Visual Studio .NET 2002Visual C++ 7.1Visual Studio 6Visual C++ 7.0DBAWindows 2003Windows 2000Visual C++ 6.0Windows XPMFCIntermediateDevVisual StudioSQL ServerSQLWindowsC++
Add a user in SQL Server using Visual C++
4.14/5 (10 votes)
Aug 3, 2003
1 min read
67911
2075
The article explains adding a user in SQL Server programmatically, using VC++
Introduction
In this project, we can add or delete user by using the system procedures and tables. Here we will connect to the database server by ADO, so we must import the file ADODB15.dll first in StdAfx.h.
Before adding or deleting user, we must be a system administrator.
Using the code
First when we logon to the database server, the window of adding/deleting user will be shown after successful login. The codes are not shown here, so you should read the source codes if you want to know the realization.
- Read the names of all the databases in the database server: use the table
sysdatabaseof database master.void CUser::AddDataBase() { _RecordsetPtr rs; _bstr_t bt; HRESULT hr; CString str; bt=(_bstr_t)"select * from master..sysdatabases"; try{ hr=rs.CreateInstance (__uuidof(Recordset)); ASSERT(SUCCEEDED(hr)); //the pointer of recordset must be valid //open the recordset hr=rs->Open (bt,cn.GetInterfacePtr (), adOpenDynamic,adLockOptimistic,adCmdText); ASSERT(SUCCEEDED(hr)); rs->MoveFirst(); //move to the first record while(!rs->EndOfFile) { //read the name of databse str=(char*)(_bstr_t)rs->Fields->GetItem("name")->Value; m_database.AddString(str); rs->MoveNext(); } rs->Close(); //close the recordset m_database.SetCurSel(0); } catch(_com_error) {} //if error then do nothing }
- Read the name of all the users except NT domain users: use the view syslogins of database master.
void CUser::AddUser() { _RecordsetPtr rs; _bstr_t bt; HRESULT hr; CString str; bt=(_bstr_t)"select * from master..syslogins where isntname=0"; try{ hr=rs.CreateInstance (__uuidof(Recordset)); ASSERT(SUCCEEDED(hr)); //open recordset hr=rs->Open (bt,cn.GetInterfacePtr (), adOpenDynamic,adLockOptimistic,adCmdText); ASSERT(SUCCEEDED(hr)); rs->MoveFirst(); while(!rs->EndOfFile) { str=(char*)(_bstr_t)rs->Fields->GetItem("name")->Value; m_user_list.AddString(str); rs->MoveNext(); } rs->Close(); m_user_list.SetCurSel (0); } catch(_com_error) {}//if error then do nothing }
- Check all the databases if the user has the privilege to access them. If the user can access the database, then his name will be added into the database listbox. When the line number of user listbox has changed, the corresponding database name in right listbox will be changed too. If the table
sysusersin the database has record of the user, then it means the user has privilege to access the database.void CUser::OnSelchangeUserList() { CString strUser,strDB; m_db_list.ResetContent (); m_user_list.GetText (m_user_list.GetCurSel (),strUser); for(int i=0;i<m_database.GetCount ();i++) { m_database.GetLBText (i,strDB); if(HasRight(strUser,strDB)) { m_db_list.AddString (strDB); } } if(m_db_list.GetCount ()>0) { m_db_list.SetCurSel (0); } }
Check if the user has privilege to access the database.
BOOL CUser::HasRight(CString user, CString database) { _RecordsetPtr rs; _bstr_t bt; HRESULT hr; BOOL bResult=FALSE; bt=(_bstr_t)"select * from "+ (_bstr_t)database+(_bstr_t)"..sysusers where name='"+ (_bstr_t)user+(_bstr_t)"'"; try{ hr=rs.CreateInstance (__uuidof(Recordset)); ASSERT(SUCCEEDED(hr)); //open the recordset hr=rs->Open (bt,cn.GetInterfacePtr (),adOpenDynamic, adLockOptimistic,adCmdText); ASSERT(SUCCEEDED(hr)); rs->MoveFirst(); rs->Close(); bResult=TRUE; } catch(_com_error) { } return bResult; } - Add new user and grant access privilege to the user use the system procedure
sp_addloginto add user, and use system proceduresp_grantdbaccessto grant privilege to the user.Basic usage:
sp_addlogin username,passwordsp_grantdbaccess username
void CUser::OnOK() { UpdateData(); CString strDB; m_database.GetLBText (m_database.GetCurSel(),strDB); if(m_user.IsEmpty () || m_user=="sa") return; try{ if(m_user_list.FindString (0,m_user)<0) { cn->Execute ("sp_addlogin '"+(_bstr_t)m_user+"','"+ (_bstr_t)m_user+"'",NULL,adExecuteNoRecords); m_user_list.AddString (m_user); } else { cn->PutDefaultDatabase ((_bstr_t)strDB); cn->Execute ("sp_grantdbaccess '"+(_bstr_t)m_user+ (_bstr_t)"'",NULL,adExecuteNoRecords); m_db_list.AddString (strDB); } } catch(_com_error) { AfxMessageBox("Error!"); } }
- Delete existing user and privilege on the relational database: we use the system procedure
sp_droploginto delete user, and use the system proceduresp_revokedbaccessto delete privilege on the database.Basic usage:
sp_droplogin usernamesp_revokedbaccess username
void CUser::OnBnClickedDel() { UpdateData(); m_user.TrimRight (); if(m_user.IsEmpty () || m_user=="sa" || m_user_list.FindString (0,m_user)<0) { AfxMessageBox("Can’t Delete it or empty!"); return; } CString strDB; m_database.GetLBText (m_database.GetCurSel (),strDB); try{ if(m_db_list.GetCount ()<1) {//delete user cn->Execute ("exec sp_droplogin '"+(_bstr_t)m_user+ "'",NULL,adExecuteNoRecords); m_user_list.DeleteString ( m_user_list.FindString (0,m_user)); } else {//delete access priviliage if(m_db_list.FindString (0,strDB)>=0) { cn->PutDefaultDatabase ((_bstr_t)strDB); cn->Execute ("exec sp_revokedbaccess '"+ (_bstr_t)m_user+"'",NULL,adExecuteNoRecords); m_db_list.DeleteString ( m_db_list.FindString (0,strDB)); } } } catch(_com_error) { AfxMessageBox("ERROR!"); } }
That's all!