Click here to Skip to main content
15,995,305 members
Please Sign up or sign in to vote.
3.67/5 (2 votes)
See more:

in my login page i have the following code
C#
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
        SqlCommand comand = new SqlCommand("Select UserName,Password FROM Users WHERE UserName=@Uname and Password = @Pass", con);
        comand.Parameters.AddWithValue("@Uname", this.txtUsername.Text);
        comand.Parameters.AddWithValue("@pass", this.txtPassword.Text);
        con.Open();
        SqlDataAdapter adpter = new SqlDataAdapter(comand);
        DataTable dt = new DataTable();
        adpter.Fill(dt);
        
        if (dt.Rows.Count < 0)
        {
            this.Label1.Text = "Login Failed!<br /> Username or Password is not correct";

        }
        else
        {

            Session["Logged"] = "Yes";
            Session["User"] = this.txtUsername.Text;
            Response.Redirect("Main.aspx");
        }

it allows access to the "Main.aspx" page even username and password entered in textboxes are not present in the database
how i can match the username password enterd in the textbox with those values retrived from database?
Posted
Updated 4-Feb-14 19:46pm
v2
Comments
Sampath Lokuge 5-Feb-14 1:48am    
Can you put the code snippet where you access this functionality ?

C#
foreach(DataRow row in dt.Rows)
     {
         if(row["UserName"].ToString() == this.txtUsername.Text && row["Password"].ToString() == this.txtPassword.Text )
         {
           Session["Logged"] = "Yes";
           Session["User"] = this.txtUsername.Text;
           Response.Redirect("Main.aspx");
         }
         else
         {
           this.Label1.Text = "Login Failed!
           Username or Password is not correct";
         }
     }


Friend, the way you are using to fetch data from DB is insecure. You should use stored-proc.
 
Share this answer
 
v2
Check the if condition, this allows the user to enter the else part if dt.Rows.Count == 0 to

if (dt.Rows.Count < 0)


Change above to
if (dt.Rows.Count ==0)
{
//Not allowed code
}
else if ((dt.Rows.Count >0)
{
//Allow Navigation to MainPage code

}
 
Share this answer
 
v2
Change this
C#
if (dt.Rows.Count < 0)
     {
         this.Label1.Text = "Login Failed!<br /> Username or Password is not correct";

     }
     else
     {

         Session["Logged"] = "Yes";
         Session["User"] = this.txtUsername.Text;
         Response.Redirect("Main.aspx");
     }

to
C#
if (dt.Rows.Count <= 0)
       {
           this.Label1.Text = "Login Failed!<br /> Username or Password is not correct";

       }
       else
       {

           Session["Logged"] = "Yes";
           Session["User"] = this.txtUsername.Text;
           Response.Redirect("Main.aspx");
       }
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900