Click here to Skip to main content
15,850,299 members

The Weird and The Wonderful

   

The Weird and The Wonderful forum is a place to post Coding Horrors, Worst Practices, and the occasional flash of brilliance.

We all come across code that simply boggles the mind. Lazy kludges, embarrassing mistakes, horrid workarounds and developers just not quite getting it. And then somedays we come across - or write - the truly sublime.

Post your Best, your worst, and your most interesting. But please - no programming questions . This forum is purely for amusement and discussions on code snippets. All actual programming questions will be removed.

 
GeneralRe: !(How to best use a try catch block) Pin
OriginalGriff13-Jul-09 9:52
mveOriginalGriff13-Jul-09 9:52 
GeneralRe: !(How to best use a try catch block) Pin
supercat914-Jul-09 7:10
supercat914-Jul-09 7:10 
GeneralRe: !(How to best use a try catch block) Pin
BadKarma10-Jul-09 2:25
BadKarma10-Jul-09 2:25 
GeneralRe: !(How to best use a try catch block) Pin
singh.iz.king10-Jul-09 4:50
singh.iz.king10-Jul-09 4:50 
GeneralRe: !(How to best use a try catch block) Pin
Member 448708313-Jul-09 9:17
Member 448708313-Jul-09 9:17 
GeneralRe: !(How to best use a try catch block) Pin
singh.iz.king13-Jul-09 16:20
singh.iz.king13-Jul-09 16:20 
GeneralRe: !(How to best use a try catch block) Pin
mateotrek18-Aug-09 20:19
mateotrek18-Aug-09 20:19 
Generalhow not to check a login [modified] PinPopular
icewolf_snowfire8-Jul-09 7:11
icewolf_snowfire8-Jul-09 7:11 
this is one of the many gems I'm finding (and fixing) in some third party produced code:

protected void btnLogin_Click(Object s, EventArgs e)
	{
		bool loginOK = false;
		try
		{
			loginOK = Account.LoginUser(Page, txtUserName.Text, txtPassword.Text);
		}
		catch (Exception ex)
		{
			string error = string.Empty;
			if (ex.Message == "Invalid attempt to read when no data is present.")
			{
				error = "Username not found.";
			}
			else
			{
				error = ex.Message;
			}
			lblMessage.Text = error;
			return;
		}

		if (loginOK == true)
		{
			Response.Redirect("~/Default.aspx");
		}
		else
		{
			lblMessage.Text = "Password does not match.";
		}
	}


public static bool LoginUser(Page page, string uname, string pass)
		{
			bool passwordVerified = false;

			try
			{
				passwordVerified = AccountDB.CheckPassword(uname, pass);
			}
			catch (Exception ex)
			{
				throw;
			}

			if (passwordVerified == true)
			{
				//string roles = "Manager" + "|" + "Administrator";
				string roles = "JobSeeker";

				// Create the authentication ticket
				FormsAuthenticationTicket authTicket = new
					FormsAuthenticationTicket(1,  // version
					uname,      // user name
					DateTime.Now,	// creation
					DateTime.Now.AddMinutes(60),// Expiration
					false,	// Persistent
					roles	// User data
											 );

				string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

				HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
				page.Response.Cookies.Add(authCookie);

				// Update login date to now
				int userID = AccountDB.GetUserIDByUsername(uname);
				AccountDB.UpdateLoginDate(userID, DateTime.Now);

				return true;
			}
			else
			{
				return false;
			}
		}


public static bool CheckPassword(string username, string password)
		{
			bool passwordMatch = false;
			SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
			SqlCommand cmd = new SqlCommand("CheckPassword", conn);
			cmd.CommandType = CommandType.StoredProcedure;

			SqlParameter sqlParam = cmd.Parameters.Add("@userName", SqlDbType.VarChar, 255);
			sqlParam.Value = username;
			try
			{
				conn.Open();
				SqlDataReader reader = cmd.ExecuteReader();
				reader.Read();
				string dbPasswordHash = reader.GetString(0);
				string salt = reader.GetString(1);
				reader.Close();

				// Generate hashed password from inputed password and salt
				string hashedPasswordAndSalt = Account.CreatePasswordHash(password, salt);

				// Check the hashed password and salt against the value in DB
				passwordMatch = hashedPasswordAndSalt.Equals(dbPasswordHash);
			}
			catch (Exception ex)
			{
				throw;
			}
			finally
			{
				conn.Close();
			}
			return passwordMatch;
		} // CheckPassword()



I'm not sure what's worse, that a professional development company has people who think this is how you use exceptions, or that my company actually paid money for this code Unsure | :~
I love the way they put database errors in the message to the user, and identify which they got wrong, the username or the password.Mad | :mad:

modified on Wednesday, July 8, 2009 12:55 PM

GeneralRe: how not to check a login Pin
0x3c08-Jul-09 7:46
0x3c08-Jul-09 7:46 
GeneralRe: how not to check a login Pin
icewolf_snowfire8-Jul-09 8:35
icewolf_snowfire8-Jul-09 8:35 
GeneralRe: how not to check a login Pin
Lutosław8-Jul-09 13:39
Lutosław8-Jul-09 13:39 
GeneralRe: how not to check a login Pin
icewolf_snowfire8-Jul-09 16:41
icewolf_snowfire8-Jul-09 16:41 
GeneralRe: how not to check a login Pin
Lutosław9-Jul-09 5:04
Lutosław9-Jul-09 5:04 
GeneralRe: how not to check a login Pin
leppie12-Jul-09 3:15
leppie12-Jul-09 3:15 
GeneralRe: how not to check a login Pin
icewolf_snowfire14-Jul-09 10:32
icewolf_snowfire14-Jul-09 10:32 
GeneralRe: how not to check a login Pin
Lutosław17-Jul-09 11:06
Lutosław17-Jul-09 11:06 
GeneralRe: how not to check a login Pin
MarkB77716-Jul-09 21:20
MarkB77716-Jul-09 21:20 
GeneralRe: how not to check a login Pin
supercat98-Jul-09 14:19
supercat98-Jul-09 14:19 
GeneralRe: how not to check a login Pin
Russell Jones13-Jul-09 6:03
Russell Jones13-Jul-09 6:03 
GeneralRe: how not to check a login Pin
supercat914-Jul-09 6:45
supercat914-Jul-09 6:45 
GeneralRe: how not to check a login Pin
Jammer13-Jul-09 7:34
Jammer13-Jul-09 7:34 
GeneralRe: how not to check a login Pin
PaPaSEK13-Jul-09 20:12
PaPaSEK13-Jul-09 20:12 
GeneralRe: how not to check a login Pin
Tristan Rhodes16-Jul-09 2:58
Tristan Rhodes16-Jul-09 2:58 
GeneralRe: how not to check a login Pin
Vozzie25-Aug-09 4:35
Vozzie25-Aug-09 4:35 
GeneralWell verified code Pin
Paulo Zemek7-Jul-09 11:09
mvaPaulo Zemek7-Jul-09 11:09 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.