Check Mysql DB for username and password C#

Question

Been having problems with this for a couple of days. I'm working on a login screen with a simple username and password, and having everything store in a database. Pretty much I need to to check to see if the username and password match up and also see if if there account is activated(either a 0 or 1). I have been having problems with this and can't seem to get it to work correctly. Any help is appreciated.

DB Mysql

    private void loginButton_Click(object sender, EventArgs e)
        {
            AdamPanel blarg = new AdminPanel();
            string pass, user;
            string password = "";
            string username = "";

            user = usernameBox.Text;
            pass = passwordBox.Text;           
            DataSet bb = new DataSet();

            string connectionString = "datasource=stuff;database=users";
            MySqlConnection mysql = new MySqlConnection(connectionString);
            MySqlDataAdapter adapter = new MySqlDataAdapter();

            adapter.SelectCommand = new MySqlCommand("SELECT * FROM RegularUsers WHERE Username = '" + user + "' AND Password = '" + pass + "'", mysql);
            adapter.Fill(bb);

            if(bb.HasRows)
                blarg.Show();
            return 0;





        }

    }
}

still not working any ideas?

Answer 1

First of all PLEASE hash and salt your passwords. Make sure your username/pw arn't sql injection vulnerable since you're not using a language with parameterized queries... prolly best using stored procs as i believe MySql has them now.

However, in spite of this... i think this is what you're looking for.

public int Load()
    {
        string connectionString = "datasource=STUFF YOU SHOULDNT SEEdatabase=users";
        MySqlConnection mysql = new MySqlConnection(connectionString);
        MySqlDataAdapter adapter = new MySqlDataAdapter();

        mysql.SelectCommand = new MySqlCommand("SELECT * FROM [RegularUsers] WHERE Username = '" + this.username + "' AND Pass = '" + this.password + "'", conn);
        mysql.Fill(dataset);


        if (dataset.HasRows)
            return 1;
        return 0;
    }

Answer 2

  public bool ValidateLogin(string username, string password)
  {

    MySqlConnection conn = new MySqlConnection("[YOURCONNECTIONSTRING]");
    MySqlDataAdapter adapter = new MySqlDataAdapter();
    adapter.SelectCommand = new MySqlCommand("SELECT * FROM [YOURUSERTABLE] WHERE Username = ? AND Pass = ?", conn);

    adapter.SelectCommand.Parameters.Add("@Username", username);
    adapter.SelectCommand.Parameters.Add("@Password", password);

    adapter.Fill(dataset);


    If (dataset.HasRows)
    {
      // User is logged in maybe do FormsAuthentication.SetAuthcookie(username);
        return true;
    } else {
      // Authentication failed
      return false;
    }

  }