Login code problem

billy_111 · July 7, 2010, 3:41pm

Hey,

I have the following code for a login script:


protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection conn;
        SqlCommand cmd;
        SqlDataReader myReader;

        conn = new SqlConnection("...");

        string cmdString = "SELECT [user_id], [username], [password], [type] FROM tbl_admin WHERE" +
            "(([username] = @username AND [password] = @password))";

        cmd = new SqlCommand(cmdString, conn);

        cmd.Parameters.Add("@username", SqlDbType.Char).Value = txt_username.Text;
        cmd.Parameters.Add("@password", SqlDbType.Char).Value = txt_password.Text; 

        conn.Open();
        myReader = cmd.ExecuteReader();

        if (myReader.HasRows)
        {
            while (myReader.Read())
            {
                if (myReader["type"] == "1")
                {
                    Session.Timeout = 15;
                    Session["user_id"] = myReader["user_id"].ToString();
                    Session["admin"] = myReader["username"].ToString();
                    Response.Redirect("admin.aspx");
                }
                else if (myReader["type"] == "2")
                {
                    Session.Timeout = 15;
                    Session["MANAGER_ID"] = myReader["user_id"].ToString();
                    Session["MANAGER"] = myReader["username"].ToString();
                    Response.Redirect("admin.aspx");
                }
            }
        }
        else
        {
            Label1.Text = "Invalid User Credentials";
        }

        myReader.Close();

    }

But it doesn’t do the check, i don’t get any errors but is this the correct method to check if the type row equals 1 or 2?

Can anyone help?

wwb_99 · July 7, 2010, 4:49pm

Why are you implementing your own login when there is the quite mature SqlMembershipProvider to use?

There is so much wrong with this I won’t even take a stab at your question.

webcosmo · July 14, 2010, 7:07am

i would guess type column value is not 1 or 2.
why dont you check whats the value you getting for it.

also you should use a default case when type is not 1 or 2 but login id/password correct.

Topic		Replies	Views
Login form help .NET	1	582	May 28, 2011
Implementing code for username recovery .NET	5	699	January 28, 2010
Password recovery .NET	5	644	January 28, 2010
Search facility enhancements .NET	2	415	January 29, 2010
How to login by using info from database table? PHP	8	1985	January 12, 2018

Login code problem

Related topics