What is stopping me from Logging in?

Question

1.00/5 (1 vote)

See more:

I have a login page and when I enter an invalid username and password I get the correct error message that I should get. When I enter in a valid username and password and click the Login button I get an error message Invalid UserName/Password!!!. So I copied the username and password from the database and the same error displayes. It will not let me login. What did I do wrong?

C#

protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";

            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 0)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
                TextBoxEA.Text = string.Empty;
            }
            else if (temp == 1)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
                TextBoxEA.Text = string.Empty;
            }
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
        con.Open();

        if (true)
        {
            SqlCommand level = new SqlCommand("select accessLevel, Password, INST_ID from Tablepass where EmailAddress = @EmailAddress AND Password = @Password", con);
            level.Parameters.Add(new SqlParameter("EmailAddress", TextBoxEA.Text));
            level.Parameters.Add(new SqlParameter("Password", TextBoxPW.Text));

            SqlDataReader reader = level.ExecuteReader();
            DataTable dt1 = new DataTable();
            dt1.Load(reader);

            foreach (DataRow dr1 in dt1.Rows)
            {
                int returnedLevel = Convert.ToInt32(dr1[0].ToString());
                int inst_id = Convert.ToInt32(dr1[2].ToString());
                Session["inst_id"] = inst_id;

                if (returnedLevel == 1)
                {
                    Response.Redirect("FormAPublic.aspx");
                }
                else if (returnedLevel == 2)
                {
                    Response.Redirect("FormCPrivateNon.aspx");
                }
                else if (returnedLevel == 3)
                {
                    Response.Redirect("FormDPrivateFor.aspx");
                }
                else if (returnedLevel == 7)
                {
                    Response.Redirect("CEOPage.aspx");
                }
                else if (returnedLevel == 8)
                {
                    Response.Redirect("DBPage.aspx");
                }
                else if (returnedLevel == 11)
                {
                    Response.Redirect("FormAPublicL.aspx");
                }
                else if (returnedLevel == 21)
                {
                    Response.Redirect("FormCPrivateNonL.aspx");
                }
                else if (returnedLevel == 31)
                {
                    Response.Redirect("FormDPrivateForL.aspx");
                }
                else if (returnedLevel == 0)
                {
                    Response.Redirect("Oops2.aspx");
                }

            }
        }
    }
}

Posted 21-Nov-13 4:40am

Computer Wiz99

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) · Accepted Answer · 2013-11-21T04:46:00

Solution 1

Observation

As you have if (IsPostBack), so on Button Click, it will go inside if block.
On the below line, it will find the user, so temp will be 1.

C#

int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());

So, it will go inside else if and show you the message.

C#

else if (temp == 1)
{
    ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
    TextBoxEA.Text = string.Empty;
}

Suggestion

I guess you should have if (!IsPostBack) instead of if (IsPostBack)

Posted 21-Nov-13 4:46am

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ)

Updated 21-Nov-13 4:47am

v2

Comments

Computer Wiz99 21-Nov-13 10:52am

Tadit Dash, Thanks for the information but when I test it the form loaded and the first thing that came up was an error message that I made saying,"User Name Does Not Exist!!! You Must Fill Out Registration First!!!". That will not work. Thanks.

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 21-Nov-13 10:56am

If you do it like if (!IsPostBack), it will work when loaded.
IsPostBack checks whether PostBack is happened or not. When page loads first, it is false, so it will go inside and show you the message. There will no problem.

Please check it once.

Computer Wiz99 21-Nov-13 10:59am

Yeah, I did check it out and you are right it does work but when I debugged the program, you know I pressed F5, the first thing that displayed with the Login page was the, "User Name Does Not Exist!!! You Must Fill Out Registration First!!!" message. I can't have that when the user brings up the website for the first time.

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 21-Nov-13 11:06am

Okay, I thought the opposite. No problem. So, is it solved now? If yes, how it solved?

Computer Wiz99 21-Nov-13 11:08am

I posted an update. Look at Solution 3.

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 21-Nov-13 11:11am

Okay... Good. You should also accept my answer as I gave you some idea about the flow. :P

Ron Beyer · Accepted Answer · 2013-11-21T04:48:00

You have a lot going on here, I would try to break it down into pieces, but here is what I suspect is your problem.

C#

SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);

Your SQL command selects INST_ID and EmailAddress from TablePass. You then execute the ExecuteNonScalar, which when using a Select doesn't return the count of records, it returns the first value from the first row, so whatever INST_ID is for the first row it returns.

What I think you want to do is something more like this:

C#

SqlCommand cmd = new SqlCommand("select count(*) from Tablepass WHERE emailAddress = #emailID AND password = @password", con);
cmd.Parameters.AddWithValue(@emailID, TextboxEA);
cmd.Parameters.AddWithValue(@password, TextboxPW);   

bool goodLogIn = (int)cmd.ExecuteNonQuery() == 1;

Computer Wiz99 · Accepted Answer · 2013-11-21T04:55:00

This is what I did.

C#

protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";
 
            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 0)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
                TextBoxEA.Text = string.Empty;
            }
            else if (temp == 1)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
                
            }
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
 
        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
        con.Open();
 
        if (true)
        {
            SqlCommand level = new SqlCommand("select accessLevel, Password, INST_ID from Tablepass where EmailAddress = @EmailAddress AND Password = @Password", con);
            level.Parameters.Add(new SqlParameter("EmailAddress", TextBoxEA.Text));
            level.Parameters.Add(new SqlParameter("Password", TextBoxPW.Text));
 
            SqlDataReader reader = level.ExecuteReader();
            DataTable dt1 = new DataTable();
            dt1.Load(reader);
 
            foreach (DataRow dr1 in dt1.Rows)
            {
                int returnedLevel = Convert.ToInt32(dr1[0].ToString());
                int inst_id = Convert.ToInt32(dr1[2].ToString());
                Session["inst_id"] = inst_id;
 
                if (returnedLevel == 1)
                {
                    Response.Redirect("FormAPublic.aspx");
                }
                else if (returnedLevel == 2)
                {
                    Response.Redirect("FormCPrivateNon.aspx");
                }
                else if (returnedLevel == 3)
                {
                    Response.Redirect("FormDPrivateFor.aspx");
                }
                else if (returnedLevel == 7)
                {
                    Response.Redirect("CEOPage.aspx");
                }
                else if (returnedLevel == 8)
                {
                    Response.Redirect("DBPage.aspx");
                }
                else if (returnedLevel == 11)
                {
                    Response.Redirect("FormAPublicL.aspx");
                }
                else if (returnedLevel == 21)
                {
                    Response.Redirect("FormCPrivateNonL.aspx");
                }
                else if (returnedLevel == 31)
                {
                    Response.Redirect("FormDPrivateForL.aspx");
                }
                else if (returnedLevel == 0)
                {
                    Response.Redirect("Oops2.aspx");
                }
 
            }
        }
    }
}

I took out the

C#

TextBoxEA.Text = string.Empty;

from the error message and I was able to Login. The error still displays when you enter an invalid username and password. Thanks.