DEVHIDE
Login Or Sign up

Why my login function let users login with a random password?

145 Views Asked by At

i have a little problem. My Script lets users login with a random password. How can i fix it? Here are all informations: Passworts are stored in MySQL DB V8, and they crypted correctly with BCrypt.

Bcrypt Code:

    private static string GetRandomSalt()
{
    return BCrypt.Net.BCrypt.GenerateSalt(10);
}

public static string HashPassword(string password)
{
    return BCrypt.Net.BCrypt.HashPassword(password, GetRandomSalt());
}

public static bool ValidatePassword(string username, string password)
{
    return BCrypt.Net.BCrypt.Verify(username, password);
}

This is my code where i got the problem:

[RemoteEvent("loginUser")]
public void loginUserEvent(Client player, String username, String password)
{

    if (player.HasData("waitLogando"))
    {
        player.SendNotification("Wait...");
        return;
    }
    player.SetData("waitLogando", true);
    using (MySqlConnection Mainpipeline = new MySqlConnection(Main.myConnectionString))
    {
        Mainpipeline.Open();
        MySqlCommand query = Mainpipeline.CreateCommand();
        query.CommandType = CommandType.Text;
        query.CommandText = "SELECT * FROM `users` WHERE ( `Username` = '" + username + "' OR `email` = '" + username + "')";
        query.ExecuteNonQuery();

        DataTable dt = new DataTable();
        using (MySqlDataAdapter da = new MySqlDataAdapter(query))
        {

            da.Fill(dt);

            int i = 0;
            i = Convert.ToInt32(dt.Rows.Count.ToString());
            if (i == 0)
            {
                string query2 = "SELECT * FROM users (username, password) VALUES (@username, @password)";

                MySqlCommand LoginAccount = new MySqlCommand(query2, Mainpipeline);

                LoginAccount.Parameters.AddWithValue("@username", "" + username + "");
                LoginAccount.Parameters.AddWithValue("@password", "" + AccountManage.ValidatePassword(username, password) + "");
                LoginAccount.ExecuteNonQuery();

                player.SendNotification("Wrong password");
                player.ResetData("waitLogando");
            }
            else
            {
                NAPI.ClientEvent.TriggerClientEvent(player, "clearLoginWindow");
                AccountManage.LoadAccount(player, username);
                player.ResetData("waitLogando");
            }
        }
    }
}

I really hope you can help me, thanks for your time! If you need more informations, im here.

c# authentication bcrypt login-script
Original Q&A
1

There are 1 best solutions below

1
CyberZeus On

You are not checking the password in the first query, you only check user name or email.

Ah, query2 is also incorrect (did you mean INSERT instead of SELECT?).

Related Questions in C#

Related Questions in AUTHENTICATION

Related Questions in BCRYPT

Related Questions in LOGIN-SCRIPT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

dbora

Copyright © 2021 Jogjafile Inc.