C# login check code not working correctly

Question

1.00/5 (1 vote)

See more:

I want to create a loginpage for user and check whether they are admin or general user. i have written the following code. I think the logic is correct but I dont know why the output of the program is not correct. Please help me with this.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;

namespace Bidders_Joint
{
public partial class WebForm2 : System.Web.UI.Page
{
string constr = ConfigurationManager.ConnectionStrings["BiddersJoint"].ToString();
string password;
string type;
protected void Page_Load(object sender, EventArgs e)
{

}

protected void btnLogin_Click(object sender, EventArgs e)
{

SqlConnection con = new SqlConnection(constr);
SqlCommand cmd = new SqlCommand("select Password,Type from TABLE_USER where User_ID = @userid", con);
cmd.Parameters.AddWithValue("@userid",txtUserid.Text.ToString());
try
{
cmd.Connection.Open();
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
password = dr["Password"].ToString();
type = dr["Type"].ToString();
}
if ((password == txtPassword.Text.ToString()) && (type == "admin"))
{
Response.Redirect("administrator.aspx");
}

if ((password==txtPassword.Text.ToString()) && (type=="general"))
{
Response.Redirect("userspage.aspx");
}
else
{
lblMessage.Text = "wrong userid or password";
}

}
catch (Exception ex)
{

lblMessage.Text = ex.Message;
}
finally
{
cmd.Connection.Close();
}
}

}
}

output is always worng userid or password even when userid and password are correct

Posted 12-Jul-13 18:03pm

anshulpui2

Add a Solution

Comments

Dholakiya Ankit 13-Jul-13 0:13am

debug the code get values where you have problem tell us

anshulpui2 13-Jul-13 1:44am

the code is not working. Please check the solution given below, I used that but still it did not work

anshulpui2 13-Jul-13 1:21am

@siddhesh, I tried to use your code too. But no redirection is taking place. Nothing happens even if I type wrong userid or password :(

Siddhesh Patankar 13-Jul-13 1:45am

Just check the logic the SQl query will check if the username password pair is present or not... if present it will return rows else no. then you can compare the types. I guess if that doesnt work you will have to debug the code to find out what results you are getting. First put a break point on DataReader to check if the query is giving out any output or not

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Siddhesh Patankar · Answer 1 · 2013-07-12T18:53:00

Change the code to this... actually your logic is correct but approach is wrong.
The usual approach is

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
 
namespace Bidders_Joint
{
public partial class WebForm2 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
 
}
 
protected void btnLogin_Click(object sender, EventArgs e)
{
string constr = ConfigurationManager.ConnectionStrings["BiddersJoint"].ToString();
string type;
SqlConnection con = new SqlConnection(constr);
SqlCommand cmd = new SqlCommand("select Type from TABLE_USER where User_ID = @userid AND Password=@password" , con);
cmd.Parameters.AddWithValue("@userid",txtUserid.Text);
cmd.Parameters.AddWithValue("@password",txtPassword.Text);
try
{
con.open();//cmd.Connection.Open();
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
if(dr.HasRows)
{
   type = dr["Type"].ToString();
   if (type == "admin")
  {
      Response.Redirect("administrator.aspx");
  }
 else  if (type=="general")
  {
       Response.Redirect("userspage.aspx");
  }
}

else
{
lblMessage.Text = "wrong userid or password";
}
}
 
}
catch (Exception ex)
{
 lblMessage.Text = ex.Message;
}
finally
{
con.close(); //cmd.Connection.Close();
}
}

I have put the variables you declared inside the Click event and Changed the query.