Secure E-Voting System

Question

0.00/5 (No votes)

See more:

AM a final year student of osun state university Nigeria,studying computer science, am writing a project on Secure E-Voting System using asp.net and C# but having issue with my code on the log on side.

THis is the ASP Design

XML

<%@ Page Title="Log In" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"
    CodeFile="Login.aspx.cs" Inherits="Account_Login" %>

<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
</asp:Content>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">

    <h2>
        Log In to Your Voter Account
    </h2>
    <p>
        Please enter your username and password.
        <asp:HyperLink ID="RegisterHyperLink" runat="server" EnableViewState="false">Register</asp:HyperLink> if you don't have an account.
    </p>

    <asp:Login ID="LoginUser" runat="server" >
        <LayoutTemplate>
            <span class="failureNotification">
                <asp:Literal ID="FailureText" runat="server"></asp:Literal>
            </span>
            <asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="failureNotification"
                 ValidationGroup="LoginUserValidationGroup"/>
            <div class="accountInfo">
            <form id="form1" runat="server">
                <fieldset class="login">
                    <legend>Voters Information</legend>
                    <p>
                        <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>
                        <asp:TextBox ID="txtUserName" runat="server" CssClass="textEntry"></asp:TextBox>
                        <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
                             CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required."
                             ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                    </p>
                    <p>
                        <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
                        <asp:TextBox ID="txtPassword" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
                        <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
                             CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required."
                             ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                    </p>
                    <p>
                        <asp:CheckBox ID="RememberMe" runat="server"/>
                        <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
                    </p>
                </fieldset>
                </form>
                <p class="submitButton">
                    <asp:Button ID="LoginButton" runat="server" CommandName="Login" OnClick="LoginButton_Click" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
                 </p>
            </div>
        </LayoutTemplate>
    </asp:Login>
</asp:Content>

The Code side C#

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class Account_Login : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {
        RegisterHyperLink.NavigateUrl = "VResgister.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
    }
    protected void LoginButton_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("Data Source=SUNKEE-PC;Initial Catalog=voters; User ID=sa;Password=password1");
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        string sql;
        sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";
        cmd.CommandText = sql;
        con.Open();
        SqlDataReader dr = cmd.ExecuteReader();
        if (dr.Read())
        {
            Response.Redirect("Home.aspx");
        }
    }

}

the error is showing is :

Server Error in '/E-Voting' Application.
Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.

Compiler Error Message: CS0103: The name 'txtUserName' does not exist in the current context

Source Error:


Line 21:         cmd.Connection = con;
Line 22:         string sql;
Line 23:         sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";
Line 24:         cmd.CommandText = sql;
Line 25:         con.Open();


Source File: c:\Users\Sunkee\Documents\Visual Studio 2010\WebSites\E-Voting\voting\Login.aspx.cs    Line: 23


Show Detailed Compiler Output:

Show Complete Compilation Source:


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272

Posted 8-Mar-13 23:03pm

Member 9583680

Updated 8-Mar-13 23:05pm

Thomas Daniels

v2

Add a Solution

Comments

Richard MacCutchan 9-Mar-13 5:27am

The message looks reasonably clear; you do not have a variable called txtUserName. You are also creating your SQL commands in a dangerous way (string concatenation) which can lead to SQL injection, and the total destruction of your database.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Maciej Los · Answer 1 · 2013-03-09T11:20:00

As Richard MacCutchan suggests, please read this: How to: Protect From Injection Attacks in ASP.NET[^], especially Step 4. Use Command Parameters for SQL Queries.

Then check this line:

C#

sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";

Does txtUserName and txtPassword is the name of TextBox control? If yes, try this:

C#

String uName = Me.txtUserName.Text;
String uPass = Me.txtPassword.Text;