{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Lonely孤独者° 的问题《Hash encrypting password when inserting into datab》','https://www.manongdao.com/q-1303226.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm doing an application for school and I'm in need of help in encrypting passwords when inserting them into my users database.I'm programming in c# programming language and i'm using MS server 2008 R2 for manipulating my database. I'm thinking of doing a HASH encryption and I would love if someone helped me out.
Here's my code for inserting data into database :
using (SqlConnection con = new SqlConnection("Data Source=HRC0;Initial Catalog=users;Integrated Security=True")) //MLHIDE
using (SqlCommand sc = new SqlCommand("if NOT exists (select * from users where UserName = @username) insert into users (userName, password) values(@userName, @password)", con))
{
con.Open();
sc.Parameters.AddWithValue("@username", korisnik.Text);
sc.Parameters.AddWithValue("@password", pass.Text);
int o = sc.ExecuteNonQuery();
if (o == -1)
{
MessageBox.Show(Ulaz.Properties.Resources.Niste_ubačeni_u_bazi_korisničk);
this.Hide();
new Registracija().Show();
}
else
{
MessageBox.Show(Ulaz.Properties.Resources.Ubačeni_ste_u_bazi);
con.Close();
this.Hide();
new Form1().Show();
}
and here's my code for login check :
SqlConnection con = new SqlConnection("Data Source=HRC0;Initial Catalog=users;Integrated Security=True");
SqlCommand cmd = new SqlCommand("select * from users where userName='" + user.Text + "' and password='" + pass.Text + "'", con); //MLHIDE
con.Open();
SqlDataReader re = cmd.ExecuteReader();
if (re.Read())
{
ImeUsera = user.Text;
new UserMode().Show();
this.Hide();
}
else
{
this.Hide();
new LoginFail().Show();
}
}
I used some Multi-Language add-on so he converted my strings into ''Ulaz.Properties.Resources.'' and simmilar.
To hash a string of text you could use a function like this
and apply to your user input. Then store the result in the database. At login you reapply the hash function to the typed password and check the result against the stored value.
So in your insert code you write
and in your check
Remember that Hashing is not reversible, so you cannot retrieve the original password from the hashed text. You apply the Hash function to your text and store it as a base64 string. If your user forgets the password, you need to reset it to a known value. There is no way to tell him the original password.
By the way, why in your check you don't use parameters as you do in the insert code? Never use string concatenation to build sql queries. Even if you're in a hurry to finish the job