how to do Login..?
-
hmm.. here's the situation: i have an aspx page (Login purposes).. have 2 textboxes (ID= IdTextBox and PassTextBox) have a button (Login, ID= LoginBtn).. i have a database>table for this section (Table name= Registration) what i intend to do is, when user (either administrator or guest) key in the user id and the password and click the Login Button, the textboxes will compare with the database, see whether the login id and password is registerd or not.. (Validate) the thing is, i dunno what to type inside the Page_Load and LoginBtn_Clicked.. any one willing to type out the code for me..? as i am poOr in coding.. thanks..:) -DarkangeL-
-
hmm.. here's the situation: i have an aspx page (Login purposes).. have 2 textboxes (ID= IdTextBox and PassTextBox) have a button (Login, ID= LoginBtn).. i have a database>table for this section (Table name= Registration) what i intend to do is, when user (either administrator or guest) key in the user id and the password and click the Login Button, the textboxes will compare with the database, see whether the login id and password is registerd or not.. (Validate) the thing is, i dunno what to type inside the Page_Load and LoginBtn_Clicked.. any one willing to type out the code for me..? as i am poOr in coding.. thanks..:) -DarkangeL-
Hi, Try with this following code and you have to use the using System.Data.SqlClient name space. private SqlConnection Conn; private SqlCommand Cmd; public DataSet ds; int id string psswd; id = Convert.ToInt32(TextBox1.Text.ToString().Trim()); psswd = TextBox1.Text.ToString().Trim(); Conn = new SqlConnection("Initial Catalog=BugTracker; Data Source=servername;UID=userid;PWD=password"); Conn.Open(); ds = new DataSet(); SqlDataAdapter adpt = new SqlDataAdapter("SELECT * FROM tablename where id = "+id+"psswd = "+psswd,Conn); adpt.Fill(ds, "table name"); if(ds.Tables[0].Rows.Count > 0) { -- statement -- } Thanks Warm Regards Prakash-B
-
Hi, Try with this following code and you have to use the using System.Data.SqlClient name space. private SqlConnection Conn; private SqlCommand Cmd; public DataSet ds; int id string psswd; id = Convert.ToInt32(TextBox1.Text.ToString().Trim()); psswd = TextBox1.Text.ToString().Trim(); Conn = new SqlConnection("Initial Catalog=BugTracker; Data Source=servername;UID=userid;PWD=password"); Conn.Open(); ds = new DataSet(); SqlDataAdapter adpt = new SqlDataAdapter("SELECT * FROM tablename where id = "+id+"psswd = "+psswd,Conn); adpt.Fill(ds, "table name"); if(ds.Tables[0].Rows.Count > 0) { -- statement -- } Thanks Warm Regards Prakash-B
PrakashBhaskar wrote:
TextBox1.Text.ToString().Trim()
The
ToString()is reduntant. The return value from theTextproperty is already astring.PrakashBhaskar wrote:
new SqlDataAdapter("SELECT * FROM tablename where id = "+id+"psswd = "+psswd,Conn);
Jeez - For something as important as logging in (a security issue) your code is vulnerable to attack. If I type in to the password text box something like
' AND 1=1;--
then I'll log in regardless. Actually - that assumed that your SQL Statement was actually formed in the first place. I would suggest that you read about SQL Injection Attacks and how to prevent them[^] ColinMackay.net "Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius "If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
-
hmm.. here's the situation: i have an aspx page (Login purposes).. have 2 textboxes (ID= IdTextBox and PassTextBox) have a button (Login, ID= LoginBtn).. i have a database>table for this section (Table name= Registration) what i intend to do is, when user (either administrator or guest) key in the user id and the password and click the Login Button, the textboxes will compare with the database, see whether the login id and password is registerd or not.. (Validate) the thing is, i dunno what to type inside the Page_Load and LoginBtn_Clicked.. any one willing to type out the code for me..? as i am poOr in coding.. thanks..:) -DarkangeL-
The article you are looking for is: Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication: How To: Use Forms Authentication with SQL Server 2000[^] ColinMackay.net "Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucius "If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
-
Hi, Try with this following code and you have to use the using System.Data.SqlClient name space. private SqlConnection Conn; private SqlCommand Cmd; public DataSet ds; int id string psswd; id = Convert.ToInt32(TextBox1.Text.ToString().Trim()); psswd = TextBox1.Text.ToString().Trim(); Conn = new SqlConnection("Initial Catalog=BugTracker; Data Source=servername;UID=userid;PWD=password"); Conn.Open(); ds = new DataSet(); SqlDataAdapter adpt = new SqlDataAdapter("SELECT * FROM tablename where id = "+id+"psswd = "+psswd,Conn); adpt.Fill(ds, "table name"); if(ds.Tables[0].Rows.Count > 0) { -- statement -- } Thanks Warm Regards Prakash-B
Yep, you can base on this idea but using parameterized query... << >>
-
hmm.. here's the situation: i have an aspx page (Login purposes).. have 2 textboxes (ID= IdTextBox and PassTextBox) have a button (Login, ID= LoginBtn).. i have a database>table for this section (Table name= Registration) what i intend to do is, when user (either administrator or guest) key in the user id and the password and click the Login Button, the textboxes will compare with the database, see whether the login id and password is registerd or not.. (Validate) the thing is, i dunno what to type inside the Page_Load and LoginBtn_Clicked.. any one willing to type out the code for me..? as i am poOr in coding.. thanks..:) -DarkangeL-
Create a UserClass. \ Create a stored procedure that return the UserID Have the User class call its own procedure with the ID like "usp_GetUser". Populate off the properties of the user. Store the user class inside the session. Nick 1 line of code equals many bugs. So don't write any!!
-
Hi, Try with this following code and you have to use the using System.Data.SqlClient name space. private SqlConnection Conn; private SqlCommand Cmd; public DataSet ds; int id string psswd; id = Convert.ToInt32(TextBox1.Text.ToString().Trim()); psswd = TextBox1.Text.ToString().Trim(); Conn = new SqlConnection("Initial Catalog=BugTracker; Data Source=servername;UID=userid;PWD=password"); Conn.Open(); ds = new DataSet(); SqlDataAdapter adpt = new SqlDataAdapter("SELECT * FROM tablename where id = "+id+"psswd = "+psswd,Conn); adpt.Fill(ds, "table name"); if(ds.Tables[0].Rows.Count > 0) { -- statement -- } Thanks Warm Regards Prakash-B