Jump to content

login page

vj5

By vj5
in .NET

Recommended Posts

vj5 Member

vj5

Posted
Posted

I have a login page which has username and password. I have a database table with username and password stored. Now i want to check if the user exists in the database and if the username and password exists, then redirect them to another page called userpage.aspx. how do I do that in asp.net. here is my code:

 protected void Page_Load(object sender, EventArgs e)	{			}protected void Button1_Click(object sender, EventArgs e)	{		SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");		con.Open();		Sqlcommand cmd = new SqlCommand("Select * from userinfo where name = txtusername and password = txtuserpassword", con);		DataSet ds = new DataSet();		SqlDataAdapter da = new SqlDataAdapter(cmd);		da.Fill(ds, "Userinfo");	  //txtusername is the field id for the textbox...   	txtusername.datasource = ds;		   txtusername.databind();		   txtuserpassword.datasource = ds;		   txtuserpassword.databind();		//Name is the column name in the database table		   if (txtusername.text = "name") then;		  Response.Redirect("userpage.aspx");	Endif;			}	}

Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

try something like this

protected void Button1_Click(object sender, EventArgs e) {	SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");	con.Open();	string username = txtUserName.Text; //or whatever your field name is	string password = txtPassword.Text;	bool isMatch = false;		//I would recommend using a Regular Expression here to remove any non-alphanumeric 	//characters from the username to prevent SQL injection		Sqlcommand cmd = new SqlCommand(string.Format("select * from userinfo where name='{0}'", username), con);	SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	//you should use try catch finally block to handle errors		if(isMatch) {		Response.Redirect("YourPage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

Link to comment
Share on other sites
vj5 Member

vj5

Posted
  • Author
Posted
try something like this
protected void Button1_Click(object sender, EventArgs e) {	SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");	con.Open();	string username = txtUserName.Text; //or whatever your field name is	string password = txtPassword.Text;	bool isMatch = false;		//I would recommend using a Regular Expression here to remove any non-alphanumeric 	//characters from the username to prevent SQL injection		[b]Sqlcommand cmd = new SqlCommand(string.Format("select * from userinfo where name='{0}'", username), con);[/b]	SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	//you should use try catch finally block to handle errors		if(isMatch) {		Response.Redirect("YourPage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

What does the name = {0} do? What does the 0 stands for? Could you please explain? Thanks.
Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

it is used in the string.Format function you can use {0} {1} {2} etc to represent where you want a value to be placed. you then place the real values after the string seperated by commasHere is a simple example

string level = "simple";string example = string.Format("This is a {0} example of how to use string.Format()", level);

It is the same as doing the following except, IMO, nicer looking

string level = "simple";string example = "This is a " + level + " example of how to use string.Format()";

Link to comment
Share on other sites
vj5 Member

vj5

Posted
  • Author
Posted
please post your full code and a simple layout of your database table. It is hard to guess what is going on from the limited information you have given
Here is my code:
SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");		con.Open();		string username = txtusername.text;		string password = txtuserpassword.text;		Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='{0}'", username, con);SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	//you should use try catch finally block to handle errors		if(isMatch) {		Response.Redirect("userpage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

Back end is sql server 2005. Table is called userinfo. I have id, email, name, state, password fields in the database. name is the txtusername field and password is txtuserpassword. Based on the username and password, I want to check if the txtusername and txtuserpassword exist in database and redirect to userpage.aspx which shows all the other info from the database.

Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

your SqlCommand is wrong it should be

Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con);

or

Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con);

Link to comment
Share on other sites
vj5 Member

vj5

Posted
  • Author
Posted
your SqlCommand is wrong it should be
Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con);

or

Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con);

I tried both the statements one after other, but still it isn't working. The page is not going to the userpage. Moreover, I don't know if it is connecting to the database. Is there a way to debug line by line in .net. I tried response.write cmd, it didn't work.
Link to comment
Share on other sites
vj5 Member

vj5

Posted
  • Author
Posted
post your full code. Do you have a demo you can provide a link to?Is anything being displayed to the screen when you hit the button?
 {		SqlConnection con = new SqlConnection("data source=Front\\SQLEXPRESS;Initial catalog=TestDB;Integrated Security=true");		con.Open();		string username = txtusername.text;		string password = txtuserpassword.text;		Sqlcommand cmd = new SqlCommand("Select * from userinfo where name='" + username + "'", con);	//Sqlcommand cmd = new SqlCommand(string.Format("Select * from userinfo where name='{0}'", username), con);			   SqlDataReader dr = cmd.ExecuteReader();	while(dr.Read()) {		if(dr["password"].ToString() == password) {			isMatch = true;		}	}	dr.Close();	con.Close();	Response.Write("cmd");	if(isMatch) {		Response.Redirect("userpage.aspx");	}	else {		Response.Write("Incorrect username or password!");	}}

When I type in username and password, the page still stays with login.aspx and the username is displayed without the password. It is not showing the response.write message(Incorrect username or password). Sorry I dont have a demo to show you.

Link to comment
Share on other sites
vj5 Member

vj5

Posted
  • Author
Posted

This is the structure of the page. I created a masterpage , added layout, table etc. Created login. aspx page and nested with the master page. Created userpage.aspx page and nested with the master page. Is it because of that it is not working. can someone please help?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...