Jump to content
Sign in to follow this  
vj5

login page

Recommended Posts

I have a login page which has username and password. I have a database table with username and password stored. Now i want to check if the user exists in the database and if the username and password exists, then redirect them to another page called userpage.aspx. how do I do that in asp.net. here is my code:

 protected void Page_Load(object sender, EventArgs e)	{			}protected void Button1_Click(object sender, EventArgs e)	{		SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");		con.Open();		Sqlcommand cmd = new SqlCommand("Select * from userinfo where name = txtusername and password = txtuserpassword", con);		DataSet ds = new DataSet();		SqlDataAdapter da = new SqlDataAdapter(cmd);		da.Fill(ds, "Userinfo");	  //txtusername is the field id for the textbox...   	txtusername.datasource = ds;		   txtusername.databind();		   txtuserpassword.datasource = ds;		   txtuserpassword.databind();		//Name is the column name in the database table		   if (txtusername.text = "name") then;		  Response.Redirect("userpage.aspx");	Endif;			}	}

Share this post


Link to post
Share on other sites

try something like this

protected void Button1_Click(object sender, EventArgs e) {	SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");	con.Open();	string username = txtUserName.Text; //or whatever your field name is	string password = txtPassword.Text;	bool isMatch = false;		//I would recommend using a Regular Expression here to remove any non-alphanumeric 	//characters from the username to prevent SQL injection		Sqlcommand cmd = new SqlCommand(string.Format("select * from userinfo where name='{0}'", username), con);	SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	//you should use try catch finally block to handle errors		if(isMatch) {		Response.Redirect("YourPage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

Share this post


Link to post
Share on other sites
try something like this
protected void Button1_Click(object sender, EventArgs e) {	SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");	con.Open();	string username = txtUserName.Text; //or whatever your field name is	string password = txtPassword.Text;	bool isMatch = false;		//I would recommend using a Regular Expression here to remove any non-alphanumeric 	//characters from the username to prevent SQL injection		[b]Sqlcommand cmd = new SqlCommand(string.Format("select * from userinfo where name='{0}'", username), con);[/b]	SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	//you should use try catch finally block to handle errors		if(isMatch) {		Response.Redirect("YourPage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

What does the name = {0} do? What does the 0 stands for? Could you please explain? Thanks.

Share this post


Link to post
Share on other sites

it is used in the string.Format function you can use {0} {1} {2} etc to represent where you want a value to be placed. you then place the real values after the string seperated by commasHere is a simple example

string level = "simple";string example = string.Format("This is a {0} example of how to use string.Format()", level);

It is the same as doing the following except, IMO, nicer looking

string level = "simple";string example = "This is a " + level + " example of how to use string.Format()";

Share this post


Link to post
Share on other sites

please post your full code and a simple layout of your database table. It is hard to guess what is going on from the limited information you have given

Share this post


Link to post
Share on other sites
please post your full code and a simple layout of your database table. It is hard to guess what is going on from the limited information you have given
Here is my code:
SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");		con.Open();		string username = txtusername.text;		string password = txtuserpassword.text;		Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='{0}'", username, con);SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	//you should use try catch finally block to handle errors		if(isMatch) {		Response.Redirect("userpage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

Back end is sql server 2005. Table is called userinfo. I have id, email, name, state, password fields in the database. name is the txtusername field and password is txtuserpassword. Based on the username and password, I want to check if the txtusername and txtuserpassword exist in database and redirect to userpage.aspx which shows all the other info from the database.

Share this post


Link to post
Share on other sites

your SqlCommand is wrong it should be

Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con);

or

Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con);

Share this post


Link to post
Share on other sites
your SqlCommand is wrong it should be
Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con);

or

Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con);

I tried both the statements one after other, but still it isn't working. The page is not going to the userpage. Moreover, I don't know if it is connecting to the database. Is there a way to debug line by line in .net. I tried response.write cmd, it didn't work.

Share this post


Link to post
Share on other sites

post your full code. Do you have a demo you can provide a link to?Is anything being displayed to the screen when you hit the button?

Share this post


Link to post
Share on other sites
post your full code. Do you have a demo you can provide a link to?Is anything being displayed to the screen when you hit the button?
 {		SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");		con.Open();		string username = txtusername.text;		string password = txtuserpassword.text;		Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con);	//Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con);			   SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	Response.Write("cmd");	if(isMatch) {		Response.Redirect("userpage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

When I type in username and password, the page still stays with login.aspx and the username is displayed without the password. It is not showing the response.write message(Incorrect username or password). Sorry I dont have a demo to show you.

Share this post


Link to post
Share on other sites

This is the structure of the page. I created a masterpage , added layout, table etc. Created login. aspx page and nested with the master page. Created userpage.aspx page and nested with the master page. Is it because of that it is not working. can someone please help?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...