Click here to Skip to main content
15,436,765 members
Please Sign up or sign in to vote.
1.40/5 (2 votes)
See more:
There are 7 teams! and 7 login data in my sql database! How can i redirect individual teams to their respective pages???

What I have tried:

My code till now only for 1 single login page!
Private Sub ConnectToSQL1()
        Dim con As New SqlConnection
        Dim cmd As New SqlCommand
        con.ConnectionString = "Data Source = (localdb)\MSSQLLocalDB; Initial Catalog = NipunDB; Integrated Security = True"
        con.Open()
        cmd.Connection = con
        cmd.CommandText = " SELECT  UserId, Password FROM   UdeepData WHERE   (UserId = '" & txtudeepusername.Text & "' ) AND (Password = '" & txtudeeppass.Text & "')"
        Dim lrd As SqlDataReader = cmd.ExecuteReader()
        Dim userFound As Boolean = False
        Dim UserId As String = ""
        Dim Password As String = ""

        'if found:
        While lrd.Read
            userFound = True
            UserId = lrd("UserId").ToString
            Password = lrd("Password").ToString
        End While
        'checking the result
        If userFound = True Then
            Response.Redirect("UdeepLogin.aspx")
        Else
            MsgBox("Sorry, username or password not found")
        End If
Posted
Updated 8-Dec-17 1:57am
Comments
F-ES Sitecore 8-Dec-17 8:27am    
You haven't said what defines each member as part of a certain team so it's impossible to answer. If you have no way of allocating users to teams then that's what you need to do...if you can only be in one team then extend the table to have a team id that says the team that user is in, and depending on what that value is redirect to a different place.

1 solution

A few quick things:

First thing.
You're storing your passwords in plain text? Never do that.

Second thing.
Use parameters for your query. Look up SQL Injection.

Third thing.
Why are you then storing the UserID and Password returned from the database in local variables? You already have them. Also, look at having a user ID as a separate entity to the username.

Fourth thing.
Look at "Using". This will dispose of your connection, command and reader when they are finished with, without you having to explicitly do it.

Fifth thing.
MsgBox does not work on web stuff. (Unless you've got a function somewhere that is mapping MsgBox to stuff that does work)

Now that that is out of the way...
I take it you are storing the staff department in the user table? If not, do it.
Create a table, something like LogonActions(Department int, URL varchar(255))

Here's a slightly better version of your code, but it still has a lot of work that needs doing to it.
VB
Private Sub ConnectToSQL1()
        Using con As New SqlConnection, cmd As New SqlCommand
            con.ConnectionString = "Data Source = (localdb)\MSSQLLocalDB; Initial Catalog = NipunDB; Integrated Security = True"
            con.Open()
            cmd.Connection = con
            cmd.CommandText = "SELECT UserId, URL FROM UdeepData u, LogonActions l WHERE UserID = @UserName AND Password = @Password AND u.Department = l.Department"
            cmd.Parameters.AddWithValue("UserName", txtudeepusername.Text)
            cmd.Parameters.AddWithValue("Password", txtudeeppass.Text) 'This is still VERY BAD security.
            Dim userFound As Boolean = False
            Dim UserId As String = ""
            Dim URL As String = ""
            Using lrd As SqlDataReader = cmd.ExecuteReader()
                'if found:
                Do While lrd.Read
                    userFound = True
                    UserId = lrd("UserId").ToString
                    URL = lrd("URL").ToString
                Loop
            End Using
        End Using
        'checking the result
        If userFound = True Then
            Response.Redirect(URL)
        Else
            MsgBox("Sorry, username or password not found") 'This will not work
        End If
    End Sub


Your code has a LOT of issues in it, the redirecting to the other place should be your lowest priority concern with this at the moment.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900