Implementing code for username recovery

.NET
1

Hi,

I have the following code where i enable the user to insert their password to retrieve their username.


    protected void Button2_Click(object sender, EventArgs e)
    {
        Label1.Text = "";

        SqlConnection conn;
        SqlCommand cmd;
        SqlDataReader myReader;

        string cmdString = "SELECT [password] FROM hussaini_users WHERE [password] = @password";

        conn = new SqlConnection("Data Source=SQLB23.webcontrolcenter.com;User ID=wbsd;Password=*****");
        cmd = new SqlCommand(cmdString, conn);

        cmd.Parameters.Add("@password", SqlDbType.Char).Value = TextBox2.Text;

        conn.Open();
        myReader = cmd.ExecuteReader();

        if (myReader.Read())
        {
            if (myReader["password"].ToString() == TextBox2.Text)
            {

                Label2.Text = "**EXISTS";

            }
            else
            {
                Label2.Text = "**DOES NOT EXIST";
            }

        }
    }

But nothing happens, it doesnt work. I want it to do the check and then do something. I am just testing with a label for the time being.

But why does this not work?

Regards
Billy

2

It does not work coz ur query is wrong:

SELECT [password] FROM hussaini_users WHERE [password] = @password

U select password where password = password. U want to select username.

But y would you do something like that? What if more than one user has the same password? I can just make up a password and get a username

3

Thats true actually. Well i will be implementing the password recovery.

When users register to the site they also provide their security question and answer as i am encrypting the passwords using md5…

So the logic for this would be to select the answer from the database and if it matches the database then i can take users to a page where they reset their password?

This is my code:-


    protected void Button1_Click(object sender, EventArgs e)
    {
        Label1.Text = "";

        SqlConnection conn;
        SqlCommand cmd;
        SqlDataReader myReader;

        string cmdString = "SELECT [answer] FROM hussaini_users WHERE [answer] = @answer";

        conn = new SqlConnection("Data Source=SQLB23.webcontrolcenter.com;User ID=wbsd;Password=******");
        cmd = new SqlCommand(cmdString, conn);

        cmd.Parameters.Add("@answer", SqlDbType.Char).Value = TextBox1.Text;

        conn.Open();
        myReader = cmd.ExecuteReader();

        if (myReader.Read())
        {
            if (myReader["answer"].ToString() == TextBox1.Text)
            {

                Label1.Text = "**EXISTS";

            }
            else
            {
                Label1.Text = "**DOES NOT EXIST";
            }

        }
    }

This does not work either, no error message nothing. Am i doing something wrong?

Regards

4

Its hard to say, but if nothing is happening I assume the query is returning nothing. Put an else of the if(myReader.Read()) { }. Set the label to no data or something. Then the next step would be to set a break point and see what exactly the query is executing to make sure its right

5

Man, I am stumped. The only thing that could trigger the problem is this:


cmd.Parameters.Add("@answer", SqlDbType.Char).Value = TextBox1.Text;

To:


cmd.Parameters.AddWithValue("@answer", TextBox1.Text);

It could be a connection problem, then again, it’s a guess…,

EDIT: Also this might help solve the problem:



myReader["answer"].ToString().Trim()
6

Why are you reinventing the wheel?