Click here to Skip to main content
11,706,024 members (56,397 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET C#4.0
i am developing a web app in visual studio using C# and sql server.
I want to create a page that the user should change his password.
i have tried this but no successs
pls help me find the error

namespace Csharp
{
    public partial class change : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["new"] != null)
            {
                txt_username.Disabled = true;
                txt_username.Value = Session["username"].ToString();
            }
        }
 
       
        protected void btn_submit_Click(object sender, EventArgs e)
        {
 
            if (txt_newpass.Value.Length < 6)
            {
                Response.Write("<script language="Javascript">.....!</script>");
            }
 
            if (txt_newpass.Value != txt_newpass2.Value)
            {
                Response.Write("<script language="Javascript">......!</script>");
            }
 
           
            
            
            
            string pass;
 
            DataTable dt = new DataTable();
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionStringusersregj"].ConnectionString);
            conn.Open();
 
           
            string querysel = "Select * from Users where UserName='" + Session["username"].ToString() + "' ";
            SqlCommand kom = new SqlCommand(querysel, conn); 
 
            SqlDataAdapter sqlDa = new SqlDataAdapter(kom);
 
            sqlDa.Fill(dt);
 
            if(dt.Rows.Count>0)
            {
                pass = dt.Rows[0]["Password"].ToString();
                if (pass == txt_password.Value)
                {
 
                    string cod = "UPDATE Users set Password='"+ txt_newpass.Value +"' where UserName='" + Session["new"].ToString() + "'";
                    SqlCommand cmd = new SqlCommand(cod, conn);
                    cmd.ExecuteNonQuery();
                }
                else
                {
                    Response.Write("<script language="Javascript">Old pass is incorredt</script>");
                }
            }
            conn.Close();
        }
    }
}
Posted 28-Dec-12 23:25pm
Comments
Abhishek Pant at 29-Dec-12 5:39am
   
http://www.asp.net/web-forms/tutorials/security/admin/recovering-and-changing-passwords-cs

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Before you even start to fix that, change the way you handle them!
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 196
1 Sergey Alexandrovich Kryukov 151
2 ppolymorphe 61
3 Inimicos 60
4 ProgramFOX 50
0 OriginalGriff 9,050
1 Sergey Alexandrovich Kryukov 8,417
2 CPallini 5,189
3 Maciej Los 4,726
4 Mika Wendelius 3,636


Advertise | Privacy | Mobile
Web04 | 2.8.150819.1 | Last Updated 29 Dec 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100