Authentication form with a XML file

Question

I need help with this authentication form.

This is the xml file:

  <USER_LIST>
    <user>
      <name>giulio</name>
      <password>prova</password>
    </user>
    <user>
      <name>giulia</name>
      <password>prova1</password>
    </user>
    <user>
      <name>renato</name>
      <password>zero</password>
    </user>
  </USER_LIST>

and this is the code i wrote:

private void button4_Click(object sender, EventArgs e)
        {

            XmlDocument doc = new XmlDocument();

            doc.Load("dati.txt");

            foreach (XmlNode node in doc.SelectNodes("//user"))
            {
                String User = node.SelectSingleNode("name").InnerText;
                String Pass = node.SelectSingleNode("password").InnerText;

                if (User == textBox1.Text && Pass == textBox2.Text)
                {
                    button1.Visible = true;
                    dlt_btn.Visible = true;
                    button3.Visible = true;
                    button3.Visible = true;
                    button5.Visible = true;
                    return;
                }

                else
                {
                    MessageBox.Show("Invalid Username or Password!");
                }
            } 
        }

But like this, for example, if i login with the name "renato" and password "zero" it give me back two times the message box "Invalid Username or Password!" and the third time it show the button needed. I know why but i can't think another way to do it. This is my very first project and i started coding like yesterday, so i'm sorry if ask you a stupid thing like this.

Thank you for your help in advance!

Answer 1

I suppose it's just for learning purpose or an assignment which should be kept as simple, otherwise it's not secure at all.

You don't need to use a loop. Currently your loop loop checks all nodes one by one and for each node which doesn't match with given user/pass, shows the message box, that's why you see the message box until the loop reaches to the correct user/pass.

Without using a loop, you can check if the given user/pass exists in your xml file easily this way:

var userName = userNameTextBox.Text;
var password = passwordTextBox.Text;
var match = System.Xml.Linq.XElement.Load(@"d:\users.xml")
    .Elements("user")
    .Where(x => x.Element("name")?.Value == userName &&
                x.Element("password")?.Value == password)
    .Any();

Then if the match is not true, you can show message box.

Answer 2

this is a solution, that works:

private void button4_Click(object sender, EventArgs e)
{
    string username;
    string password;
    string CurrentUser = "";
    string CurrentPwd = "";
    bool LoginStatus = false;

    username = textBox1.Text;
    password = textBox2.Text;

    XmlDocument xmxdoc = new XmlDocument();
    xmxdoc.Load("dati.txt");
    XmlNodeList xmlnodelist = xmxdoc.GetElementsByTagName("user");

    foreach (XmlNode xn in xmlnodelist)
    {
        XmlNodeList xmlnl = xn.ChildNodes;
        foreach (XmlNode xmln in xmlnl)
        {
            if (xmln.Name == "name")
            {
                if (xmln.InnerText == username)
                {
                    CurrentUser = username;
                }
            }
            if (xmln.Name == "password")
            {
                if (xmln.InnerText == password)
                {
                    CurrentPwd = password;
                }
            }
        }
        if ((CurrentUser != "") & (CurrentPwd != ""))
        {
            LoginStatus = true;
        }
    }
    if (LoginStatus == true)
    {
        button1.Visible = true;
        dlt_btn.Visible = true;
        button3.Visible = true;
        button3.Visible = true;
        button5.Visible = true;
        return;
    }
    else
    {
        MessageBox.Show("Invalid Username or Password!");
    }
}

Answer 3

The issue is that the message box will display each time you check an entry in the XML that doesn't match.

The simplest way to do this with minimal changes to your code is like this:

private void button4_Click(object sender, EventArgs e)
{
    XmlDocument doc = new XmlDocument();
    doc.Load("dati.txt");

    bool found = false;

    foreach (XmlNode node in doc.SelectNodes("//user"))
    {
        String User = node.SelectSingleNode("name").InnerText;
        String Pass = node.SelectSingleNode("password").InnerText;

        if (User == textBox1.Text && Pass == textBox2.Text)
        {
            found = true;
            break;
        }
    }

    if (found)
    {
        button1.Visible = true;
        dlt_btn.Visible = true;
        button3.Visible = true;
        button3.Visible = true;
        button5.Visible = true;
    }
    else
    {
        MessageBox.Show("Invalid Username or Password!");
    }
} 

We create a variable called found and set it to false. This is to ensure that if the XML is empty or there are no matches that we fail the check.

Then we loop over the results and we set found = true if a match is found. We call break to break out of the loop.

Once the loop is complete we check to see if our local variable is true:

if (found)

This is shorthand for if (found == true)

If it's true then we enable your buttons as before. If it's not true then we display the error message.

It will only display the error message once.