i have a problem when i want to compare my password with that password that hashed in mysql database and always say incorrect while i login it is my code for hashing and comparing:
- class Hashing
- {
- const int salt_size = 32;
- const int hash_size = 32;
- const int iteration = 167319;
-
- public static string Generate(string password)
- {
-
- var salt = new byte[salt_size];
- using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider()) {
- rng.GetBytes(salt);
- }
-
-
- using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt, iteration))
- {
- byte[] hash = pbkdf2.GetBytes(salt_size);
-
-
- return Convert.ToBase64String(salt) + "|" + iteration + "|" + Convert.ToBase64String(hash);
- }
-
-
- }
-
- public static bool isCorrect(string pass,string hash)
- {
-
-
- string[] hashsplit = hash.Split('|');
- byte[] salt = Convert.FromBase64String(hashsplit[0]);
- int iteration = Int32.Parse(hashsplit[1]);
- string hashed = hashsplit[2];
-
-
- using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pass,salt,iteration))
- {
- byte[] Hash = pbkdf2.GetBytes(salt_size);
-
-
- if (hashed == Convert.ToBase64String(Hash))
- {
- return true;
- }
- else
- {
-
- return false;
- }
- }
-
- }
- }
and this code is for checking username and password from mysql:
- class Lg : Msql_connection
- {
-
- private string username { set; get; }
- private string pass { set; get; }
-
- public bool validate_Login(string username, string pass)
- {
- bool check = false;
- MySqlDataReader mdr;
- MySqlDataReader mdr2;
- MySqlDataReader mdr3;
- string passw = "";
- using (MySqlCommand mcmd3 = new MySqlCommand())
- {
- mcmd3.CommandText = "select password from login";
- mcmd3.Connection = msc;
- msc.Close();
- msc.Open();
- mdr3 = mcmd3.ExecuteReader();
- if (mdr3.Read())
- {
- passw = mdr3["password"].ToString();
- }
- msc.Close();
- }
-
- using (MySqlCommand mcmd2 = new MySqlCommand())
- {
- mcmd2.CommandText = "select hid,attempt,time from login_attempt";
- mcmd2.Connection = msc;
-
- msc.Close();
- msc.Open();
- mdr2 = mcmd2.ExecuteReader();
-
- if (mdr2.Read()&&int.Parse(mdr2["attempt"].ToString()) < 4)
- {
- using (MySqlCommand mcmd = new MySqlCommand())
- {
- mcmd.CommandText = "select username,password from login where binary username=@user and password=@pass";
- mcmd.Connection = msc;
- msc.Close();
- msc.Open();
- mcmd.Parameters.Add("@user", MySqlDbType.VarChar).Value = this.username=username;
- mcmd.Parameters.Add("@pass", MySqlDbType.Text).Value = this.pass = Hashing.isCorrect(pass, passw).ToString();
- mdr = mcmd.ExecuteReader();
-
- if (mdr.HasRows)
- {
-
- if (mdr.Read())
- {
- reset_Attempt();
- MessageBox.Show("correct");
- check = true;
- }
- }
- else
- {
- check = false;
- update_Attempt();
-
- MessageBox.Show("incorrect");
- }
- }
-
- }
- else if (int.Parse(mdr2["attempt"].ToString()) >= 4)
- {
- check = false;
- MessageBox.Show("You have been restrict");
- set_time();
-
- }
-
- }
-
- msc.Close();
-
- return check;
- }
- }