Click here to Skip to main content
15,892,927 members
Search within:


How do I change the password ASP.NET
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
ASP.NET
Hello and thank you for help. I have a quick problem. I want to change the password, verify if the actual password is ok, then change it but my if else is just execute my else branch and show that the password is wrong. Where is the problem in my code? Thank you!

What I have tried:

protected void MetodaSchimbaParola(object sender, EventArgs e)
{
if (txtParola.Text == Request.Cookies["Login"]["parola"].ToString())
{
con.Open();
SqlCommand cmd = new SqlCommand("UPDATE inregistrare_user SET parola=@PA where userID=@UD", con);

cmd.Parameters.AddWithValue("@PA", txtParolaNoua1.Text);
cmd.Parameters.AddWithValue("@UD", Request.Cookies["Login"]["userID"].ToString());
cmd.ExecuteNonQuery();
con.Close();
Informare.Text = "PASSWORD CHANGED";
}
else
{
Informare.Text = "WRONG ACTUAL PASSWORD";
}
Posted
Updated 15-May-16 9:15am
Add a Solution
Comments
F-ES Sitecore 15-May-16 12:07pm    
If it goes into the else then this

txtParola.Text == Request.Cookies["Login"]["parola"].ToString()

is false. We don't know what is in txtParola.Text or what is in Request.Cookies["Login"]["parola"].ToString() as we don't have access to your system, only you can know that. You have to learn to use the debugger to step through your code and inspect the value of variables etc, that will show you how the two strings differ.

3 solutions

A couple of things:
1) For the benefit of the user, always ask for the new password TWICE. Compare the two and if they aren't the same you don't change it. It's far too easy to get the case wrong, or hit an extra key - and if they don't know the password that's a problem for you as well as them.
2) Never store passwords in clear text! It is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

Since your code is going to the else each time, then the password is not the same as the value you are retrieving for the cookies. SO the first thing to do is to use the debugger (or logging statements) to find out exactly what two strings you are comparing.
When you know that you can start looking at why they are different - but it's likely that knowing what the two strings are will give you a massive clue to that!
 
Share this answer
 
Posted
Comments
Member 12502847 15-May-16 12:00pm    
Thanks for your advice. These isn't a serious project, is for my graduate so security isn't a major problem for my project. I put the cookie in a label and txtParola.text and that label is the same text.
OriginalGriff 15-May-16 12:27pm    
"is for my graduate so security isn't a major problem"
Even more reason to get it right! Always do it correctly: otherwise you build up bad habits that are hard to break. And what if a potential employer wants to see your project? Would that excuse work well with him?

Don't put it in a label.
Fetch the two strings into separate variables, and log them to a file, or use the debugger to look at them closely. If they were the same, the if condition would have passed...
Member 12502847 15-May-16 14:34pm    
You're right. I discovered my problem, i have blank spaces in column names. I read about that and i can solve it wrapping the names in square brackets. You helped me in the past so thank you again!
Hi! Since you allways end up in the else block, this means that
C#
txtParola.text == Request.Cookies["Login"]["parola"].ToString()

is not true. I want to stop for a second and point out the security risk of having your password in raw format stored in a cookie file. Is really really bad, so hopefully you don't have it. I hope that your "Request.Cookies["Login"]["parola"]" returns a hash string of the user password, and your "txtParola.Text" returns the raw format. Or even more likley, there is no cookie file at all in your dev enviorment.

But replace your else block to
C#
Informate.Text = Request.Cookies["Login"]["parola"].ToString() == "" ? "The Cookie is empty" : Request.Cookies["Login"]["parola"].ToString()

And see if you have what you think in your cookie. I really recomend that you take an weekend off typing code and study how to debug in your choice of IDE. It's not funny, but it's good. And in the long term, it will give you more time for funny stuff over fixing stuff. Because using the style I have used above (Printing some values out in "console") is a really slow way to debug code.
 
Share this answer
 
Posted
Comments
Member 12502847 15-May-16 11:59am    
Thanks for your advice. These isn't a serious project, is for my graduate so security isn't a major problem for my project. I put the cookie in a label and txtParola.text and that label is the same text.
Joel Wigren 15-May-16 12:06pm    
No problem! That is impossible, there must be som diff in the strings. Test to change your condition to "Informate.Text.Equals(Request.Cookies["Login"]["parola"], StringComparison.OrdinalIgnoreCase)" This will ignore case.
OriginalGriff 15-May-16 12:27pm    
Never ignore case of passwords! :laugh:
Joel Wigren 15-May-16 12:33pm    
Haha of course, never in security. But in debug you can ;) There must be something wrong, if he/she runs this condition and it passes. Then the question will be done
Member 12502847 15-May-16 14:37pm    
I have blank spaces in column names, these is wrong right now. Thanks for your help !
Solution: Use VARCHAR istead of NCHAR or CHAR. Thank you for your advices. Have a great day !
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How To Change Password In ASP.NET Membership
how to Change Password.
Admin change password
change password
how to change password in asp.net and using c#
C# code for change password?
How do I change my password?
change password not updated in database
Asp.net membership Change Password
problem in change password code

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 May 2016
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900