We Keep Coding

Why my login function let users login with a random password?

i have a little problem. My Script lets users login with a random password. How can i fix it? Here are all informations: Passworts are stored in MySQL DB V8, and they crypted correctly with BCrypt.
Bcrypt Code:
private static string GetRandomSalt()
{
return BCrypt.Net.BCrypt.GenerateSalt(10);
}
public static string HashPassword(string password)
{
return BCrypt.Net.BCrypt.HashPassword(password, GetRandomSalt());
}
public static bool ValidatePassword(string username, string password)
{
return BCrypt.Net.BCrypt.Verify(username, password);
}
This is my code where i got the problem:
[RemoteEvent("loginUser")]
public void loginUserEvent(Client player, String username, String password)
{
if (player.HasData("waitLogando"))
{
player.SendNotification("Wait...");
return;
}
player.SetData("waitLogando", true);
using (MySqlConnection Mainpipeline = new MySqlConnection(Main.myConnectionString))
{
Mainpipeline.Open();
MySqlCommand query = Mainpipeline.CreateCommand();
query.CommandType = CommandType.Text;
query.CommandText = "SELECT * FROM `users` WHERE ( `Username` = '" + username + "' OR `email` = '" + username + "')";
query.ExecuteNonQuery();
DataTable dt = new DataTable();
using (MySqlDataAdapter da = new MySqlDataAdapter(query))
{
da.Fill(dt);
int i = 0;
i = Convert.ToInt32(dt.Rows.Count.ToString());
if (i == 0)
{
string query2 = "SELECT * FROM users (username, password) VALUES (#username, #password)";
MySqlCommand LoginAccount = new MySqlCommand(query2, Mainpipeline);
LoginAccount.Parameters.AddWithValue("#username", "" + username + "");
LoginAccount.Parameters.AddWithValue("#password", "" + AccountManage.ValidatePassword(username, password) + "");
LoginAccount.ExecuteNonQuery();
player.SendNotification("Wrong password");
player.ResetData("waitLogando");
}
else
{
NAPI.ClientEvent.TriggerClientEvent(player, "clearLoginWindow");
AccountManage.LoadAccount(player, username);
player.ResetData("waitLogando");
}
}
}
}
I really hope you can help me, thanks for your time! If you need more informations, im here.

You are not checking the password in the first query, you only check user name or email.
Ah, query2 is also incorrect (did you mean INSERT instead of SELECT?).

C# connection stored procedure error

This Code is establishing a Mysql Connection.
namespace TrialConnection
{
public class DataConnection
{
public static string database = "";
public static string databasename = "";
public static string user = "";
public static string password = "";
public static string charset = "latin1";
string connString = "";
public DataLayer(ref MySqlCommand newconnection)
{
connString = "On server = " + database + "; Databasename = " + databasename + "; User = "
+ user + "; Pass = " + password + "; Locale = " + charset;
newconnection = new MySqlCommand();
}
public bool modifyData(ref MySqlCommand newconnection, Alter_Procedures myQuery)
{
MySqlConnection myconnection = new MySqlConnection(connString);
newconnection.Connection = myconnection;
newconnection.CommandText = modifyQuery.ToString();
newconnection.CommandType = CommandType.StoredProcedure;
MySqlTransaction mytransaction = null;
try
{
myconnection.Open();
mytransaction = myconnection.BeginTransaction();
newconnection.Transaction = mytransaction;
newconnection.ExecuteNonQuery();
mytransaction.Commit();
mytransaction.Dispose();
myconnection.Close();
myconnection.Dispose();
}catch(Exception e){}
}
public bool getData(ref MySqlCommand newconnection, Retrieve_Procedures allproc, ref MySqlDataReader myReader)
{
MySqlConnection myConnection = new MySqlConnection(connString);
newconnection.Connection = myConnection;
newconnection.CommandType = CommandType.StoredProcedure;
newconnection.CommandText = allproc.ToString();
myConnection.Open();
myReader = newconnection.ExecuteReader();
}
}
}
Whenever I try to connect and there is no stored procedure yet in the database, it is not always taking the values for my database, databasename, user, Password and charset.
I tried to debug it and found something, however I am not sure whether I found everything.
I am very thankful for help.

Get value from database and put it into textbox

I totally new at programming and i am learning about, classes, methods connection with mysql.
So i have a class called take and i have a method to get last value from my database table.
namespace Budget
{
class take
{
private MySqlConnection connection;
private string datasource;
private string port;
private string username;
private string password;
public take()
{
Initialize();
}
private void Initialize()
{
datasource = "localhost";
port = "3306";
username = "root";
password = "root";
string connectionString;
connectionString = "DATASOURCE=" + datasource + ";" + "PORT=" + port + ";" + "USERNAME=" + username + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
}
private bool OpenConnection()
{
connection.Open();
return true;
}
private bool CloseConnection()
{
connection.Close();
return true;
}
public decimal budget()
{
string query =
#"SELECT balance
FROM history
ORDER BY id DESC
LIMIT 1 ";
if (this.OpenConnection() == true)
{
MySqlCommand cmd = new MySqlCommand(query, connection);
using (var reader = cmd.ExecuteReader())
{
if (reader.Read())
return Convert.ToDecimal(reader.GetValue(0));
else
return 0m;
}
}
else
return 0m;
}
}
}
I want to put that value in my main Form TextBox. But when i write in main main Form
take.balance();
Warning Warning 1 Field Budget.Form1.take is never assigned to, and will always have its default value null
So the question is, how i can put that value from database to my main Form textbox?

Calling methods inside .dll File in c#

I created a DLL file in c# with the following content:
namespace GenerateMemo
{
class GenerateMemo
{
public MySqlConnection connection;
private string server;
private string port;
private string database;
private string uid;
private string password;
public void SqlConnect(string _server, string _port, string _database, string _uid, string _password)
{
string connectionString;
connectionString = "SERVER=" + _server + ";" + " PORT=" + _port + ";" + "DATABASE=" +
_database + ";" + "UID=" + _uid + ";" + "PASSWORD=" + _password + ";";
connection = new MySqlConnection(connectionString);
connection.Open();
}
public void sqlNonQueryN(string query)
{
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.ExecuteNonQuery();
connection.Close();
}
}
and I dont know how to call those methods inside the file. I am using Visual Studio and already imported it as reference. Please tell me how to use my DLL file. I need to use those methods in another project. Thanks a lot. :)

First, you need to make your GenerateMemo class public to use it in another assembly. Right now it is internal (default access modifier of class).
Then, if you already added this dll as reference to your project - basically you need to create instance of your class and call it methods.
var memo = new GenerateMemo();
memo.SqlConnect(....)
and so on.
And make sure you've included using GenerateMemo; namespace in the file where you planning to use it.

A lot more readable:
public class GenerateMemo
{
private MySqlConnection connection;
private string server, database, uid, password;
private uint port;
public GenerateMemo(string _server, uint _port, string _database, string _uid, string _password) //constructor
{
server = _server;
port = _port;
uid = _uid;
password = _password;
}
private void BuildConnection()
{
MySqlConnectionStringBuilder builder = new MySqlConnectionStringBuilder();
builder.Server = server;
builder.Port = port;
builder.Database = database;
builder.UserID = uid;
builder.Password = password;
connection = new MySqlConnection(builder.ConnectionString);
}
public void sqlNonQueryN(string query)
{
if (connection == null)
{
BuildConnection();
}
connection.Open();
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.ExecuteNonQuery();
connection.Close();
}
}

Change password not working

I have a web page where the user enters their current Username and Password. If they match a user in the database then the password is changed to the new password.
If there is no error and the password is changed the user is redirected to the initial login page. If there is an error then an error message will appear.
However at the moment the password is not changed and when there is supposed to be an error, i.e. when the the password was not changed, it just redirects the user anyway to the login page.
My code:
public static MySqlConnection CreateConnection()
{
String connectionString = "SERVER=127.0.0.1; DATABASE='dbnumericalmethods'; UID='root'; PASSWORD=''";
MySqlConnection SqlConnection = new MySqlConnection(connectionString);
return SqlConnection;
}
protected void btnChange_Click(object sender, EventArgs e)
{
MySqlConnection SqlConnection = CreateConnection();
string OldPassword;
string NewPassword;
string Username;
string ConfirmPassword;
Username = txtUsername2.Text;
OldPassword = txtOldPassword.Text;
NewPassword = txtNewPassword.Text;
ConfirmPassword = txtConfirmPassword.Text;
string SqlString = "update tblLogin set Identification='" + NewPassword + "' WHERE [Identification]='" + OldPassword + "' AND Username='" + Username + "'";
SqlConnection.Open();
MySqlCommand cmd = new MySqlCommand(SqlString, SqlConnection);
SqlConnection.Close();
if (OldPassword != "" && NewPassword != "" && ConfirmPassword != "")
{
Response.Redirect("Login.aspx");
}
else
{
lblErrorMessage2.Text = ("Username ");
}
}

You are not even executing the command, you are just opening the connection, creating a MySqlCommand then immediately close the connection:
MySqlCommand cmd = new MySqlCommand(SqlString, SqlConnection);
int result = cmd.ExecuteNonQuery();
SqlConnection.Close();
BTW, you should use parameterized queries to avoid SQL Injection.