I would like my program to check if a user is an admin. I followed a tutorial on the internet on how to do make a login form, and im super new to programming.This is my database in access.
If that box in access is ticked then i would like it to show the "AdminMenu" form to show but if the box isn't ticked i would like it to show the "UserMenu" The code below works fine but like i said i would like to know how i check if that user is an admin or just a normal user
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles LoginButton.Click
' Check if username or password is empty
If TextBox1.Text = "" Or TextBox2.Text = "" Then
MessageBox.Show("Username and password are blank", "Authentication Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
' Both fields was supply
' Check if user exist in database
' Connect to DB
Else
Dim conn As New System.Data.OleDb.OleDbConnection()
conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=\\-------.ult.org.uk\homestudent\-------\dt_database.accdb"
Try
'conn.Open()
'MsgBox("Susscess")
Dim sql As String = "SELECT * FROM tbl_user WHERE username='" & TextBox1.Text & "' AND password = '" & TextBox2.Text & "'"
Dim sqlCom As New System.Data.OleDb.OleDbCommand(sql)
'Open Database Connection
sqlCom.Connection = conn
conn.Open()
Dim sqlRead As System.Data.OleDb.OleDbDataReader = sqlCom.ExecuteReader()
If sqlRead.Read() Then
AdminMenu.Show()
Me.Hide()
Else
' If user enter wrong username and password combination
' Throw an error message
MessageBox.Show("Username and Password do not match.", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
'Clear all fields
TextBox1.Text = ""
TextBox2.Text = ""
'Focus on Username field
TextBox1.Focus()
End If
Catch ex As Exception
MessageBox.Show("Failed to connect to Database..", "Database Connection Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
End If
End Sub
Use the DataReader (sqlRead) to check the content of the "admin"-column. Compare it to the state you'd like (-1 is TRUE, 0 is FALSE).
if sqlReader.item("admin") = -1 then
'IsAdmin
else
'IsNotAdmin
end if
Sidenote: do not concatenate querystrings. It's a bad practice and renders the application prone to SQL injection. Use parameterized queries instead.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments