Regarding 3 tier app and Stored Procedure

Question

0.00/5 (No votes)

See more:

Hello Code Project,

I have used 3-tier architecture in my application and I'm trying to do Login using stores procedure, Though I am entering data that is not in database, I could Login.. If I am not using 3 tier architecture, I am able to do what I want.
please help me to improve the following code,

//Data Logic

static string ConStr = @"Data Source=ROHIT-PC\SQLEXPRESS;Initial Catalog=MPAdvisor;Integrated Security=True";
     SqlConnection con = new SqlConnection(ConStr);

     public void LogIn(string username, string password)
     {
         con.Open();

         SqlCommand cmd = new SqlCommand("LogInProcedure", con);
         cmd.CommandType = CommandType.StoredProcedure;

         cmd.Parameters.AddWithValue("@username", username);
         cmd.Parameters.AddWithValue("@password", password);

         SqlDataReader reader = cmd.ExecuteReader();
     }

//Business Logic

C#

DataLogic.DataClass dc = new DataLogic.DataClass();

       string username, password;

       public string GetUserName
       {
           get
           {
               return username;
           }
           set
           {
               username = value;
           }
       }

       public string GetPassword
       {
           get
           {
               return password;
           }
           set
           {
               password = value;
           }
       }

       public void doLogIn()
       {
           dc.LogIn(username, password);
       }

// Presentation Logic

BusinessLogic.BusinessClass bc = new BusinessLogic.BusinessClass();

           bc.GetUserName = usernametxt.Text;
           bc.GetPassword = passwordtxt.Text;
           bc.doLogIn();

           Session["uname"] = usernametxt.Text;
           Response.Redirect("Home.aspx");

// Stored Procedure

SQL

ALTER PROCEDURE dbo.LogInProcedure
    @username nvarchar (50),
    @password nvarchar (50)
AS
    SET NOCOUNT ON;
SELECT  * FROM users
WHERE   user_username=@username AND user_password=@password

Posted 17-Nov-12 18:52pm

Krunal Rohit

Updated 18-Nov-12 0:30am

v2

Add a Solution

Comments

[no name] 18-Nov-12 4:44am

Please answer it, I really need it...

Shanalal Kasim 18-Nov-12 5:01am

This is logical mistake. You are not add login condition in "Presentation Logic", You are all wise redirecting to "Home.aspx"

[no name] 18-Nov-12 7:29am

okay, could you please modify the code ?

[no name] 18-Nov-12 6:15am

but my Login condition is in Stored Procedure, isn't it ?

bbirajdar 18-Nov-12 6:56am

First understand the code before you try to use it.. Better way write your own instaed of copy pasting from somewhere

[no name] 18-Nov-12 7:28am

If you don't want to help it, then don't comment like this... And If I've copied it from somewhere then I should have solution as well okay.

bbirajdar 18-Nov-12 14:14pm

Well .. The reason I am saying the code is copy pasted because it is not complete. Only a person who has not written this code will try to 'use' it. Otherwise it is a useless code.

The reasons I call it useless because::::
1. This method should return something. Most probably a 'bool' . But it returns 'void'. How are you going to verify the result if it does not return anything ????
public void LogIn(string username, string password)

2. This code should read a value from the reader. But your code ends after this line of code. Same mistake repeated.
SqlDataReader reader = cmd.ExecuteReader();
}

3. Also this method returns 'void' . Same mistake repeated
public void doLogIn()

4. Even if the user is able to login or not, the session is created for him and redirected to Home.aspx ,irrespective of the authentication result... Then why need the username/password itself ?

bc.doLogIn();

Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");

5. Passwords are not hashed. Even a student level project does not have plaintext passwords...

2 solutions

Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

bbirajdar · Answer 1 · 2012-11-18T17:42:00

You need to correct these mistakes before you try to use this code

1. This method should return something. Most probably a 'bool' . But it returns 'void'. How are you going to verify the result if it does not return anything ????

C#

public void LogIn(string username, string password)

2. This code should read a value from the reader. But your code ends after this line of code.

C#

SqlDataReader reader = cmd.ExecuteReader();
        }

3. Also this method returns 'void' . Same mistake repeated

C#

public void doLogIn()

4. Even if the user is able to login or not, the session is created for him and redirected to Home.aspx ,irrespective of the authentication result... Then why need the username/password itself ?

C#

 bc.doLogIn(); 
Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");

5. Passwords are not hashed. Even a student level project does not have plaintext passwords...

Christian Graus · Answer 2 · 2012-11-18T09:11:00

Stop and think about what you're doing. What code here is supposed to stop a login ? If your old code works, it's because the Login method CHECKS if a user is logged in and returns a bool which means you can act on a failed login. This is useless, you call a method that returns nothing, how can you decide to log someone in or not ?
'

Regarding 3 tier app and Stored Procedure

2 solutions

Solution 2

Solution 1

Add your solution here

Preview 0

Regarding 3 tier app and Stored Procedure

2 solutions

Solution 2

Solution 1

Add your solution here

Preview 0

Existing Members

...or Join us