Password recovery

billy_111 · January 28, 2010, 2:09am

Hi,

I have the following code. I simply want to select the security question and answer from the DB and do something if the result is true.

This is my code:-

    protected void Button1_Click(object sender, EventArgs e)
    {
        Label1.Text = "";

        SqlConnection conn;
        SqlCommand cmd;
        SqlDataReader myReader;

        string cmdString = "SELECT [question], [answer] FROM hussaini_users WHERE [question] = @question AND [answer] = @answer";

        conn = new SqlConnection("Data Source=SQLB23.webcontrolcenter.com;User ID=wbsd;Password=*****");
        cmd = new SqlCommand(cmdString, conn);

        cmd.Parameters.Add("@question", SqlDbType.Char).Value = DropDownList2.SelectedValue;
        cmd.Parameters.Add("@answer", SqlDbType.Char).Value = FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox1.Text, "MD5");

        conn.Open();
        myReader = cmd.ExecuteReader();

        if (myReader.Read())
        {
            if (DropDownList2.SelectedValue == myReader["question"].ToString() && TextBox1.Text == myReader["answer"].ToString())
            {
                Label1.Text = "**EXISTS";
            }
        }
        else
        {
            Label1.Text = "Invalid User Credentials";
        }

        myReader.Close();
        conn.Close();
    }

This code always returns the result of “Invalid User Credentials”, so this means it does not recognize the values from the DB. When i put something in that SHOULD match i still get the same. I dont get an error message but the logic here is to select security question and answer where the question is equal to the dropdown box and the answer is equal to the textbox. If there is a match then do something…

But this does not work…

You can see what i mean here:-

http://csesalford.com/hussainwd9/forgot-details.aspx

If you select “What street did you grow up in?” from the dropdown and then put in “deeplish” in the security answer, the result should be “**EXISTS”.

Can anybody help me with this?

Regards
Billy

NightStalker · January 28, 2010, 4:52am

set a break point and step through your code and make sure the values of all those parameters are correct.

Another thing is you should be able to leave out your if in the read() as you are already checking all that in the where clause of your query.

Are you encrypting the answer into the db?

What is your db structure?

You also might wana use the .trim() method to make sure there are no extra whitespaces to worry about

Jason__C · January 28, 2010, 11:05am

Might need to be converted to this:


if ((DropDownList2.SelectedValue == myReader["question"].ToString().Trim()) && (TextBox1.Text == myReader["answer"].ToString().Trim()))
             
{                 
Label1.Text = "**EXISTS";             
}

Nightstalker was correct about the “.Trim()”, also the structure of the “if” could have been the problem.

billy_111 · January 28, 2010, 11:08am

Hey,

I was actually encrypting it but i’ve taken it out for now.

It works not though thanks to your suggestions

Regards
Billy

Jason__C · January 28, 2010, 11:17am

I’m kinda lurking around the forums right now, also in the same boat! I’m learning as i’m going, enjoying every moment of it. Good luck with your project, you seem to be making strides! .NET is a mans game. lol.

billy_111 · January 28, 2010, 11:52am

Hey Thanks!

The problem im having is i constantly have to code in PHP and .NET and its hard changing again and again!

But thats what us programmers do eh.

This forum is about as good as it will get.

Regards
Billy

Topic		Replies	Views
Implementing code for username recovery .NET	5	701	January 28, 2010
Search facility enhancements .NET	2	418	January 29, 2010
Login code problem .NET	2	417	July 14, 2010
Login form help .NET	1	582	May 28, 2011
Run a SELECT query THEN an INSERT if it returns FALSE .NET	9	1003	January 25, 2011

Password recovery

Related topics