Click here to Skip to main content
15,919,749 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hello Code Project,

I have used 3-tier architecture in my application and I'm trying to do Login using stores procedure, Though I am entering data that is not in database, I could Login.. If I am not using 3 tier architecture, I am able to do what I want.
please help me to improve the following code,

//Data Logic
static string ConStr = @"Data Source=ROHIT-PC\SQLEXPRESS;Initial Catalog=MPAdvisor;Integrated Security=True";
     SqlConnection con = new SqlConnection(ConStr);

     public void LogIn(string username, string password)
     {
         con.Open();

         SqlCommand cmd = new SqlCommand("LogInProcedure", con);
         cmd.CommandType = CommandType.StoredProcedure;

         cmd.Parameters.AddWithValue("@username", username);
         cmd.Parameters.AddWithValue("@password", password);

         SqlDataReader reader = cmd.ExecuteReader();
     }


//Business Logic
C#
DataLogic.DataClass dc = new DataLogic.DataClass();

       string username, password;

       public string GetUserName
       {
           get
           {
               return username;
           }
           set
           {
               username = value;
           }
       }

       public string GetPassword
       {
           get
           {
               return password;
           }
           set
           {
               password = value;
           }
       }

       public void doLogIn()
       {
           dc.LogIn(username, password);
       }


// Presentation Logic
BusinessLogic.BusinessClass bc = new BusinessLogic.BusinessClass();

           bc.GetUserName = usernametxt.Text;
           bc.GetPassword = passwordtxt.Text;
           bc.doLogIn();

           Session["uname"] = usernametxt.Text;
           Response.Redirect("Home.aspx");


// Stored Procedure
SQL
ALTER PROCEDURE dbo.LogInProcedure
    @username nvarchar (50),
    @password nvarchar (50)
AS
    SET NOCOUNT ON;
SELECT  * FROM users
WHERE   user_username=@username AND user_password=@password
Posted
Updated 18-Nov-12 0:30am
v2
Comments
[no name] 18-Nov-12 4:44am    
Please answer it, I really need it...
Shanalal Kasim 18-Nov-12 5:01am    
This is logical mistake. You are not add login condition in "Presentation Logic", You are all wise redirecting to "Home.aspx"
[no name] 18-Nov-12 7:29am    
okay, could you please modify the code ?
[no name] 18-Nov-12 6:15am    
but my Login condition is in Stored Procedure, isn't it ?
bbirajdar 18-Nov-12 6:56am    
First understand the code before you try to use it.. Better way write your own instaed of copy pasting from somewhere

You need to correct these mistakes before you try to use this code


1. This method should return something. Most probably a 'bool' . But it returns 'void'. How are you going to verify the result if it does not return anything ????
C#
public void LogIn(string username, string password)

2. This code should read a value from the reader. But your code ends after this line of code.
C#
SqlDataReader reader = cmd.ExecuteReader();
        }

3. Also this method returns 'void' . Same mistake repeated
C#
public void doLogIn()

4. Even if the user is able to login or not, the session is created for him and redirected to Home.aspx ,irrespective of the authentication result... Then why need the username/password itself ?
C#
 bc.doLogIn(); 
Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");

5. Passwords are not hashed. Even a student level project does not have plaintext passwords...
 
Share this answer
 
Stop and think about what you're doing. What code here is supposed to stop a login ? If your old code works, it's because the Login method CHECKS if a user is logged in and returns a bool which means you can act on a failed login. This is useless, you call a method that returns nothing, how can you decide to log someone in or not ?
'
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900