Check for cases/capitalization

Question

2.00/5 (2 votes)

See more:

I'am trying to implement a system log in where it checks even the cases of the letters in passwords and username, for example if the username saved on the database was account_name; then the user cannot log in when he/she enters ACCOUNT_NAME as his/her username same with password.

Please help me, here's my code:

on VB page

VB

If blUser.checkLogin(txtUN.Text, txtPW.Text) = True Then
               Dim idUser As Integer
               idUser = blUser.UserID
               Response.Cookies("UserID").Value = Convert.ToString(idUser)
               Response.Cookies("UserType").Value = Convert.ToString(blUser.UserType)
               Response.Cookies("FirstName").Value = Convert.ToString(blUser.FirstName)
               Response.Cookies("SchoolOfficeID").Value = Convert.ToString(blUser.SchoolOfficeID)
               Response.Cookies("Password").Value = Convert.ToString(blUser.Password)

               Response.Redirect("~/Transactions03.aspx")

on BL

VB

public Boolean checkLogin(string UserName, string Password)
       {
           DataTable exiting;
           DAUsers daUser = new DAUsers();
           exiting = daUser.loginCheckDA(UserName, Password);
           if (exiting.Rows.Count > 0)
           {
               UserID = Convert.ToInt32(exiting.Rows[0]["UserID"].ToString());
               UserType = exiting.Rows[0]["UserType"].ToString();
               LastName = exiting.Rows[0]["LastName"].ToString();
               FirstName = exiting.Rows[0]["FirstName"].ToString();
               MiddleName = exiting.Rows[0]["MiddleName"].ToString();
               SchoolOfficeID =Convert.ToInt32( exiting.Rows[0]["SchoolOfficeID"].ToString());
               return true;
           }else{
               return false;
           }
       }

on DA

VB

public DataTable loginCheckDA(string username, string password)
        {
            string sql = "SELECT * FROM UserAccount WHERE AccntStatus like 'Active' AND UserName like '" + username + "' AND Password like '" + password + "'";
            DataTable dt =  GetDataTable(sql, null);            
                return dt;         
        }

Posted 12-Sep-13 4:06am

timJosh

Updated 12-Sep-13 4:09am

v2

Add a Solution

Comments

Richard C Bishop 12-Sep-13 10:07am

Why not just make sure they enter valid data and use TOUPPER() or TOLOWER() to negate the case sensitivity?

timJosh 12-Sep-13 10:18am

No because I'm using a format which is lastname first letter to upper case + "_" + firstname whose 1st letter is still n upper case

Maciej Los 12-Sep-13 10:44am

Why do you want to change capitalization? It makes no sense at all.

timJosh 12-Sep-13 11:17am

No I just wanted to have a more tight way of letting the user log in which is by requiring the user to enter exact(I mean even the cases) info.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

gaga blues · Accepted Answer · 2013-09-12T08:18:00

Solution 2

You can use this tip. ;)

[Here :D]

Posted 12-Sep-13 8:18am

gaga blues

Comments

timJosh 12-Sep-13 14:19pm

This actually works tnx alot :D

gaga blues 12-Sep-13 14:22pm

Glad to help ;)

Dave Kreskowiak · Accepted Answer · 2013-09-12T04:27:00

You're making a couple of monsterous mistakes in your design. The first of which is storing user passwords in clear text in your database.

The second mistake is using string concatenation to build your SQL query.

Think about this one: What if a user typed

whocares; DROP TABLE UserAccount; --

into the Username box?? I'll give you a hint: You'd be terminated on the spot. Don't think it'll happen?? Think again. It only has to happen once.

Read these[^] and these[^].