Secure loggedin check - Any idea?
Posted: Tue 28 Nov 2006 02:46
hi
i'm looking for a good login and logged in check with mydac and mysql. i have on a database table called "members", user accounts saved with username, password and so on. i wanna now that if a user connects over the software, that it checks if the user exists and if, that it makes him as logged in if the login data was ok. i do it now by the following way (sorry its C++ and not delphi but i think you can see the logic) i think its to simple and unsecure way. can anyone say me a better way? (i can't delphi but i think you can write it also in delphi, i will translate it to C++ as good as i can)
the login process:
the check if user is connected and has software rights for loggedin users (e.g. show his profile etc.)
i'm looking for a good login and logged in check with mydac and mysql. i have on a database table called "members", user accounts saved with username, password and so on. i wanna now that if a user connects over the software, that it checks if the user exists and if, that it makes him as logged in if the login data was ok. i do it now by the following way (sorry its C++ and not delphi but i think you can see the logic) i think its to simple and unsecure way. can anyone say me a better way? (i can't delphi but i think you can write it also in delphi, i will translate it to C++ as good as i can)
the login process:
Code: Select all
void __fastcall TfrmLogin::BitBtn1Click(TObject *Sender)
{
App->loggedinUsername = "";
App->isLoggedin = false;
App->MyQuery->SQL->Clear();
App->MyQuery->SQL->Add("SELECT * FROM Profile");
App->MyQuery->SQL->Add("WHERE `Username` = '" + username->Text + "' AND `Password` = '" + password->Text + "'");
App->MyQuery->Open();
if(App->MyQuery->FieldByName("Username")->AsString.IsEmpty() || App->MyQuery->FieldByName("Password")->AsString.IsEmpty())
{
MessageBox(NULL, "login failed.", "error", 48);
}
else
{
App->loggedinUsername = App->MyQuery->FieldByName("Username")->AsString;
App->isLoggedin = true;
MessageBox(NULL, "login successfuly.", "okay", 64);
frmLogin->Close();
}
}Code: Select all
if(isLoggedin && loggedinUsername != "")
{
myProfile->ShowModal();
}
else
{
MessageBox(NULL, "you are not connected", "error", 16);
}