Question Need Coding Help to edit my login form

[ashveen]

This project (code) is working correctly, in order to make it perfect I want to do some adjustments. I want to insert error messages for each textbox and combo box, that is I want to put error message for username, password and user_type, but the below code gives the error only to username and password. I want each one of it to give different error messages so that my objective of validation stated in the project synopsis is verified. I hope you get it.
And also I want to put a set focus to each input box (i.e. username, password and user_type) so that when the user_type is entered correctly, it will automatically go(focus) to the next input box that is the username and after that it will go to the next one that is password.
Thank you I hope its clear, below shows thee code and the interface. Please help me to make my project better!

Imports System.Data.OleDb
Public Class Login_Form
    Dim conn As New OleDbConnection
    Private Sub cmdLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdLogin.Click
        If Me.cmbUser_Type.Text = "" Or Me.txtUsername.Text = "" Or Me.txtPassword.Text = "" Then Exit Sub
        If conn.State = 1 Then conn.Close()
        conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\user\Documents\Visual Studio 2010\Projects\Bakery Payroll System - Nayomi's\Username_Password.accdb"
        conn.Open()
        Dim sqlQRY As String = "SELECT * FROM Username_Password WHERE User_Type=' " & Me.cmbUser_Type.Text & "' AND Username = '" & Me.txtUsername.Text & "' AND Password = '" & Me.txtPassword.Text & "'"
        Dim cmd As OleDbCommand = New OleDbCommand(sqlQRY, conn)
        Dim rdr As OleDbDataReader = cmd.ExecuteReader
        rdr.Read()

        Dim sqlQRY1 As String = "SELECT * FROM Username_Password WHERE User_Type = '" & Me.cmbUser_Type.Text & "' AND Username = '" & Me.txtUsername.Text & "' AND Password = '" & Me.txtPassword.Text & "'"
        Dim cmd1 As OleDbCommand = New OleDbCommand(sqlQRY1, conn)
        Dim rdr1 As OleDbDataReader = cmd1.ExecuteReader
        rdr1.Read()
        If rdr.HasRows = True Then
            Dim User_Type As String = rdr("User_Type").ToString
            Dim Username As String = rdr("Username").ToString
            Dim Password As String = rdr("Password").ToString

            MsgBox("Welcome,You have succesfully logged in!")
            Form1.Show()
            Me.Hide()

        ElseIf rdr1.HasRows = True Then
            Dim User_Type As String = rdr1("User_Type").ToString
            Dim Username As String = rdr1("Username").ToString
            Dim Password As String = rdr1("Password").ToString

            MsgBox("Welcome,You have succesfully logged in!")
            Form1.Show()
            Me.Hide()

        Else

            MessageBox.Show("Invalid Password or Username", "Sorry", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
        End If
    End Sub


 Private Sub Login_Form_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim cnString As String

        cnString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Username_Password.accdb"
        'Create connection
        conn = New OleDbConnection(cnString)

        Try
            ' Open connection
            conn.Open()
        Catch ex As OleDbException
            MessageBox.Show(ex.Message, "Error..", MessageBoxButtons.OK, MessageBoxIcon.Error)
        Finally
            ' Close connection
            'conn.Close()
        End Try
        cmbUser_Type.Text = ""
        txtUsername.Text = ""
        txtPassword.Text = ""
    End Sub

 

[ashveen]

Can anyone help me on this??
pls!!!

 

[jmcilhinney]

What you're suggesting is actually not an improvement. You might think it is because it adds more functionality but the fact that you can do something doesn't mean that you should. If a login fails, the only thing that you should tell the user is that it failed. If you tell them that the user name is correct but the password is not and they are not a legitimate user then you just got them one step closer to hacking an account. Congratulations!

By the way, you should not use string concatenation to insert values into SQL code. You should always use parameters. To learn why and how, follow the Blog link in my signature below and check out my post on Parameters In ADO.NET. That would be a genuine improvement to the code.

 

[ashveen]

yeah you are right on that, I should never put error messages like that.
I have no idea of using parameters. Can you please write the whole above code by using parameters so that I will be able to know what it is.
thanks

 

[jmcilhinney]

Can you please write the whole above code by using parameters so that I will be able to know what it is.

Absolutely not. I don't expect you to have any idea about using parameters. That's exactly why I wrote that blog post: to help teach you and people like you and also so that I didn't have to keep writing the same code over and over. If it's too much trouble for you to follow the link I provided and read the blog post I provided then I don't think I can help you any further. I'm not going to spend my time helping someone who won't spend their time helping themselves.

 

[ashveen]

oh! ok. Can you please give me the link, I couldn't find the correct one

 

[jmcilhinney]

oh! ok. Can you please give me the link, I couldn't find the correct one

If you're really not capable of finding the link then I'm afraid programming is too much for you so you may as well give it up now. If you believe that you're up to programming then I believe that you're capable of following a link and reading a web page. You're just being lazy. That's your prerogative but I'm not going to spend my time finding links for people when there are people who need real help with real programming problems. The information is there if you're prepared to make the tiny effort to find but if you're not prepared to make that effort then you'll have to do without.

 

[ashveen]

ah! thanks for your words of inspiration. I'll find it myself.

 

[ashveen]

John McIlhinney .NUT: Using Parameters in ADO.NET
I found it thanks, I read the whole page. so by using parameters we could assign validations to textboxes, labels, etc.
I have already assigned validations and rules to my back end access database so I think I don't need parameters in my project.
so what's your opinion??

 

[jmcilhinney]

My opinion is that you should do it properly and doing it properly means using parameters, whether you think you need to or not. You don't lose anything by doing so and you may gain something. I don't know what validation you're talking about exactly but it is not required if you use parameters. You simply pass the user input to the database and it either matches or it doesn't. If it doesn't then the login fails and that's all that matters. Why it fails is of no consequence.

 

[ashveen]

Ok I'll try that, If I get any errors or unknown codings, you will help me won't you?
Thanks a lot!

 

[jmcilhinney]

Ok I'll try that, If I get any errors or unknown codings, you will help me won't you?
Thanks a lot!

I certainly will. I'm here to help but it's my opinion that the most useful help is not that which encourages the person being helped not to think for themselves. I am more than happy to point people in the right direction, as I did for you, but I then expect people to head off in that direction themselves and make the best effort they can to use the information they find there. If they do that but are unable to solve the problem, I'm more than happy to lend further assistance. All I ask is that people try but I don't require that they succeed, otherwise what's the point of forums like this?

 

[ashveen]

thanks a lot for your help! and looking forward to ask reasonable queries