Home
ASP.NET Forums » General ASP.NET » Security » Login Check

Login Check

Last post 05-06-2007 12:01 PM by antoniop. 7 replies.

Sort Posts:

  • Login Check

    05-05-2007, 6:21 PM
    • Member
      21 point Member
    • antoniop
    • Member since 06-02-2006, 1:26 PM
    • Posts 62

    Hello, everybody.  I created a login page where a user enters the e-mail address and password.  I created a stored procedure on a SQL 2005 named VerifyLogin that looks like this:

    ALTER

     PROCEDURE [dbo].[VerifyLogin]

    ( @email varchar(50),

    @password

    varchar(20))

    AS

    SELECT

     isnull(( SELECT DISTINCT 'true'

    FROM

     customers

    WHERE

     ( email = @email AND password = @password)), 'false' ) As Verified

    I am having problems coding the Login button on the Login page to check the user's input.  The code for the button click event looks like this:

    protected

     void btnLogin_Click(object sender, EventArgs e)

    {

    try

    {

    string strConn = Convert.ToString(ConfigurationManager.ConnectionStrings["SQLConnectionString"]);

    SqlConnection conn = new SqlConnection(strConn);

    conn.Open();

     

    SqlCommand cmd = new SqlCommand("VerifyLogin", conn);

    cmd.CommandType =

    CommandType.StoredProcedure;

    cmd.Parameters.AddWithValue(

    "@email", txtEmail.Text);

    cmd.Parameters.AddWithValue(

    "@password", txtPassword.Text);

     

    SqlDataReader objReader = cmd.ExecuteReader(CommandBehavior.SingleRow);

    objReader.Read();

    if(objReader.HasRows)

    {

    lblLoginError.Visible =

    true;

    lblLoginError.Text =

    "Login Successful!";

    //Response.Redirect("~/default.aspx");

    //send to the default page to test

    }

    else

    {

    lblLoginError.Visible =

    true;

    lblLoginError.Text =

    "Login unsuccessful";

    //Response.Redirect("Login.aspx");

    // return false;

    }

    }

    catch(Exception ex)

    {

    Console.Write(ex.ToString());

    // return false;

    }

    }

    What am I missing?

    Thanks

  • Re: Login Check

    05-05-2007, 6:48 PM
    • All-Star
      62,829 point All-Star
    • TATWORTH
    • Member since 02-04-2003, 1:34 PM
    • England
    • Posts 12,265
    • TrustedFriends-MVPs

    Try 

    ALTER PROCEDURE [dbo].[VerifyLogin]
    ( @email    varchar(50),
      @password varchar(20),
      @valid    BIT OUTPUT
    ) AS
    SET @valid = 0
    IF EXISTS(SELECT * FROM customers WHERE email = @email AND password = @password) SET @valid = 1

    and
        protected void btnLogin_Click(object sender, EventArgs e)
        {
          try
          {
            string strConn = Convert.ToString(ConfigurationManager.ConnectionStrings["SQLConnectionString"]);
            SqlConnection conn = new SqlConnection(strConn);
            conn.Open();
            SqlCommand cmd = new SqlCommand("VerifyLogin", conn);
            cmd.CommandType =    CommandType.StoredProcedure;
            cmd.Parameters.AddWithValue("email", txtEmail.Text);
            cmd.Parameters.AddWithValue("password", txtPassword.Text);
            cmd.Parameters.AddWithValue("valid", false);
            cmd.Parameters["@valid"].Direction = ParameterDirection.Output;
            cmd.Connection.Open();
            cmd.ExecuteNonQuery();
            cmd.Connection.Close();
            if (cmd.Parameters["@valid"].Value == true)
            {
              lblLoginError.Visible =      true;
              lblLoginError.Text =     "Login Successful!";
              //Response.Redirect("~/default.aspx");
              //send to the default page to test
            }
            else
            {
              lblLoginError.Visible =    true;
              lblLoginError.Text =     "Login unsuccessful";
              //Response.Redirect("Login.aspx");
            }
          }
          catch (Exception ex)
          {
            Console.Write(ex.ToString());
          }
        }

    In my opinion the result of this sort of single value query should always be returned by an output variable, never a recordset. 

     

    Don't forget to click "Mark as Answer" on the post that helped you.
    This credits that member, earns you a point and marks your thread as Resolved so we will all know you have been helped.

  • Re: Login Check

    05-05-2007, 7:22 PM
    • Member
      21 point Member
    • antoniop
    • Member since 06-02-2006, 1:26 PM
    • Posts 62

    Hi...thank you for your reply.  When I run it, I get a 'cmd.Parameters["@valid"]' threw an exception of type 'System.IndexOutOfRangeException'

    Antonio

  • Re: Login Check

    05-05-2007, 7:24 PM
    • Member
      21 point Member
    • antoniop
    • Member since 06-02-2006, 1:26 PM
    • Posts 62
    Also, {"An SqlParameter with ParameterName '@valid' is not contained by this SqlParameterCollection."}

  • Re: Login Check

    05-06-2007, 12:50 AM
    • All-Star
      62,829 point All-Star
    • TATWORTH
    • Member since 02-04-2003, 1:34 PM
    • England
    • Posts 12,265
    • TrustedFriends-MVPs

    I am on mt VS2003 pc at the moment, however try

        protected void btnLogin_Click(object sender, EventArgs e)
        {
          try
          {
            string strConn = Convert.ToString(ConfigurationManager.ConnectionStrings["SQLConnectionString"]);
            SqlConnection conn = new SqlConnection(strConn);
            conn.Open();
            SqlCommand cmd = new SqlCommand("VerifyLogin", conn);
            cmd.CommandType =    CommandType.StoredProcedure;
            cmd.Parameters.AddWithValue("@email", txtEmail.Text);
            cmd.Parameters.AddWithValue("@password", txtPassword.Text);
            cmd.Parameters.AddWithValue("@valid", false);
            cmd.Parameters["@valid"].Direction = ParameterDirection.Output;
            cmd.Connection.Open();
            cmd.ExecuteNonQuery();
            cmd.Connection.Close();
            if (cmd.Parameters["@valid"].Value == true)
            {
              lblLoginError.Visible =      true;
              lblLoginError.Text =     "Login Successful!";
              //Response.Redirect("~/default.aspx");
              //send to the default page to test
            }
            else
            {
              lblLoginError.Visible =    true;
              lblLoginError.Text =     "Login unsuccessful";
              //Response.Redirect("Login.aspx");
            }
          }
          catch (Exception ex)
          {
            Console.Write(ex.ToString());
          }
        }

    Don't forget to click "Mark as Answer" on the post that helped you.
    This credits that member, earns you a point and marks your thread as Resolved so we will all know you have been helped.

  • Re: Login Check

    05-06-2007, 2:14 AM
    • Member
      21 point Member
    • antoniop
    • Member since 06-02-2006, 1:26 PM
    • Posts 62

    Hi...I did try that and it never hits the successful login, even with the correct e-mail and password.  I think the problem is in the IF statement.  You can't have the .Value == true as it can't explicitly convert an int to a bool value.

    Antonio

  • Re: Login Check

    05-06-2007, 7:31 AM
    Answer
    • All-Star
      62,829 point All-Star
    • TATWORTH
    • Member since 02-04-2003, 1:34 PM
    • England
    • Posts 12,265
    • TrustedFriends-MVPs

    It should be
            if ((bool)cmd.Parameters["@valid"].Value == true)

    I normally use a NullToBoolean function at that point. 

    Don't forget to click "Mark as Answer" on the post that helped you.
    This credits that member, earns you a point and marks your thread as Resolved so we will all know you have been helped.

  • Re: Login Check

    05-06-2007, 12:01 PM
    • Member
      21 point Member
    • antoniop
    • Member since 06-02-2006, 1:26 PM
    • Posts 62

    Thank you!  That did it.

    Antonio
Page 1 of 1 (8 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.