Two Login Error Messages needs to display

Question

0.00/5 (No votes)

See more:

I have a login page that I want to tell the user if the user enters an invalid username the username does not exist and if the user enters a username and password that is invalid the error message will say invalid username/password. I have some of the code done but i am stuck on my logic. Can someone help me and tell me where I went wrong?

C#

protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";

            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 1)
            {
                lblMessage.Text = "Invalid UserName/Password!!!";
            }
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
        con.Open();

        if (true)
        {
            SqlCommand level = new SqlCommand("select accessLevel, Password, INST_ID from Tablepass where EmailAddress = @EmailAddress AND Password = @Password", con);
            level.Parameters.Add(new SqlParameter("EmailAddress", TextBoxEA.Text));
            level.Parameters.Add(new SqlParameter("Password", TextBoxPW.Text));

            SqlDataReader reader = level.ExecuteReader();
            DataTable dt1 = new DataTable();
            dt1.Load(reader);

            foreach (DataRow dr1 in dt1.Rows)
            {
                int returnedLevel = Convert.ToInt32(dr1[0].ToString());
                int inst_id = Convert.ToInt32(dr1[2].ToString());
                Session["inst_id"] = inst_id;

                if (returnedLevel == 1)
                {
                    Response.Redirect("FormAPublic.aspx");
                }
                else if (returnedLevel == 2)
                {
                    Response.Redirect("FormCPrivateNon.aspx");
                }
                else if (returnedLevel == 3)
                {
                    Response.Redirect("FormDPrivateFor.aspx");
                }
                else if (returnedLevel == 7)
                {
                    Response.Redirect("CEOPage.aspx");
                }
                else if (returnedLevel == 8)
                {
                    Response.Redirect("DBPage.aspx");
                }
                else if (returnedLevel == 11)
                {
                    Response.Redirect("FormAPublicL.aspx");
                }
                else if (returnedLevel == 21)
                {
                    Response.Redirect("FormCPrivateNonL.aspx");
                }
                else if (returnedLevel == 31)
                {
                    Response.Redirect("FormDPrivateForL.aspx");
                }
                else if (returnedLevel == 0)
                {
                    Response.Redirect("Oops2.aspx");
                }

            }
        }
    }

    protected void TextBoxEA_TextChanged(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";

            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 1)
            {
                
            }
            else 
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
            }
        }
    }
}

What happen now is that when a user enters a valid username the Invalid username/password pops up. I need it to display when the user clicks on the Login button.

Posted 21-Nov-13 2:54am

Computer Wiz99

Updated 21-Nov-13 3:01am

v2

Add a Solution

Comments

♥…ЯҠ…♥ 21-Nov-13 9:06am

Without seeing the data,its hard to find out your logic.... Try to debug the solution then you yourself will make it...

Computer Wiz99 21-Nov-13 9:09am

What do you mean? I think my issue is the TextBox_TextChange and the Page Load. Which one I don't need, I don't know.

♥…ЯҠ…♥ 21-Nov-13 9:11am

C'mon buddy, as you can see you have used "Invalid username/Password" in page_load event and telling you dont know where it raises.... Ofcourse its in Page_Load() event

Computer Wiz99 21-Nov-13 9:23am

Ok, but when I take out the TextBox_TextChange event and test it. When I test it, I put in a valid username and an invalid password and the error message displayed and cleared out the password but not the username. Why? And when I put in an invalid username and password no error displays. Why?

Computer Wiz99 21-Nov-13 9:51am

Ok. I have fixed it and It works but I have an issue. How can I get the username to clear out after the error message has displayed?

3 solutions

Solution 2

Hi Wiz,

As you have used

C#

SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);

If it has at least one record then execute scalar would return value 1. So definitely "Invalid Username/Password" error will throw.
What logic you intend to implement in page_load event? If you tell that we people could try for you.

Hope this helps you a bit.

Regards,
RK

Posted 21-Nov-13 3:15am

♥…ЯҠ…♥

Comments

Computer Wiz99 21-Nov-13 9:31am

RK, What I am trying to do is: User enters an invalid username and then tabs or clicks to the password field. At that point I am trying to get the code to tell the user that the "UserName Does Not Exist!!! You Must Fill Out Registration First" error. If the user keeps on going to the password field and enters a password the next error will display, "Invalid UserName/Password". That is what I am trying to get.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2013-11-21T03:09:00

Please don't do that.

Instead, give a single error message which covers both eventualities: "Unable to log in: the username and password were not found" or similar. If you give separate error messages, you are telling hacking systems when they have found a valid userID and that they only need to concentrate on the password - this is a major plus for automated "brute force" attacks because it cuts the work in half.

Secondly, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

Computer Wiz99 · Accepted Answer · 2013-11-21T03:48:00

I think I have it.

C#

protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from TableSecurity where EmailAddress='" + TextBoxEA.Text + "'";

            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 0)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
            }
            else if (temp == 1)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
            }
        }
    }

Two Login Error Messages needs to display

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0