Member Avatar for Maylene_1

Hi, below is the code in my login button, yet I'm confused what code to put in logout button. I only know few knowledge about vb.net and I am trying to understand it as much as I can. Thank you for understanding! :)

Public Class Form2

    Private OPConStr As String = ("server=localhost;username=root;password=07292021;database=usersaccount")

    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        Dim ID As Integer
        Using connection As New MySqlConnection(OPConStr),
            cmd As New MySqlCommand("SELECT `StudentId` FROM `usersaccount` WHERE `StudentId` = @username AND `Account Password` = @password", connection)
            cmd.Parameters.Add("@username", MySqlDbType.VarChar).Value = Username.Text
            cmd.Parameters.Add("@password", MySqlDbType.VarChar).Value = Pass.Text
            connection.Open()
            ID = CInt(cmd.ExecuteScalar())
        End Using
        If ID = 0 Then
            MessageBox.Show("Invalid Username Or Password")
            Exit Sub
        End If
        Using con As New MySqlConnection("server=localhost;username=root;password=07292021;database=logsrecord"),
                cmd As New MySqlCommand("Insert into loghistory.logsrecord (StudentID, DateIn, Action) Values (@ID, @In, @Action);", con)
            cmd.Parameters.Add("@ID", MySqlDbType.VarChar).Value = ID
            cmd.Parameters.Add("@In", MySqlDbType.DateTime).Value = Now()
            cmd.Parameters.Add("@Action", MySqlDbType.Int32).Value = 1
            con.Open()
            cmd.ExecuteNonQuery()
        End Using
        Form3.Show()
        Hide()
    End Sub

This is the table in my database:

  • StudentID (VarChar)
  • In (Datetime)
  • Out (Datetime)
  • Action (Int)
  • 3 Contributors
  • 2 Replies
  • 308 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by Santanu.Das
Member Avatar for rproffitt

Two issues here.

  1. Never store passwords in a database. This is something we must teach from day one in any compsci class. More at https://www.google.com/search?&q=never+store+passwords+in+a+database
  2. As to logout, the usual is to set a flag or value that they passed the login check. To log out you clear that flag.

Some may write "it's only for school." Again, this should get a failing grade or at least a mark or two down for it's lack of security.

Member Avatar for Santanu.Das

Use of Executescalar() function to get the count of record numbers.
Therefore, you must have to use Count keyword before StudentId into the select statement.

My suggestion:
Store StudentId and do same in logout procedure as you do in log in

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.