Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 213
  • Last Modified:

Code for a logon page

Hello

I'm creating a website and on my home page i havethe usual..a few labels/textboxes and a button for logging in.

For the Click event of this button i write the following code:

if (Page.IsValid)
 {
  string username = this.txtUserName.Text;
  string password = this.txtPassword.Text;

  this.sqlConnection1.Open();
  this.sqlDataAdapter1.SelectCommand.Parameters["@username"].Value = username;
  int datarows = this.sqlDataAdapter1.Fill(this.dataSet1,"UserDetails");
  this.sqlConnection1.Close();

  if (datarows == 0)
  this.lblMessage.Text = "The username you entered is incorrect. Please try again.";

  else
  {
   if (this.dataSet1.Tables["UserDetails"].Rows[0][1].ToString() == password)
   {
    string role = this.dataSet1.Tables["UserDetails"].Rows[0][2].ToString();
    Session["Username"] = username;
    Session["Role"] = role;

    if (role == "Disabled")
    {
     this.lblMessage.Text = "Your account is disabled. Please contact your administrator.";
     return;
    }

    switch (role)
    {
     case "BM":
     Response.Redirect(".\\BM\\AddFlight.aspx");
     break;
     case "NA":
     Response.Redirect(".\\NA\\ManageUsers.aspx");
     break;
     case "LOB":
     Response.Redirect(".\\LOB\\CreateRes.aspx");
     break;
    }
  }

    else
       this.lblMessage.Text = "The password you entered is incorrect. Please try again.";
 }
  this.dataSet1.Clear();                        
}
-------------------------------------------------------------------------------------------------------------

logic: If the user has filled in the textboxes, get the username,execute the select statement and store the result in the dataset. If there are no rows, the user entered the wrong username. If there is one check to see if the password he entered matches the one in the dataset. If yes check the role of the user. If it is disables display a message, otherwise redirect him to the relevant age.
Else, if the password do not match display a message.

But my problem is that whatever i do, the outcome of clicking the button is the message for the wrong password. So that line is always executed. Have u got an idea how to avoid this?

I appreciate every comment
0
Kokas79
Asked:
Kokas79
  • 2
1 Solution
 
imperial_p79Commented:
is the password really matching the one in the database? if yes, check if it is case-sensitive, check for spaces
0
 
WinterMuteUKCommented:
You're accessing the row data using:

this.dataSet1.Tables["UserDetails"].Rows[0][1]

Are you sure [1] is the password field? Have you tried accessing it via something like:

this.dataSet1.Tables["UserDetails"].Rows[0]["password"]

Where "password" is the name of your column?

Wint.
0
 
WinterMuteUKCommented:
Also, another thing I remembered from some of my db stuff, is that if the 'password' field in the db is a char of a set size then you may want to compare:

(this.dataSet1.Tables["UserDetails"].Rows[0][1].ToString().Trim() == password)
                                                                                       ^----- here.

The .Trim() method on the ToString() will trim off the whitespaces that may be put there to pad out the field.

Wint.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now