Hi guys, I'm doing an assignment. The assignment involves a login form, to log in to the form behind it.
Ive already written my code;
CODE
Sub New(ByVal AccountNo As String, ByVal Password As String, ByRef LoginTrue As Boolean)
'Constructer - checks if AccoutNo and password are in the database. LoginTrue(ByRef) is
'set to True when AccountNo and Passwords match.
'Covert AccountNo from integer to a 4 character string
AccountNo = ConvertAccountNo(AccountNo)
'Enters a method to retrieve account details, sending a
'date through because i dont know how to declare a date type as a const
GetDetails(AccountNo, m_RandomDate)
Dim er As Exception
If AccountNo = SearchFile(0, AccountNo) And Password = m_Password Then 'Correct Details given
LoginTrue = True
Else 'They gave the wrong name!
er = New Exception("The Username or Password is incorrect")
Throw er
LoginTrue = False
End If
End Sub
This is the constructer for my fileAccess class.
see, as the account number comes through, it does a SearchFile() for that account number, retrieves the data.
(including password) then stores the password as a private variable within this class.
then later in the If statement, checks it against the password the user typed in.
To my question, is this the correct and only way to authenticate a user? simply using the debug tool, I could modify the variable in run time and log myself in with any username simply by checking the password that comes through in my class.
Many thanks in advance,
~Smithy
19 Feb, 2008 - 09:01 AM
| 