patterncsharpMinor
Database Connection Program With HR Functionality
Viewed 0 times
withprogramdatabasefunctionalityconnection
Problem
I've started writing a fully functional Database program in C# that allows a user to access a HR system (with more systems planned in the future). I have come over to C# from Java around two weeks ago, whilst I understood MVC in Java I have been recommended to use MVVC in C#, something I am struggling to understand.
Currently the program is only using DBF files (the format the current Database system is using), but in the future I will also be updating MySQL files, with the intentions of "one day" moving over completely to MySQL.
For now I would appreciate some general advice on writing clean C# code, possibly with an emphasis on how I would adapt what I have written so far into a MVVC framework. Here are the classes I have so far.
First the user logs into the database. Currently this is just checking their user input against a stored password in the DBF file (not great I appreciate);
LoginPage
CheckUserDetails
```
namespace SDC_Database.Controller
{
class CheckUserDetails
{
public string ReturnUserPass(string username)
{
string constr = ConfigurationManager.ConnectionStrings["dbfString"].ConnectionString;
string userPass = "noPass";
using
Currently the program is only using DBF files (the format the current Database system is using), but in the future I will also be updating MySQL files, with the intentions of "one day" moving over completely to MySQL.
For now I would appreciate some general advice on writing clean C# code, possibly with an emphasis on how I would adapt what I have written so far into a MVVC framework. Here are the classes I have so far.
First the user logs into the database. Currently this is just checking their user input against a stored password in the DBF file (not great I appreciate);
LoginPage
namespace SDC_Database
{
public partial class LoginPage : Page
{
public LoginPage()
{
InitializeComponent();
}
private void CheckLogin(object sender, RoutedEventArgs e)
{
CheckUserDetails cd = new CheckUserDetails();
int userPass = int.Parse(cd.ReturnUserPass(usernameBox.Text.ToString()));
int enteredPass = int.Parse(passwordBox.Password);
if (userPass == enteredPass)
{
MessageBox.Show("Success!");
}
else
{
MessageBox.Show("Incorrect Password!");
}
NavigationService.Navigate(new Uri(@"View/UserSelection.xaml", UriKind.Relative));
}
}
}CheckUserDetails
```
namespace SDC_Database.Controller
{
class CheckUserDetails
{
public string ReturnUserPass(string username)
{
string constr = ConfigurationManager.ConnectionStrings["dbfString"].ConnectionString;
string userPass = "noPass";
using
Solution
I'm only going to concentrate on the code in your LoginPage class for now as I think there's enough to say about that :)
Namespaces with underscores look a bit horrible to me. I can't find anything that definitively says not to use them but I have very rarely seen them used Thanks to BCdotWEB for finding the link: DO NOT use underscores, hyphens, or any other nonalphanumeric characters..
According to the capitalization conventions on msdn:
Do capitalize only the first character of acronyms with three or more characters, except the first word of a camel-cased identifier.
That means your namespace should be
On to this code:
What happens when
The control should also be renamed to
Ideally you should create a method on a well named class that takes a username and a password and returns either true or false depending on whether the log in attempt succeeded:
I'm not going to blame you for the database schema but storing passwords in plaintext is evil. Only allowing integers makes it even worse!
I'm going to assume you know about hashing passwords from your Java background - if there's any way you can implement that here - please do!
Are you aware that you're also reducing the security by parsing to an int?
FYI, users don't tend to like exclamation marks in messages.
This doesn't need to be a verbatim string:
Forward slashes aren't significant in C# strings.
Is this a WPF app? If so you should use the Model-View-ViewModel (MVVM) pattern in preference to just MVC.
Just FYI - look up SQL injection and how to properly parameterize SQL commands in C#.
Namespaces with underscores look a bit horrible to me. I can't find anything that definitively says not to use them but I have very rarely seen them used Thanks to BCdotWEB for finding the link: DO NOT use underscores, hyphens, or any other nonalphanumeric characters..
According to the capitalization conventions on msdn:
Do capitalize only the first character of acronyms with three or more characters, except the first word of a camel-cased identifier.
That means your namespace should be
SdcDatabase.On to this code:
CheckUserDetails cd = new CheckUserDetails();
int userPass = int.Parse(cd.ReturnUserPass(usernameBox.Text.ToString()));What happens when
usernameBox contains an invalid username? You'll either return an empty string or "noPass" - either way, the Parse will throw anyway.The control should also be renamed to
usernameTextBox.Ideally you should create a method on a well named class that takes a username and a password and returns either true or false depending on whether the log in attempt succeeded:
public class UserAuthenticationService
{
public static bool AuthenticateUser(string username, string password)
{
// select count(*) from employs where username = username and password = password
// if count == 1 => success
// else => failure
}
}I'm not going to blame you for the database schema but storing passwords in plaintext is evil. Only allowing integers makes it even worse!
I'm going to assume you know about hashing passwords from your Java background - if there's any way you can implement that here - please do!
Are you aware that you're also reducing the security by parsing to an int?
"01" and "0000000000001" are not the same password as "1" but your code will treat them as equal.FYI, users don't tend to like exclamation marks in messages.
MessageBox.Show("Success!");This doesn't need to be a verbatim string:
new Uri(@"View/UserSelection.xaml", UriKind.Relative)Forward slashes aren't significant in C# strings.
Is this a WPF app? If so you should use the Model-View-ViewModel (MVVM) pattern in preference to just MVC.
Just FYI - look up SQL injection and how to properly parameterize SQL commands in C#.
Code Snippets
CheckUserDetails cd = new CheckUserDetails();
int userPass = int.Parse(cd.ReturnUserPass(usernameBox.Text.ToString()));public class UserAuthenticationService
{
public static bool AuthenticateUser(string username, string password)
{
// select count(*) from employs where username = username and password = password
// if count == 1 => success
// else => failure
}
}MessageBox.Show("Success!");new Uri(@"View/UserSelection.xaml", UriKind.Relative)Context
StackExchange Code Review Q#107273, answer score: 3
Revisions (0)
No revisions yet.