You are on page 1of 29

How to Create a Login form in Visual

Basic.Net and MySQL Database


Submitted by:
joken
Friday, October 18, 2013 - 10:06
Language:
Visual Basic .NET
Visitors have accessed this post 1996 times.

Ads not by this site

In this tutorial, I'm going to show you how to create a simple Login-Logout system using Visual
basic.net and MySQl Database. To start with this application, open Visual Basic->Create a New
Project->Save it as Login.
This time, lets add objects to our windows form and these objects are the following: four Labels,
two Textbox,two buttons and a Groupbox.

Designing object Properties


Object
Label1
Label2
Label3
Label4
Textbox1
Textbox2
Button1

Property
Name
Text
Name
Text
Text
Text
Name
Name
PasswordChar
Name

Settings
lbllogin
Login
lblname
Hi,Guest!
Username
Password
txtuname
txtpass
*
btnok

Text
Name
Text

Button2

OK
btncancel
Cancel

After setting the Object properties, arrange all the objects like as shown below.

This time, lets we are now ready to add functionality to our application. To do this, double click
the form and add the following code:
This code will simply disable the group box that holding the label Username and Password same
with the two textbox and two Buttons.
1. GroupBox1.Enabled = False

Next, double click the lbllogin label and add the following code:
This code will check if the lbllogin is set to Logout then it reset the text of lbllogin to
Login same with the lblname to Hi, Guest!, else if the text of lbllogin is equal to
Login then it's enabled the Group box.
1.

If lbllogin.Text = "Logout" Then

2.

lbllogin.Text = "Login"

3.

lblname.Text = "Hi, Guest!"

4.

ElseIf lbllogin.Text = "Login" Then

5.

GroupBox1.Enabled = True

6.
7.

End If

Then add the following code under the public class.

1. 'Represents an SQL statement or stored procedure to execute against a


data source.
2.

Dim cmd As New MySqlCommand

3.

Dim da As New MySqlDataAdapter

4.

'declare conn as connection and it will now a new connection because

5.

'it is equal to Getconnection Function

6.

Dim con As MySqlConnection = jokenconn()

7.
8.
9.

Public Function jokenconn() As MySqlConnection

10.

Return New MySqlConnection("server=localhost;user


id=root;password=;database=studentdb")
End Function

And double click the OK button and add the following code:
Ads not by this site

1. Dim sql As String


2.

Dim publictable As New DataTable

3.

Try

4.

'check if the textbox is equal to nothing then it will


display the message below!.

5.

If txtuname.Text = "" And txtpass.Text = "" Then

6.

MsgBox("Password or Username Incorrect!")

7.
8.
9.

Else
sql = "select * from tbluseraccounts where username ='"
& txtuname.Text & "' and userpassword = '" & txtpass.Text & "'"

10.

'bind the connection and query

11.

With cmd

12.

.Connection = con

13.

.CommandText = sql

14.

End With

15.

da.SelectCommand = cmd

16.

da.Fill(publictable)

17.

'check if theres a result by getting the count number

18.

If publictable.Rows.Count > 0 Then

of rows

19.
20.

'it gets the data from specific column and assign

21.

Dim user_type, name As String

22.

user_type = publictable.Rows(0).Item(4)

23.

name = publictable.Rows(0).Item(2)

24.

'check if the type of user is admin

25.

If user_type = "Admin" Then

to the variable

26.

'welcomes the user as Admiistrator

27.

MsgBox("Welcome " & name & " you login as

28.

'set the lbllogin text to Logout

29.

lbllogin.Text = "Logout"

30.

'disabled the groupbox

31.

GroupBox1.Enabled = False

32.

'reset all the two textbox

33.

txtuname.Text = ""

34.

txtpass.Text = ""

35.

'set the lblname to the specific user

36.

lblname.Text = "Hi, " & name

Administrator ")

37.
38.

ElseIf user_type = "Encoder" Then

39.

MsgBox("Welcome " & name & " you login as

40.

lbllogin.Text = "Logout"

41.

GroupBox1.Enabled = False

42.

txtuname.Text = ""

43.

txtpass.Text = ""

44.

lblname.Text = "Hi, " & name

Encoder ")

45.

Else

46.

MsgBox("You login as Guest!")

47.

lbllogin.Text = "Logout"

48.

GroupBox1.Enabled = False

49.

txtuname.Text = ""

50.

txtpass.Text = ""

51.

lblname.Text = "Hi, " & name

52.

End If

53.
54.

Else

55.

MsgBox("Contact administrator to registered!")

56.

txtuname.Text = ""

57.

txtpass.Text = ""

58.

End If

59.
60.
61.

da.Dispose()
End If

62.
63.

Catch ex As Exception

64.

MsgBox(ex.Message)

65.
66.

End Try

67.

con.Clone()

This time you can now test your application by pressing F5.
And here's the database table used.
1. CREATE TABLE IF NOT EXISTS `tbluseraccounts` (
2.

`userID` int(11) NOT NULL AUTO_INCREMENT,

3.

`username` varchar(255) DEFAULT NULL,

4.

`users_name` varchar(255) DEFAULT NULL,

5.

`userpassword` varchar(255) DEFAULT NULL,

6.

`usertype` varchar(255) DEFAULT NULL,

7.

PRIMARY KEY (`userID`)

8. ) ENGINE=MyISAM

DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;

9.
10. -11. -- Dumping data for table `tbluseraccounts`
12. -13.
14. INSERT INTO `tbluseraccounts` (`userID`, `username`, `users_name`,
`userpassword`, `usertype`) VALUES
15. (1, 'admin', 'Joken Villanueva', 'admin123', 'Admin'),
16. (2, 'jason', 'Jason Batuto', 'jason123', 'Encoder');

After testing the program, heres all the following code used in this application.

Ads not by this site

1. Imports MySql.Data.MySqlClient
2.
3. Public Class Form1
4.

'Represents an SQL statement or stored procedure to execute against


a data source.

5.

Dim cmd As New MySqlCommand

6.

Dim da As New MySqlDataAdapter

7.

'declare conn as connection and it will now a new connection because

8.

'it is equal to Getconnection Function

9.

Dim con As MySqlConnection = jokenconn()

10.
11.

Public Function jokenconn() As MySqlConnection

12.

Return New MySqlConnection("server=localhost;user


id=root;password=;database=studentdb")

13.

End Function

14.

Private Sub btnlogin_Click(ByVal sender As System.Object, ByVal e


As System.EventArgs) Handles btnlogin.Click

15.

Dim sql As String

16.

Dim publictable As New DataTable

17.

Try

18.

'check if the textbox is equal to nothing then it will


display the message below!.

19.

If txtuname.Text = "" And txtpass.Text = "" Then

20.

MsgBox("Password or Username Incorrect!")

21.
22.
23.

Else
sql = "select * from tbluseraccounts where username
='" & txtuname.Text & "' and userpassword = '" & txtpass.Text & "'"

24.

'bind the connection and query

25.

With cmd

26.

.Connection = con

27.

.CommandText = sql

28.

End With

29.

da.SelectCommand = cmd

30.

da.Fill(publictable)

31.

'check if theres a result by getting the count number


of rows

32.

If publictable.Rows.Count > 0 Then

33.
34.

'it gets the data from specific column and assign


to the variable

35.

Dim user_type, name As String

36.

user_type = publictable.Rows(0).Item(4)

37.

name = publictable.Rows(0).Item(2)

38.

'check if the type of user is admin

39.

If user_type = "Admin" Then

40.

'welcomes the user as Admiistrator

41.

MsgBox("Welcome " & name & " you login as


Administrator ")

42.

'set the lbllogin text to Logout

43.

lbllogin.Text = "Logout"

44.

'disabled the groupbox

45.

GroupBox1.Enabled = False

46.

'reset all the two textbox

47.

txtuname.Text = ""

48.

txtpass.Text = ""

49.

'set the lblname to the specific user

50.

lblname.Text = "Hi, " & name

51.
52.

ElseIf user_type = "Encoder" Then

53.

MsgBox("Welcome " & name & " you login as


Encoder ")

54.

lbllogin.Text = "Logout"

55.

GroupBox1.Enabled = False

56.

txtuname.Text = ""

57.

txtpass.Text = ""

58.

lblname.Text = "Hi, " & name

59.

Else

60.

MsgBox("You login as Guest!")

61.

lbllogin.Text = "Logout"

62.

GroupBox1.Enabled = False

63.

txtuname.Text = ""

64.

txtpass.Text = ""

65.

lblname.Text = "Hi, " & name

66.

End If

67.
68.

Else

69.

MsgBox("Contact administrator to registered!")

70.

txtuname.Text = ""

71.

txtpass.Text = ""

72.

End If

73.
74.

da.Dispose()

75.

End If

76.
77.

Catch ex As Exception

78.

MsgBox(ex.Message)

79.
80.

End Try

81.

con.Clone()

82.
83.
84.

End Sub

85.
86.

Private Sub lbllogin_Click(ByVal sender As System.Object, ByVal e


As System.EventArgs) Handles lbllogin.Click

87.
88.

If lbllogin.Text = "Logout" Then

89.

lbllogin.Text = "Login"

90.

lblname.Text = "Hi, Guest!"

91.

ElseIf lbllogin.Text = "Login" Then

92.

GroupBox1.Enabled = True

93.
94.
95.

End If
End Sub

96.
97.

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As


System.EventArgs) Handles MyBase.Load

98.
99.

GroupBox1.Enabled = False
End Sub

100. End Class

Tutorial how to create login Form in VB.NET


using database mysql
inShare
now i want to share my tutorial , how to create login form in VB.net after i share php and extjs at
previous post.
Create new project windows application in VB.net
create new form login , like this design

before we code login button you need to make sure table user is exist
create table user with this sql
CREATE TABLE user (
username VARCHAR( 20 ) NOT NULL DEFAULT ,
password VARCHAR( 50 ) NOT NULL DEFAULT ,
typelogin VARCHAR( 20 ) NOT NULL DEFAULT ,
PRIMARY KEY ( username )

) ENGINE = MYISAM DEFAULT CHARSET = utf8;

insert one user, and back to vb.net.


make connection at form load
If conn Is Nothing Then
openconn()
Else
If conn.State = ConnectionState.Closed Then
openconn()
End If
End If
Code for login
Private Sub Btn_login_Click(By
On Error GoTo err
Dim areader As MySqlDat
Dim cmd As New MySqlC

1 Private Sub Btn_login_Click(ByVal sender As System.Object, ByVal e As


2 System.EventArgs) Handles Btn_login.Click
3
On Error GoTo err
4
Dim areader As MySqlDataReader
5
Dim cmd As New MySqlCommand
6
cmd.CommandText = "select * from user where username ='" & txtuser.Text & "'"
7
cmd.Connection = conn
8
areader = cmd.ExecuteReader()
9
Dim validlogin As Boolean
10
validlogin = False
11
Dim messageerror As String = ""
12
If areader.HasRows = True Then
13
areader.Read()
14
If areader.Item("password") = txtpass.Text Then
15
validlogin = True
16
Else
17
messageerror = "Password not match"
18
End If
19
Else
20
messageerror = "incorrect username"
21
End If
22
If validlogin = True Then
23
alreadylogin = True
24
userlogin = areader.Item("username")
25
typelogin = areader.Item("type")
26
txtuser.Text = ""
27
txtpass.Text = ""

28
29
30
31
areader.Close()
32
' you can add another code or call function in this section
33
Me.Dispose()
34
Else
35
areader.Close()
36
txtpass.Text = ""
37
MessageBox.Show(messageerror)
38
End If
39
Exit Sub
40
err:
41
If areader.IsClosed = False Then
42
areader.Close()
43
End If
44
MessageBox.Show(Err.Description)
45
End Sub
46
47
48
49
now we are finish with login form. you can set startup with this login form or another form.

[RESOLVED] Login form with MD5 encrypted password from


MySQL database
Hello!
I m creating a Log In form at VB.NET and i have some problems The connection
between the application and the web server opens fine and i can login if i use the
MD5 encrypted text of the database. The problem is that as the passwords are
encrypted the application cannot read the actual password but it can read the text...
some help will be MUCH appreciated.
My Code is:
vb Code:
1. Private Sub OK_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles OK.Click
2.
3.

'-----------------------------------------------------'

4.

Dim conn As MySqlConnection

5.

'connect to DB

6.

conn = New MySqlConnection()

7.

conn.ConnectionString = "server=ip;user id=user; password=pass;


database=db"

8.

'see if connection failed.

9.

Try

10.
11.

conn.Open()
Catch myerror As MySqlException

12.

MessageBox.Show("Error Connecting to Database: " &


myerror.Message)

13.

End Try

14.

'sql query

15.

Dim myAdapter As New MySqlDataAdapter

16.
17.

Dim sqlquery = "SELECT memberName, passwd FROM smf_members


Where memberName='" & UsernameTextBox.Text & "' and passwd='" &
PasswordTextBox.Text & "'"

18.

Dim myCommand As New MySqlCommand()

19.

myCommand.Connection = conn

20.

myCommand.CommandText = sqlquery

21.

'start query

22.

myAdapter.SelectCommand = myCommand

23.

Dim myData As MySqlDataReader

24.

myData = myCommand.ExecuteReader()

25.

'see if user exits.

26.

If myData.HasRows = 0 Then

27.

MessageBox.Show("Invalid Login Details", "Login Error",


MessageBoxButtons.OK, MessageBoxIcon.Error)

28.

Else

29.

Dim frm1 = New Form1

30.

frm1.Show()

31.

Me.Visible = False

32.

End If

Reply With Quote


Feb 9th, 2011, 04:27 PM #2
stanav

PowerPoster

Join Date
Jul 2006
Location
Providence, RI - USA
Posts
9,195

Re: Login form with MD5 encrypted password from MySQL


database
It should be like this:
Code:
Private Sub OK_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles OK.Click
'-----------------------------------------------------'
Dim conn As MySqlConnection
'connect to DB
conn = New MySqlConnection()
conn.ConnectionString = "server=ip;user id=user; password=pass;
database=db"
'see if connection failed.
Try
conn.Open()
'sql query
Dim myAdapter As New MySqlDataAdapter
Dim sqlquery = "SELECT memberName, passwd FROM smf_members Where
memberName='" & UsernameTextBox.Text & "' and passwd='" & PasswordTextBox.Text
& "'"
Dim myCommand As New MySqlCommand()
myCommand.Connection = conn
myCommand.CommandText = sqlquery
'start query
myAdapter.SelectCommand = myCommand
Dim myData As MySqlDataReader
myData = myCommand.ExecuteReader()
'see if user exits.
If myData.HasRows Then
Dim frm1 = New Form1
frm1.Show()
Me.Visible = False
Else
MessageBox.Show("Invalid Login Details", "Login Error",
MessageBoxButtons.OK, MessageBoxIcon.Error)
End If
conn.Close()

Catch myerror As MySqlException


MessageBox.Show("Error occurred: " & myerror.Message)
End Try

End Sub
Let us have faith that right makes might, and in that faith, let us, to the end, dare to do our
duty as we understand it.
- Abraham Lincoln -

Reply With Quote


Feb 9th, 2011, 04:28 PM #3
cicatrix

PowerPoster
Join Date
Dec 2009
Location
Moscow, Russia
Posts
3,589

Re: Login form with MD5 encrypted password from MySQL


database
If I'm getting you right, the passwords aren't storeed in the database, instead there
are MD5 hashes.
Well then, you have to calculate MD5 hash of the password string the user inputs
and search for any matches.
I'm not sure if this code works, since I don't have VS installed right now, but it
presumably calculates an MD5 hash of a string:
Code:
Imports System.Text
Imports System.Security.Cryptography
Private Function GenerateHash(ByVal SourceText As String) As String

'Create an encoding object to ensure the encoding standard for the source text
Dim Ue As New UnicodeEncoding()
'Retrieve a byte array based on the source text
Dim ByteSourceText() As Byte = Ue.GetBytes(SourceTStext)
'Instantiate an MD5 Provider object
Dim Md5 As New MD5CryptoServiceProvider()
'Compute the hash value from the source
Dim ByteHash() As Byte = Md5.ComputeHash(ByteSourceText)
'And convert it to String format for return
Return Convert.ToBase64String(ByteHash)
End Function

So, instead of searching for password, you should search for MD5 hash of it.
#define true ((rand() % 2)? true: false) // Debug THAT!
Rate the posts that helped you!

Evaluating Expressions | Simple POP3 Protocol Realization | Timers explained | Delegates explained | A secure login to your
app sample | Numeric Textbox | Printer.Print (or I miss VB6 printing in .Net) | Shuffling any IEnumerable | Marshalling
structures to byte arrays and back | Invoking a method by its name | Plugins architecture WITHOUT references | Permuter
that permutes everything | Encrypt/Decrypt your stuf | Snake Game | Enumerating all Network Adapters in the system |
How to make a web request

Reply With Quote


Feb 9th, 2011, 04:31 PM #4
stanav

PowerPoster
Join Date
Jul 2006
Location
Providence, RI - USA
Posts
9,195

Re: Login form with MD5 encrypted password from MySQL


database
Oh, yes. You have to hash the password 1st and then use that hash in your query
instead of the plain password.

Let us have faith that right makes might, and in that faith, let us, to the end, dare to do our
duty as we understand it.
- Abraham Lincoln -

Reply With Quote


Feb 9th, 2011, 05:03 PM #5
Dimitris4463

Thread Starter
Member
Join Date
Aug 2010
Posts
38

Re: Login form with MD5 encrypted password from MySQL


database
Thanks for the fast replies guys! Fortunately I got trouble to understand
So now I come up with this:
Code:
Imports MySql.Data.MySqlClient
Imports System.Data
Imports MySql.Data
Imports MySql
Imports System.Data.SqlClient
Imports System.Text
Imports System.Security.Cryptography
Public Class LoginForm2
Private Function GenerateHash(ByVal SourceText As String) As String
'Create an encoding object to ensure the encoding standard for the
source text
Dim Ue As New UnicodeEncoding()
'Retrieve a byte array based on the source text
Dim ByteSourceText() As Byte = Ue.GetBytes(SourceTSText)
'Instantiate an MD5 Provider object
Dim Md5 As New MD5CryptoServiceProvider()
'Compute the hash value from the source
Dim ByteHash() As Byte = Md5.ComputeHash(ByteSourceText)
'And convert it to String format for return
Return Convert.ToBase64String(ByteHash)
End Function

Dim MySqlConnection As MySqlConnection


Private Sub OK_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles OK.Click
'-----------------------------------------------------'
Dim conn As MySqlConnection
'connect to DB
conn = New MySqlConnection()
conn.ConnectionString = "server=ip;user id=user; password=pass;
database=db"
'see if connection failed.
Try
conn.Open()
'sql query
Dim myAdapter As New MySqlDataAdapter
Dim sqlquery = "SELECT memberName, passwd FROM smf_members Where
memberName='" & UsernameTextBox.Text & "' and passwd='" & PasswordTextBox.Text
& "'"
Dim myCommand As New MySqlCommand()
myCommand.Connection = conn
myCommand.CommandText = sqlquery
'start query
myAdapter.SelectCommand = myCommand
Dim myData As MySqlDataReader
myData = myCommand.ExecuteReader()
'see if user exits.
If myData.HasRows Then
Dim frm1 = New Form1
frm1.Show()
Me.Visible = False
Else
MessageBox.Show("Invalid Login Details", "Login Error",
MessageBoxButtons.OK, MessageBoxIcon.Error)
End If
conn.Close()
Catch myerror As MySqlException
MessageBox.Show("Error occurred: " & myerror.Message)
End Try
End Sub

And at the Function I m getting:


Error 1 'SourceTSText' is not declared. It may be inaccessible due to its protection
level.
Maybe I can't understand it correctly cause I m a PHP Freak!
Reply With Quote
Feb 9th, 2011, 05:12 PM #6
cicatrix

PowerPoster
Join Date
Dec 2009
Location
Moscow, Russia
Posts
3,589

Re: Login form with MD5 encrypted password from MySQL


database
It's a typo - change to SourceText.
Did you go into trouble of actually understanding the code before you tried to run it?
Back in the good old DOS times, people posted assembly code of a HDD low level
format tool under 'Internet cracker' title. And some actually got their drives
formatted )
#define true ((rand() % 2)? true: false) // Debug THAT!
Rate the posts that helped you!
Evaluating Expressions | Simple POP3 Protocol Realization | Timers explained | Delegates explained | A secure login to your
app sample | Numeric Textbox | Printer.Print (or I miss VB6 printing in .Net) | Shuffling any IEnumerable | Marshalling
structures to byte arrays and back | Invoking a method by its name | Plugins architecture WITHOUT references | Permuter
that permutes everything | Encrypt/Decrypt your stuf | Snake Game | Enumerating all Network Adapters in the system |
How to make a web request

Reply With Quote


Feb 9th, 2011, 05:23 PM #7
Dimitris4463

Thread Starter
Member
Join Date
Aug 2010

Posts
38

Re: Login form with MD5 encrypted password from MySQL


database
ok I actually imagine that it was an typo.
As I have no idea about MD5 encryption inside VB.NET i cannot clearly understand
what the code say
Now the last one:
I have to make sth like:
GenerateHash(PasswordTextBox.Text) to make it working ?
cause I try it with both but I m getting "Invalid Log In Details"
Reply With Quote
Feb 10th, 2011, 06:51 AM #8
Dimitris4463

Thread Starter
Member
Join Date
Aug 2010
Posts
38

Re: Login form with MD5 encrypted password from MySQL


database
Originally Posted by Dimitris4463
ok I actually imagine that it was an typo.
I have to make sth like:
GenerateHash(PasswordTextBox.Text) to make it working ?
cause I try it with both but I m getting "Invalid Log In Details"
someone please ??????
Reply With Quote
Feb 10th, 2011, 07:51 AM #9

cicatrix

PowerPoster
Join Date
Dec 2009
Location
Moscow, Russia
Posts
3,589

Re: Login form with MD5 encrypted password from MySQL


database
In the code you've posted you didn't change anything. You substitute
PasswordTextBox.Text in your query while you shold substitute its md5 hash:
GenerateHash(PasswordTextBox.Text)
#define true ((rand() % 2)? true: false) // Debug THAT!
Rate the posts that helped you!
Evaluating Expressions | Simple POP3 Protocol Realization | Timers explained | Delegates explained | A secure login to your
app sample | Numeric Textbox | Printer.Print (or I miss VB6 printing in .Net) | Shuffling any IEnumerable | Marshalling
structures to byte arrays and back | Invoking a method by its name | Plugins architecture WITHOUT references | Permuter
that permutes everything | Encrypt/Decrypt your stuf | Snake Game | Enumerating all Network Adapters in the system |
How to make a web request

Reply With Quote


Feb 10th, 2011, 09:38 AM #10
Dimitris4463

Thread Starter
Member
Join Date
Aug 2010

Posts
38

Re: Login form with MD5 encrypted password from MySQL


database
Hi again !
Let's start from scratch again
My encrypted code looks like this is MySql db:
"81dc9bdb52d04dc20036dbd8313ed055"
Which is actually the numbers: "1234"
I have try the code that you provide me and I m getting:
"DwN1hMmef9T0+MWVUPj1Bw=="
Now, the MySql cannot connect me because it is not a valid password for the
encrypted "1234"

P.S. Everything without the ""


Last edited by Dimitris4463; Feb 10th, 2011 at 09:45 AM.
Reply With Quote
Feb 10th, 2011, 09:47 AM #11
cicatrix

PowerPoster
Join Date
Dec 2009
Location
Moscow, Russia
Posts
3,589

Re: Login form with MD5 encrypted password from MySQL


database
Are you sure that the hashes in the database use MD5 algorhithm?
Well, try this sample from MSDN:
Code:
Function getMd5Hash(ByVal input As String) As String
' Create a new instance of the MD5 object.
Dim md5Hasher As MD5 = MD5.Create()
' Convert the input string to a byte array and compute the hash.
Dim data As Byte() =
md5Hasher.ComputeHash(Encoding.Default.GetBytes(input))
' Create a new Stringbuilder to collect the bytes
' and create a string.
Dim sBuilder As New StringBuilder()
' Loop through each byte of the hashed data
' and format each one as a hexadecimal string.
Dim i As Integer
For i = 0 To data.Length - 1
sBuilder.Append(data(i).ToString("x2"))
Next i
' Return the hexadecimal string.
Return sBuilder.ToString()
End Function

Also, there might be problems with encodings. Which one is the default one for your
system?
#define true ((rand() % 2)? true: false) // Debug THAT!
Rate the posts that helped you!
Evaluating Expressions | Simple POP3 Protocol Realization | Timers explained | Delegates explained | A secure login to your
app sample | Numeric Textbox | Printer.Print (or I miss VB6 printing in .Net) | Shuffling any IEnumerable | Marshalling
structures to byte arrays and back | Invoking a method by its name | Plugins architecture WITHOUT references | Permuter
that permutes everything | Encrypt/Decrypt your stuf | Snake Game | Enumerating all Network Adapters in the system |
How to make a web request

Reply With Quote


Feb 10th, 2011, 11:12 AM #12
Dimitris4463

Thread Starter
Member

Join Date
Aug 2010
Posts
38

Re: Login form with MD5 encrypted password from MySQL


database
no succes yet
the db password is stored into tables by the following php string
Code:
$password = md5($data['password'] . $salt);

which turns the normal text into MD5 Hash.


System confing? the server or my local pc ?
Reply With Quote
Feb 10th, 2011, 11:20 AM #13
CVMichael

PowerPoster
Join Date
Feb 2002
Location
Canada, Toronto
Posts
5,708

Re: Login form with MD5 encrypted password from MySQL


database
You should encrypt the password on the client side NOT the server side, otherwise
what's the point of encryption if the password is sent in clear text to the server?
Take a look here: http://pajhome.org.uk/crypt/md5/
You can download the "md5.js" and using java script you can encrypt the password

in the "OnClick" event of the submit button on the client side, and override the
plain password text with the encrypted one. This way only the encrypted password
will be sent to the server.
Also, MD5 is not strong enough, use SHA instead, you can find in the same link
javascript code to encrypt all the way to 512 bit...
Reply With Quote
Feb 10th, 2011, 11:33 AM #14
Dimitris4463

Thread Starter
Member
Join Date
Aug 2010
Posts
38

Re: Login form with MD5 encrypted password from MySQL


database
Thanks all for the help!
@CVMichael Thanks for the tips, I will use this for futures projects. Now i cannot
change 200++ passwords encryption.
Now the things come clear...
I contact the developer of the database and I have an answer:
"The db uses 2 ways to encrypt the password. 1 is the password itself and 1 the
salt.
Salt is an extra layer of security, what happens is
Password is MD5'd, then that is appended to the salt, and that whole thing is then
MD5'd. That way it can't be decoded at all since it's doubly encrypted a.k.a
password + salt together"
Is it still accessible to login from a VB.NET client ?
P.S. I m totally LOST
Reply With Quote

Feb 11th, 2011, 04:46 AM #15


cicatrix

PowerPoster
Join Date
Dec 2009
Location
Moscow, Russia
Posts
3,589

Re: Login form with MD5 encrypted password from MySQL


database
Theoretically, yes. But you have to know what 'salt' is used.
In order to get a proper hash you should repeat the process exactly like the original
process did.
Although I am not an expert in cryptography, but I fail to see the necessity of salt
here - either it should be a constant or generated pseudo-randomly from a known
seed. In either case you should know what salt has been used to create the
passwords for the database.
1. Get an MD5 of a password
2. Append salt
3. Get an MD5 of a md5'd pass + salt