Hi,



I am trying to make a basic ATM system, iv got all the interface done and I have made the link to my SQL database etc. the part i'm stuck on is how I can run a check to see if a bank card number matches up to the users PIN number.



To simulate the user putting a card into the machine I've used a combo box, and that lists all the cards, that haven't been flagged as confiscated (there's a column in my ATMCards table that I can set to true or false) then after the user has selected a relevant card there's another text box where they can enter in their PIN number. Now what I want to do is, if they chose the card number 1234567890123456 in the combo box and they enter in the PIN 1234 into the text box, then, after clicking the check PIN Button if the pin is correct they need to be taken to another from where they can check their balance etc., and if its wrong they got three attempts after which point i want to flag that card as confiscated.



I know I'm asking quite allot but I'm really stuck I don't even know where to start any help would be greatly appreciated. I'm using VB .net 2005.



Thanks in advance

You'll have to query the db to find out if the card number and pin matches.  Psuedo code will be something like this:

Setup your connection object

Setup your command object(if you have a stored procedure, setup your parameters..card number, pin number)
OR
Set the SQL Text of your command object
execute the command object.

You can either return a value for your command object or check to see if any records exist in your returned recordset.

I usually use an output parameter for my stored procedure.  A value of 0 or 1 type tinyint.

Evaluate the return data and do your stuff. The sql will look something like this:

Select * from yourCardTable WHERE cardnumber = " & dropDownCardNumber.SelectedText & " AND pinnumber = " & txtPIN

IF the returned table has records, we have a match.

OR in a stored procedure(return 0 or 1)

CREATE PROCEDURE()

@ReturnValue TINYINT OUTPUT,

@CCNumber VARCHAR(20),

@PINNumber VARCHAR(4)

AS

SET @ReturnValue=0

IF EXISTS(

Select * from yourCardTable WHERE cardnumber = @CCNumber AND pinnumber = @PINNumber)

BEGIN

@ReturnValue = 1

END

SELECT @ReturnValue

Hi SirK,   Did you solve your problem with the card confiscated then? i have the same problem

If you can let me know if you have , that will be great.

Thanks James

I'd recommend storing a hashed or otherwise secured version of the pin, and comparing a hash or checksum of the pin instead of the raw pin to raw pin. then when you send the hash from the atm to the database, it's already partially secured (you can encrypt this transmission as well).



then decrypt the transmission, and compare the hash. if the hashes match they are authenticated. and if someone steals data from the database they don't have the raw card numbers with pins.


Vb.net 2005, Teradata, Sql Server 2005, mainframe automation