Hi,
I'm planning to create a login window where I can enter a username and password in visual basic 6. In this window, there are also options to create and change password. Can you help on how to do this? And also, how will the passwords be protected from other people who are not authorized to access? Thank you.
There's never a 100% secure solution.
First, do not store password in plain text. Use some hash function to calculate hashed value of the password and store this hashed value. Some methods are MD5, SHA1 or simple CRC32 etc. You'll find sample code with Google. So when the user gives his/her password, you calculate hash and compare calculated hash with the stored hash value, not the password itself.
Second, where to store hashed passwords? Do you use some database to store them? If you have only one user who's allowed to access, you can store hashed password in registry. Of course, it can be removed from there. Another solution, and quite feasible today, is to store it in a file in USB memory stick. Then user requires both USB stick and the USB stick must contain hashed password in a file.
I won't give here the actual code for password prompt dialog and password change dialog. They are quite straightforward to implement, but I'll give help with them if needed.
Try it.
Try it.
Thanks for the attached file. Actually, I have that file already. In this file, isn't you can only change the password by changing it to the registry? What I want to know is how to change it during run time. For example, I want to add a command button which function is to change the password.
There's never a 100% secure solution.
First, do not store password in plain text. Use some hash function to calculate hashed value of the password and store this hashed value. Some methods are MD5, SHA1 or simple CRC32 etc. You'll find sample code with Google. So when the user gives his/her password, you calculate hash and compare calculated hash with the stored hash value, not the password itself.
Second, where to store hashed passwords? Do you use some database to store them? If you have only one user who's allowed to access, you can store hashed password in registry. Of course, it can be removed from there. Another solution, and quite feasible today, is to store it in a file in USB memory stick. Then user requires both USB stick and the USB stick must contain hashed password in a file.
I won't give here the actual code for password prompt dialog and password change dialog. They are quite straightforward to implement, but I'll give help with them if needed.
I'm quite confuse to the hash function you mention. Please give me specific example on how to do this? Thank you
Ok. I've ripped this partly from my app which is written in VB.NET not VB6 and the rest is sort of "pseudo code". So, you'll need in VB6 a) MD5-funtion and b) a way to convert string to bytes. You'll find VB6 code for that with Google (I did some 10 yrs ago ;)
First, user enters initial password:
Imports System.Security.Cryptography
Private Sub CalculateMD5(ByVal BytesIn() As Byte, ByRef ResultMD5() As Byte)
'
' Calculate MD5 for bytes
Dim ProvMD5 As MD5
Try
ProvMD5 = MD5CryptoServiceProvider.Create()
ProvMD5.Initialize()
ResultMD5 = ProvMD5.ComputeHash(BytesIn)
ProvMD5.Clear()
Catch ex As Exception
' Handle error
End Try
End Sub
Private Function MD5ToString(ByVal BytesIn() As Byte) As String
'
' Return MD5 as a hex string
Dim UBits As Integer
Dim LBits As Integer
Dim TempStr As String
Dim i As Integer
Try
TempStr = ""
For i = 0 To BytesIn.GetUpperBound(0)
UBits = (BytesIn(i) And 240) >> 4
LBits = (BytesIn(i) And 15)
TempStr = TempStr & String.Format("{0:x}", UBits)
TempStr = TempStr & String.Format("{0:x}", LBits)
Next i
Return TempStr
Catch ex As Exception
' Handle error
Return ""
End Try
End FunctionGet a password from the user, calculate hash and store hash.
Imports System.Text
Dim StringData As String
Dim ByteData() as Byte
Dim ResultHash() As Byte
Dim HashedPwString As String
' Get password to StringData and convert to bytes
ByteData = Encoding.Default.GetBytes(StringData)
' Hash it
CalculateMD5(ByteData, ResultHash)
' Make a string from bytes, you could use also Encoding.Default.GetString()
HashedPwString = MD5ToString(ResultHash)
' Now, store HashedPwString to somewhere!How to compare hashes:
Use the same code as above to (prompt password) and calculate HashedPwString from it. Then compare:
Dim StoredHash As String
' Read StoredHash from somewhere
If HashedPwString = StoredHash Then
' Yes the passwords are the same
Else
' No match, kindly tell the user to re-enter password. Or just kick him out
End IfHere's a one MD5 code (in VB6) http://www.di-mgt.com.au/crypto.html#MD5 but I haven't tried it myself. That code seems(?) to get strings as parameter so you do not need string->byte->string conversions. Just rewrite CalculateMD5() with the VB6 code (from that link).
BTW. If you use VB.NET, you can change MD5 -> SHA1 and get a slightly better hashes.
Ok. I've ripped this partly from my app which is written in VB.NET not VB6 and the rest is sort of "pseudo code". So, you'll need in VB6 a) MD5-funtion and b) a way to convert string to bytes. You'll find VB6 code for that with Google (I did some 10 yrs ago ;)
First, user enters initial password:
Imports System.Security.Cryptography Private Sub CalculateMD5(ByVal BytesIn() As Byte, ByRef ResultMD5() As Byte) ' ' Calculate MD5 for bytes Dim ProvMD5 As MD5 Try ProvMD5 = MD5CryptoServiceProvider.Create() ProvMD5.Initialize() ResultMD5 = ProvMD5.ComputeHash(BytesIn) ProvMD5.Clear() Catch ex As Exception ' Handle error End Try End Sub Private Function MD5ToString(ByVal BytesIn() As Byte) As String ' ' Return MD5 as a hex string Dim UBits As Integer Dim LBits As Integer Dim TempStr As String Dim i As Integer Try TempStr = "" For i = 0 To BytesIn.GetUpperBound(0) UBits = (BytesIn(i) And 240) >> 4 LBits = (BytesIn(i) And 15) TempStr = TempStr & String.Format("{0:x}", UBits) TempStr = TempStr & String.Format("{0:x}", LBits) Next i Return TempStr Catch ex As Exception ' Handle error Return "" End Try End FunctionGet a password from the user, calculate hash and store hash.
Imports System.Text Dim StringData As String Dim ByteData() as Byte Dim ResultHash() As Byte Dim HashedPwString As String ' Get password to StringData and convert to bytes ByteData = Encoding.Default.GetBytes(StringData) ' Hash it CalculateMD5(ByteData, ResultHash) ' Make a string from bytes, you could use also Encoding.Default.GetString() HashedPwString = MD5ToString(ResultHash) ' Now, store HashedPwString to somewhere!How to compare hashes:
Use the same code as above to (prompt password) and calculate HashedPwString from it. Then compare:Dim StoredHash As String ' Read StoredHash from somewhere If HashedPwString = StoredHash Then ' Yes the passwords are the same Else ' No match, kindly tell the user to re-enter password. Or just kick him out End IfHere's a one MD5 code (in VB6) http://www.di-mgt.com.au/crypto.html#MD5 but I haven't tried it myself. That code seems(?) to get strings as parameter so you do not need string->byte->string conversions. Just rewrite CalculateMD5() with the VB6 code (from that link).
BTW. If you use VB.NET, you can change MD5 -> SHA1 and get a slightly better hashes.
Thank you for the information :) Actually, I'm not familiar yet in VB.net that's why I only ask on VB6. Maybe I'll just study on how to use VB.net so I can use the codes you gave to me. How can I have VB.net?
Actually you can do it with VB6 (I did a long time ago). All you need is that MD5 algorithm written in VB6, for which I gave a link. VB.NET has these things "built-in" ie. they are part of .NET Framework.
If you want to go for VB.NET, there are free Express Editions (EE) for learning purposes. VB.NET 2005 can be downloaded from http://www.microsoft.com/express/2005/ and it comes with SQL Server 2005 Express Edition. There's also EEs for C# etc.
VB.NET 2005 EE works with .NET Framework 2.0. Latest .NET Framework is 3.5 and if you want to jump straight to it, download VB.NET 2008. 3.5 contains a lot more bells and whistles. I still stick with 2.0 because I have a large code base written for it and I don't currently have time to learn new things that come with 3.5 and VB.NET 2008.
There are a few restrictions with EEs compared to the commercial Visual Studio products. For example, you may not use EE for compiling commercial products. So read the End User License Agreement carefully, but you would do that anyway, wouldn't you :D
:-/hey could i have some help on my vb6 program i need some coding for enter password
in textbox press enter button then it lets me show form 5
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.