HiveBrain v1.2.0
Get Started
← Back to all entries
patterncsharpMinor

Database Connection Program With HR Functionality

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
withprogramdatabasefunctionalityconnection

Problem

I've started writing a fully functional Database program in C# that allows a user to access a HR system (with more systems planned in the future). I have come over to C# from Java around two weeks ago, whilst I understood MVC in Java I have been recommended to use MVVC in C#, something I am struggling to understand.

Currently the program is only using DBF files (the format the current Database system is using), but in the future I will also be updating MySQL files, with the intentions of "one day" moving over completely to MySQL.

For now I would appreciate some general advice on writing clean C# code, possibly with an emphasis on how I would adapt what I have written so far into a MVVC framework. Here are the classes I have so far.

First the user logs into the database. Currently this is just checking their user input against a stored password in the DBF file (not great I appreciate);

LoginPage

namespace SDC_Database
{
    public partial class LoginPage : Page
    {
        public LoginPage()
        {
            InitializeComponent();
        }

        private void CheckLogin(object sender, RoutedEventArgs e)
        {
            CheckUserDetails cd = new CheckUserDetails();
            int userPass = int.Parse(cd.ReturnUserPass(usernameBox.Text.ToString()));
            int enteredPass = int.Parse(passwordBox.Password);
            if (userPass == enteredPass)
            {
                MessageBox.Show("Success!");
            }
            else
            {
                MessageBox.Show("Incorrect Password!");
            }
            NavigationService.Navigate(new Uri(@"View/UserSelection.xaml", UriKind.Relative));
        }
    }
}


CheckUserDetails

```
namespace SDC_Database.Controller
{
class CheckUserDetails
{
public string ReturnUserPass(string username)
{
string constr = ConfigurationManager.ConnectionStrings["dbfString"].ConnectionString;
string userPass = "noPass";
using

Solution

I'm only going to concentrate on the code in your LoginPage class for now as I think there's enough to say about that :)

Namespaces with underscores look a bit horrible to me. I can't find anything that definitively says not to use them but I have very rarely seen them used Thanks to BCdotWEB for finding the link: DO NOT use underscores, hyphens, or any other nonalphanumeric characters..

According to the capitalization conventions on msdn:


Do capitalize only the first character of acronyms with three or more characters, except the first word of a camel-cased identifier.

That means your namespace should be SdcDatabase.

On to this code:

CheckUserDetails cd = new CheckUserDetails();
int userPass = int.Parse(cd.ReturnUserPass(usernameBox.Text.ToString()));


What happens when usernameBox contains an invalid username? You'll either return an empty string or "noPass" - either way, the Parse will throw anyway.

The control should also be renamed to usernameTextBox.

Ideally you should create a method on a well named class that takes a username and a password and returns either true or false depending on whether the log in attempt succeeded:

public class UserAuthenticationService 
{
    public static bool AuthenticateUser(string username, string password)
    {
        // select count(*) from employs where username = username and password = password
        // if count == 1 => success
        // else => failure
    }
}


I'm not going to blame you for the database schema but storing passwords in plaintext is evil. Only allowing integers makes it even worse!

I'm going to assume you know about hashing passwords from your Java background - if there's any way you can implement that here - please do!

Are you aware that you're also reducing the security by parsing to an int? "01" and "0000000000001" are not the same password as "1" but your code will treat them as equal.

FYI, users don't tend to like exclamation marks in messages.

MessageBox.Show("Success!");


This doesn't need to be a verbatim string:

new Uri(@"View/UserSelection.xaml", UriKind.Relative)


Forward slashes aren't significant in C# strings.

Is this a WPF app? If so you should use the Model-View-ViewModel (MVVM) pattern in preference to just MVC.

Just FYI - look up SQL injection and how to properly parameterize SQL commands in C#.

Code Snippets

CheckUserDetails cd = new CheckUserDetails();
int userPass = int.Parse(cd.ReturnUserPass(usernameBox.Text.ToString()));
public class UserAuthenticationService 
{
    public static bool AuthenticateUser(string username, string password)
    {
        // select count(*) from employs where username = username and password = password
        // if count == 1 => success
        // else => failure
    }
}
MessageBox.Show("Success!");
new Uri(@"View/UserSelection.xaml", UriKind.Relative)

Context

StackExchange Code Review Q#107273, answer score: 3

Revisions (0)

No revisions yet.