
 
        'if found:
        While dr.Read
            userFound = True
            FirstName = dr("StaffFirstName").ToString
            LastName = dr("StaffLastName").ToString
        End While
 
        'checking the result
        If userFound = True Then
            Me.Close()
            MsgBox("Hi " & FirstName & " " & LastName & ". You are now logged on.", vbOK)
            frmDash.ShowDialog()
        Else
            MsgBox("Sorry, username or password not found", MsgBoxStyle.OkOnly, "Invalid Login")
        End If
        myConnection.Close()
    End Sub

I am wanting to insert some code to check both the login name and password for case sensitivity.

What would be the best way to do this? String.Compare ?

Hopefully someone will be able to give me some pointers.. Thanks
 
Last edited:
Ok. After a few hours playing around with setting variables and researching the net I have found an answer.
So I am posting what I found out back here so that anyone else with a similar issue can hopefully use this code in their own project.

What I need to do was Dim an extra couple of string variables (UserName and Password)
I also created a new Boolean variable (False as default) which will hold whether the found users password and username checks out:

VB.NET:
Dim FirstName As String = ""
Dim UserName As String = ""
Dim Password As String = ""
Dim UserCheck As Boolean = False


Then, populated the first three of these with information from the database when a record is found:

VB.NET:
While dr.Read
     userFound = True
     FirstName = dr("StaffFirstName").ToString
     UserName = dr("StaffLogin").ToString
     Password = dr("StaffPassword").ToString
End While


After doing that, I could String Compare the Username and Password from the database with the text entered in the textboxes:

VB.NET:
If String.Compare(txtUser.Text, UserName, False) <> 0 Then
      MsgBox("Invalid username!", vbOKOnly)
ElseIf String.Compare(txtPassword.Text, Password, False) <> 0 Then
      MsgBox("Invalid password!", vbOKOnly)
Else
      UserCheck = True
End If

So, if the two strings are identical it passes to the final statement which sets UserCheck as True, otherwise you get msgboxes advising that text entries are incorrect.

Finally, if the Usercheck is True, it lets you into the program, if not you get another chance to enter:

VB.NET:
If UserCheck = True Then
      MsgBox("You are now logged on, " & FirstName, MsgBoxStyle.OkOnly,)
      Me.Close()
      frmDash.ShowDialog()
Else
      MsgBox("Sorry, username or password not found", MsgBoxStyle.OkOnly, "Invalid Login")
End If


So, hopefully this will help someone out in the future. It may not be pretty but it does the job.
There could be some additional things I could do to make this easier, or more secure, or something but am happy with it at the moment.

Well, here is the final finished code for my login button as a whole, if someone would like to use it.

VB.NET:
Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
      provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source="
      'Change the following to your access database location
      dataFile = "C:\Users\nickh\Google Drive\SignNET\VisualStudio\SignNET\SignNET.accdb"
      connString = provider & dataFile
      myConnection.ConnectionString = connString
      myConnection.Open()
 
      'the query:
      Dim cmd As OleDbCommand = New OleDbCommand("SELECT * FROM [tblStaff] WHERE [StaffLogin] = '" & txtUser.Text & "' AND [StaffPassword] = '" & txtPassword.Text & "'", myConnection)
      Dim dr As OleDbDataReader = cmd.ExecuteReader
 
      ' the following variable is hold true if user is found, and false if user is not found 
      Dim userFound As Boolean = False
 
      ' the following variables will hold the user first and last name if found.
      Dim FirstName As String = ""
      Dim UserName As String = ""
      Dim Password As String = ""
      Dim UserCheck As Boolean = False
 
      'if found:
      While dr.Read
            userFound = True
            FirstName = dr("StaffFirstName").ToString
            UserName = dr("StaffLogin").ToString
            Password = dr("StaffPassword").ToString
      End While
 
      'checking case sensitivity
      If String.Compare(txtUser.Text, UserName, False) <> 0 Then
            MsgBox("Invalid username!", vbOKOnly)
      ElseIf String.Compare(txtPassword.Text, Password, False) <> 0 Then
            MsgBox("Invalid password!", vbOKOnly)
      Else
            UserCheck = True
      End If
 
      'checking the result
      If UserCheck = True Then
            MsgBox("You are now logged on, " & FirstName, MsgBoxStyle.OkOnly,)
            Me.Close()
            frmDash.ShowDialog()
      Else
      MsgBox("Sorry, username or password not found", MsgBoxStyle.OkOnly, "Invalid Login")
      End If
      myConnection.Close()
End Sub

If you have any additions, or suggestions, please post them here too.
 
Basically, you're doing it wrong. Firstly, don't check the user name for case. That is something that basically noone anywhere does. There might be some isolated cases but it's basically a bad idea.

As for the password, you shouldn't need to test the case because you shouldn't be storing the raw password. The most correct way to deal with passwords is to hash the password provided when the user registers and store the has. When the user logs in, you hash the password they provide and compare that to the hash stored in the database. Case-sensitivity is irrelevant because the chance that anything they enter will produce the same characters as the stored hash but with different casing is negligibly small. Hashing is something that you can read about on the web.
 
Back
Top