I am building a login system that has two different user types. Within the user field their is a boolean column called user_isAdmin. If true, the user is an admin, if false the user is a default user. Currently I have written a code that logs in but currently returns true for every user. Here is the first attempt:
private void confirmBtn_Click(object sender, EventArgs e)
{
Connect database = new Connect();
String username = usernameField.Text;
String password = passwordField.Text;
DataTable table = new DataTable();
MySqlDataAdapter adapter = new MySqlDataAdapter();
MySqlCommand command = new MySqlCommand("SELECT * From tbl_user WHERE `username` = @uname and `user_password` = @pwd", database.getConnection());
command.Parameters.Add("uname", MySqlDbType.VarChar).Value = username;
command.Parameters.Add("pwd", MySqlDbType.VarChar).Value = password;
adapter.SelectCommand = command;
adapter.Fill(table);
if (!checkInputFields())
{
if (username.ToLower().Trim().Equals("") || password.Trim().Equals(""))
{
/*Please Enter Username or Password*/
MessageBox.Show("Please Enter Username or Password!", "", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
}
else if (table.Rows.Count > 0)
{
/*Login Success for Admin*/
if (!checkIfAdmin()) {
MessageBox.Show("Admin Login Successful!", "", MessageBoxButtons.OK, MessageBoxIcon.Information);
this.Hide();
HomeAdmin admin = new HomeAdmin();
admin.ShowDialog();
}
else
{
/*Login Success for user*/
MessageBox.Show("User Login Successful!", "", MessageBoxButtons.OK, MessageBoxIcon.Information);
this.Hide();
HomePlayer user = new HomePlayer();
user.ShowDialog();
}
}
else
{
/*Login Error No Username*/
if (username.Trim().Equals(""))
{
MessageBox.Show("Please Enter Your Username", "", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
}
/*Login Error No password*/
else if (password.Trim().Equals(""))
{
MessageBox.Show("Please Enter Your Password", "", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
}
else
{
/*Login Error Wrong Username or password*/
MessageBox.Show("Username or Password is incorrect", "", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
}
}
}
else
{
MessageBox.Show("Please Enter all your details", "", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
}
}
/*Check All Fields Have Inputs*/
public Boolean checkInputFields()
{
String username = usernameField.Text;
String password = passwordField.Text;
if (username.ToLower().Trim().Equals("username") || password.ToLower().Trim().Equals("password"))
{
return true;
}
else
{
return false;
}
}
public Boolean checkIfAdmin()
{
Connect database = new Connect();
MySqlCommand command = new MySqlCommand("SELECT user_isAdmin From tbl_user WHERE userID = userID", database.getConnection());
command.Connection.Open();
bool isAdmin = (bool)command.ExecuteScalar();
if (isAdmin)
{
return true;
}
else
{
return false;
}
}
It reaches this section where it calls checkIfAdmin:
if (!checkIfAdmin()) {
MessageBox.Show("Admin Login Successful!", "", MessageBoxButtons.OK, MessageBoxIcon.Information);
this.Hide();
HomeAdmin admin = new HomeAdmin();
admin.ShowDialog();
}
else
{
/*Login Success for user*/
MessageBox.Show("User Login Successful!", "", MessageBoxButtons.OK, MessageBoxIcon.Information);
this.Hide();
HomePlayer user = new HomePlayer();
user.ShowDialog();
}
This is checkIfAdmin:
public Boolean checkIfAdmin()
{
Connect database = new Connect();
MySqlCommand command = new MySqlCommand("SELECT user_isAdmin From tbl_user WHERE userID = userID", database.getConnection());
command.Connection.Open();
bool isAdmin = (bool)command.ExecuteScalar();
if (isAdmin)
{
return true;
}
else
{
return false;
}
}
Currently it only returns true which says that all users are admins, even thought they arent. What I want to know is how I can select the user_isAdmin value based on whether or not they are an admin. If they are an admin, calling the checkIsAdming would run:
MessageBox.Show("Admin Login Successful!", "", MessageBoxButtons.OK, MessageBoxIcon.Information);
this.Hide();
HomeAdmin admin = new HomeAdmin();
admin.ShowDialog();
Whereas a user would run:
MessageBox.Show("User Login Successful!", "", MessageBoxButtons.OK, MessageBoxIcon.Information);
this.Hide();
HomePlayer user = new HomePlayer();
user.ShowDialog();
Here is my user table if it helps:
Answer
When you use SELECT user_isAdmin From tbl_user WHERE userID = userID, as others pointed out, you are not selecting a row for a particular user ID, because you’re not passing the userID as a parameter.
The command you used is equivalent to SELECT user_isAdmin From tbl_user WHERE 1 = 1. When you execute this command, it will return a list of the user_isAdmin values for all the users in your table.
In order to achieve what you want, you need to get the user_isAdmin value for the unique user. This could be done by passing userID as a parameter to your SQL query, just like you did here: SELECT * From tbl_user WHERE username = @uname and user_password = @pwd.
The CheckIfAdmin method should look like this:
public Boolean CheckIfAdmin(Guid userId) // or whatever is the type of userId
{
Connect database = new Connect();
MySqlCommand command = new MySqlCommand("SELECT user_isAdmin From tbl_user WHERE userID = @userID", database.getConnection());
command.Parameters.Add("userID", MySqlDbType.Guid).Value = userId;
command.Connection.Open();
bool isAdmin = (bool)command.ExecuteScalar();
if (isAdmin)
{
return true;
}
else
{
return false;
}
}
This will get the userID for the user in question.
Of course, before calling CheckIfAdmin, you have to fetch the userID from the database. If the username is unique (which I recommend), you can use it instead of the userID.