TextBox_TextChange with Login

Question

1.00/5 (1 vote)

See more:

I have a login page that I want to let the user know if there username does not exist and they must register. The code that I have works but when a user enters in a username that is in the database the error message come up and says "Invalid UserName/Password". I would like for this error to come up if the user enters a valid or invalid username and password when they click on login. How can I get my code to do that? I had this code is Page Load but I thought it might work better in TextBox_TextChange.

C#

if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";

            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 1)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
            }
            else
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
            }
        }
    }
}

Posted 20-Nov-13 8:31am

Computer Wiz99

Updated 20-Nov-13 9:30am

v2

Add a Solution

Comments

Richard C Bishop 20-Nov-13 15:42pm

The ExecuteScalar() method returns the first record of the results. So if you get a result with that query, it means it is valid. You have it as not valid. Probably should switch your logic.

Computer Wiz99 20-Nov-13 15:49pm

Ok, Thanks. How do you mean switch my logic? What it does now is when I enter a valid username I get the error message, "Invalid UserName/Password". When I enter in an invalid username the error message shows, "User Name Does Not Exist!!! You Must Fill Out Registration First". The second part is correct. That is what I want it to do. It is the first part that gets me.

Richard C Bishop 20-Nov-13 16:10pm

Your first if statement should probably read:

if (temp == 0)
{
}

This will show the invalid message because your query did not return anything. When you enter something invalid it will default to your else which is basically an invalid entry. See my edited solution below.

Computer Wiz99 20-Nov-13 16:33pm

Ok, I changed the if (temp == 1) to if (temp == 0). When I enter in a valid username I get the second error message. I should not get any error message if the username is valid.

Richard C Bishop 20-Nov-13 16:43pm

That is where your logic is slightly skewed. You cannot check if it is a bad entry twice. Being invalid and not being registered are the same thing ultimately. Neither one allows the user to continue. See my updated solution below for a new way you could handle this.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard C Bishop · Answer 1 · 2013-11-20T09:04:00

It fires as soon as the text changes and they way you are concatenating the text value of your textbox text value is causing an unexpected value to be in the WHERE clause. You could have done something like this:

    if (IsPostBack)
    {
        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HOTConnectionString"].ConnectionString);
        con.Open();
        string cmdStr = "select count(*) from Tablepass where EmailAddress=@TextBoxEA";
        SqlCommand userExist = new SqlCommand(cmdStr, con);
        SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
        userExist.Parameters.AddWithValue("@TextboxEA", TextBoxEA.Text);
        int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
        if (temp == 0)
        {
            ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);

        }
    }
}

Also, you have been told numerous times that this sort of code leaves you vulnerable to SQL injection. It would be in your best interest to revise it using parameterized queries.

[EDIT]

int loginAttempts = 0;

   if (IsPostBack)
      {
          SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HOTConnectionString"].ConnectionString);
          con.Open();
          string cmdStr = "select count(*) from Tablepass where EmailAddress=@TextBoxEA";
          SqlCommand userExist = new SqlCommand(cmdStr, con);
          SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
          userExist.Parameters.AddWithValue("@TextboxEA", TextBoxEA.Text);
          int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());



          if (temp == 0)
          {
              ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
              loginAttempts++;

          }
          else if (loginAttempts == 5)
          {
               ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);

          }
      }
  }

This checks how many times they have attempted to login and then will show the register message after 5 attempts(which could be any number). Your "else" could do the login if the user entered data is valid.

[/EDIT]