Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
Hello. I have a login page and it has two buttons. The Submit button takes the username and password and puts it in a security table. The login button takes the stored data from the security
table and lets the user login. I also have two tables that has the data record for all the users. How can I check to see if the user exists within those two tables in a single string in asp.net?
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
 
public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["PassConnectionString"].ConnectionString);
            con.Open();
 
            string cmdStr = "Select count(*) from TableSecurity where EmailAddress='" + TextBoxEA.Text + "'";
            string cmdStr2 = "Select count(*) from TableCEO where EmailAddress ='" + TextBoxEA.Text + "'";
            string cmdStr3 = "Select count(*) from TableIALO where EmailAddress ='" + TextBoxEA.Text + "'";
            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select * from TableSecurity", con);
            SqlCommand cmd2 = new SqlCommand("select * from TableCEO", con);
            SqlCommand cmd3 = new SqlCommand("select * from TableIALO", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 1)
 
                Response.Write("User Name Already Exist!!!<br /> Please Choose Another User Name.");
        }
    
    }
 
    
    protected void Submit_Click(object sender, EventArgs e)
    {
 
        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["PassConnectionString"].ConnectionString);
        con.Open();
 
        string chkUser = "select count(*) from TableCEO where EmailAddress'" + TextBoxEA.Text +"";
            chkUser = "select count(*) from TableIALO where EmailAddress'" + TextBoxPW.Text + "";
            SqlCommand chkUsercmd = new SqlCommand(chkUser, con);
            
 
        string insCmd = "Insert into TableSecurity (EmailAddress, Password) values (@EmailAddress, @Password)";
        SqlCommand insertUser = new SqlCommand(insCmd, con);
        insertUser.Parameters.AddWithValue("@EmailAddress", TextBoxEA.Text);
        insertUser.Parameters.AddWithValue("@Password", TextBoxPW.Text);
        
 
        try
        {
            insertUser.ExecuteNonQuery();
            con.Close();
            Response.Redirect("Login.aspx");
        }
        catch (Exception er)
        {
            Response.Write("Something Really Bad Has Happened....Please Try Again.");
        }
        finally
        {
        }
        }
 
    
    protected void Button1_Click(object sender, EventArgs e)
    {
 
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["PassConnectionString"].ConnectionString);
        con.Open();
 
        string cmdStr = "select count(*) from TableCEO where EmailAddress= '" + TextBoxEA.Text + "'";
        SqlCommand Checkuser = new SqlCommand(cmdStr, con);
        int temp = Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
        if (temp == 1)
        {
            string cmdStr2 = "select Password from TableSecurity where Password = '" + TextBoxPW.Text + "'";
            SqlCommand pass = new SqlCommand(cmdStr2, con);
            string password = pass.ExecuteScalar().ToString();
            con.Close();
 
            if(password == TextBoxPW.Text)
            {
                Session["New"] = TextBoxEA.Text;
                Response.Redirect("Secure.aspx");
            }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid Password...!!";
            }
        }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid EmailAddress...!!";
        }
    }
}
Posted 30-Apr-13 10:11am
Edited 30-Apr-13 10:42am
v3
Comments
richcb at 30-Apr-13 15:22pm
   
You can use an inner join when querying the tables. That will allow you check both tables I believe.
Kwesi Hopkins at 30-Apr-13 15:33pm
   
Can you show me what the inner join code looks like?
richcb at 30-Apr-13 15:36pm
   
Here is a generic select statement with an inner join. You will have to modify to fit your needs:
 
SELECT column_name(s)
FROM table_name1
INNER JOIN table_name2
ON table_name1.column_name=table_name2.column_name
Kwesi Hopkins at 30-Apr-13 15:38pm
   
Ok. Thanks. Can I put this in ASP.Net using C#? Where will I put this statement?
Kwesi Hopkins at 30-Apr-13 15:38pm
   
Here is the code I updated.
richcb at 30-Apr-13 15:41pm
   
You would put that code in the place where you want to check both tables for the user existing. You will have to determine that, I cannot tell you.
richcb at 30-Apr-13 15:42pm
   
Another thing, you are leaving yourself open for SQL injection attacks. I would recommend using paramterized queries to thwart this issue.
Sandeep Mewara at 30-Apr-13 15:43pm
   
Why such design or implementation?
jkirkerx at 30-Apr-13 15:53pm
   
It's the OP with the sitemap question earlier that Sergey answered, that has the same masterpage foe CEO and other user.
Sandeep Mewara at 30-Apr-13 16:03pm
   
Ok. I will look at that question, for now, it's odd implementation. Having same master page for two roles - ok, handle that in UI... why login data in two tables?
jkirkerx at 30-Apr-13 16:56pm
   
Maybe one is for backend and the other for the frontend
Rohan Leuva at 1-May-13 0:28am
   
Why such implementation?what is difference security table and two tables that has the data record for all the users?Why you have two buttons Submit and Login?
Kwesi Hopkins at 1-May-13 8:05am
   
I did that to see where my code was the hangup. At first I had one button to handle all functions. Is there a better way of doing it? The security table stores the username, password and roles for each user snd for the user when they come back to the site later on.
Rohan Leuva at 1-May-13 8:10am
   
At the end of the day,i want to explain you simple thing.Have one page with 5 controls.two textboxes(username,password),one button for login,one link for password recovery and one link for sign up.when user enters username and password and clicks login button check for existance of that user in database and if it do,redirect it based on the role column.if dont,throw error msg the way you want.Further,if new user arrives,he can click on sign up.If user lost her password,she can follow password recovery link.Thats all about logins.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 381
1 Praneet Nadkar 237
2 Marcin Kozub 225
3 Sergey Alexandrovich Kryukov 200
4 Shweta N Mishra 161
0 OriginalGriff 8,284
1 Sergey Alexandrovich Kryukov 7,327
2 DamithSL 5,614
3 Manas Bhardwaj 4,986
4 Maciej Los 4,920


Advertise | Privacy | Mobile
Web01 | 2.8.1411023.1 | Last Updated 30 Apr 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100