0

I have a registration form and I want to encrypt the password using whatever encryption is available, I'm using vb.net 2008 and MySQL as database, I searched through online and found some encrypting code but I have no idea how to connect it to my registration form. here is my registration code and the encryption code i found online (at the top part)

Imports MySql.Data.MySqlClient

Imports System.Security

Imports System.Security.Cryptography


Public Class user

Public Function AES_Encrypt(ByVal input As String, ByVal pass As String) As String
    Dim AES As New System.Security.Cryptography.RijndaelManaged
    Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
    Dim encrypted As String = ""
    Try
        Dim hash(31) As Byte
        Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
        Array.Copy(temp, 0, hash, 0, 16)
        Array.Copy(temp, 0, hash, 15, 16)
        AES.Key = hash
        AES.Mode = Security.Cryptography.CipherMode.ECB
        Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor
        Dim Buffer As Byte() = System.Text.ASCIIEncoding.ASCII.GetBytes(input)
        encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
        Return encrypted

    Catch ex As Exception

    End Try
End Function

Private Sub BCreateAcount_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BCreateAcount.Click
    Dim conn As MySqlConnection
    conn = New MySqlConnection

    conn.ConnectionString = "server = localhost;username= root;password= a;database= database"

    Try
        conn.Open()
    Catch mali As MySqlException
        MsgBox("connot establish connection")
    End Try
    Dim myCommand As New MySqlCommand
    Dim myReader As MySqlDataReader


    myCommand.Connection = conn
    myCommand.CommandText = "insert into user values('" + txtUserName.Text + "','" + txtNewPassword.Text + "')"
    Call calldaw()


    If txtUserName.Text = "" Or txtNewPassword.Text = "" Or txtConfirmPassword.Text = "" Then
        MsgBox("Please enter username and password", MsgBoxStyle.Information, "Inventory System")
    ElseIf txtConfirmPassword.Text = txtNewPassword.Text Then

        MsgBox("Account Created", MsgBoxStyle.Information, "Inventory System")
        myReader = myCommand.ExecuteReader()
        txtUserName.Text = ""
        txtNewPassword.Text = ""
        txtConfirmPassword.Text = ""

    Else
        MsgBox("Password did not match", MsgBoxStyle.Critical, "Inventory System")
        txtConfirmPassword.Text = ""
        txtNewPassword.Text = ""
        txtUserName.Text = ""
    End If

End Sub
Private Sub calldaw()
    Dim conn As MySqlConnection
    conn = New MySqlConnection

    conn.ConnectionString = "server = localhost;username= root;password= a;database= database"

    Try
        conn.Open()
    Catch mali As MySqlException
        MsgBox("connot establish connection")
    End Try

    Dim myData As MySqlDataAdapter
    Dim reason As String = " Create Account "
    Dim tao As String = "admin"

    myData = New MySqlDataAdapter

    Dim sqlsql = "insert into daily_log values('" + tao + "','" + Date1.Text + "','" + reason + "','" + Time1.Text + "')"
    Dim ssql = "Select * from user"

    Dim myCommand As New MySqlCommand
    myCommand.Connection = conn
    myCommand.CommandText = sqlsql

    Dim myReader As MySqlDataReader
    myReader = myCommand.ExecuteReader

End Sub

Private Sub BBack_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BBack.Click
    Me.Close()
End Sub

Private Sub user_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    Timer1.Enabled = True
End Sub

Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer1.Tick
    Date1.Text = Date.Today.Date
    Dim Date2 As Date = Date1.Text
    Date1.Text = Format(Date2, "yyyy-MM-dd")
    Time1.Text = TimeOfDay
End Sub

End Class

any help will do, thanks.

Improve this question
1
  • You have the encryption method with two parameters. First try to understand it and pass the password as a parameter to that method or function. Commented Oct 26, 2016 at 8:37

1 Answer 1

Reset to default
1

You have to call the AES_Encrypt function before executing the INSERT statement in order to pass the encrypted password to database. 

Dim myCommand As New MySqlCommand
Dim myReader As MySqlDataReader


myCommand.Connection = conn
myCommand.CommandText = "insert into user values('" + txtUserName.Text + "','" + AES_Encrypt(txtNewPassword.Text,txtNewPassword.Text) + "')"
Call calldaw()
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

thank you so much, never thought it was this short of a answer, :)
does this also work on decryption,? I have thesame code but only changed the line to "AES_Decrypt" should i put this in this code: Dim sqlQuery = "Select * from user where username = ' " + textbox1.text + "' and password = ' " + textbox2.text " ' "
Yes, it should be. You can use the same function since you are just passing the same value to query the record on DB. You can double check if every same words have the same encrypted value.
Sorry, press the Enter key. You can simply do it like this.
AGAIN..!!! Sorry... lols im sqlQuery = "Select * from user where username = ' " + textbox1.text + "' and password = ' " + AES_Encrypt(textbox2.text,textbox2.text) " '
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.