My code below logs users in and captures the the time loggedin. in MS Access database Please help me to modify the code to as well verify the users password registered in the Admin table. At the moment it accepts any password.
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//Write cookie directly to collection.
Response.Cookies["UserName"].Value = Login1.UserName.ToString();
//Read a cookie value directly, encoding it for safety.
if (Request.Cookies["UserName"] != null)
{
Label1.Text = Server.HtmlEncode(Request.Cookies["UserName"].Value);
}
string connectionString = ConfigurationManager.ConnectionStrings["TrainingWebConnectionString"].ConnectionString;
string checkOleDb = "select * from Admin where UserName='" + Login1.UserName.ToString() + "' and password='" + Login1.Password.ToString() + "'";
using (OleDbConnection myconnection = new OleDbConnection(connectionString))
{
DataSet ds = new DataSet();
OleDbDataAdapter da = new OleDbDataAdapter();
OleDbCommand myCommand = new OleDbCommand(checkOleDb, myconnection);
myCommand.CommandText = "UPDATE [Admin] SET [LastLoggedIn] = @DateTime WHERE [UserName] = @UserName And [Password] = @Password";
myCommand.Parameters.Add("@DateTime", DateTime.Now.ToString());
myCommand.Parameters.Add("@UserName", Login1.UserName);
myCommand.Parameters.Add("@Password", Login1.Password);
myconnection.Open();
myCommand.ExecuteNonQuery();
myconnection.Close();
Response.Redirect("http://localhost/myhomeportal/subfr_index.aspx");
{
}
}
}
}
string checkOleDb
="select * from Admin where UserName='"+Login1.UserName.ToString()+"' and password='"+Login1.Password.ToString()+"'";
Here you set the sql to check if the user is logged in. You should use parameters instead of adding the text to the sql string directly to protect your self against sql injection
If I got you right, I have modified my code to as below, but still accepts any password. Did I get your instructions right?
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//Write cookie directly to collection.
Response.Cookies["UserName"].Value = Login1.UserName.ToString();
//Read a cookie value directly, encoding it for safety.
if (Request.Cookies["UserName"] != null)
{
Label1.Text = Server.HtmlEncode(Request.Cookies["UserName"].Value);
}
string connectionString = ConfigurationManager.ConnectionStrings["TrainingWebConnectionString"].ConnectionString;
string checkOleDb = "select * from Admin where UserName='" + Login1.UserName.ToString() + "' and password='" + Login1.Password.ToString() + "'";
using (OleDbConnection myconnection = new OleDbConnection(connectionString))
{
DataSet ds = new DataSet();
OleDbDataAdapter da = new OleDbDataAdapter();
OleDbCommand myCommand = new OleDbCommand(checkOleDb, myconnection);
myCommand.CommandText = "UPDATE [Admin] SET [LastLoggedIn] = @DateTime WHERE [UserName] = @UserName And [Password] = @Password";
myCommand.Parameters.Add("@DateTime", DateTime.Now.ToString());
myCommand.Parameters.Add("@UserName", Login1.UserName);
myCommand.Parameters.Add("@Password", Login1.Password);
myconnection.Open();
myCommand.ExecuteNonQuery();
myconnection.Close();
Response.Redirect("http://localhost/myhomeportal/subfr_index.aspx");
{
}
}
}
}
string checkOleDb = "select Count(UserName) from Admin where UserName='" + Login1.UserName.ToString() + "' and password='" + Login1.Password.ToString() + "'";
using (OleDbConnection myconnection = new OleDbConnection(connectionString))
{
DataSet ds = new DataSet();
OleDbDataAdapter da = new OleDbDataAdapter();
OleDbCommand myCommand = new OleDbCommand(checkOleDb, myconnection);
myconnection.Open();
string result = myCommand.ExecuteScalar().toString();
if(result=="1"){ myCommand.CommandText="UPDATE [Admin] SET [LastLoggedIn] = @DateTime WHERE [UserName] = @UserName And [Password] = @Password"; myCommand.Parameters.Add("@DateTime",DateTime.Now.ToString()); myCommand.Parameters.Add("@UserName",Login1.UserName); myCommand.Parameters.Add("@Password",Login1.Password);
asante_za
Member
16 Points
113 Posts
Modify Login to verify password
Mar 10, 2012 07:47 PM|LINK
My code below logs users in and captures the the time loggedin. in MS Access database Please help me to modify the code to as well verify the users password registered in the Admin table. At the moment it accepts any password.
using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.Data.OleDb; public partial class Login : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { //Write cookie directly to collection. Response.Cookies["UserName"].Value = Login1.UserName.ToString(); //Read a cookie value directly, encoding it for safety. if (Request.Cookies["UserName"] != null) { Label1.Text = Server.HtmlEncode(Request.Cookies["UserName"].Value); } string connectionString = ConfigurationManager.ConnectionStrings["TrainingWebConnectionString"].ConnectionString; string checkOleDb = "select * from Admin where UserName='" + Login1.UserName.ToString() + "' and password='" + Login1.Password.ToString() + "'"; using (OleDbConnection myconnection = new OleDbConnection(connectionString)) { DataSet ds = new DataSet(); OleDbDataAdapter da = new OleDbDataAdapter(); OleDbCommand myCommand = new OleDbCommand(checkOleDb, myconnection); myCommand.CommandText = "UPDATE [Admin] SET [LastLoggedIn] = @DateTime WHERE [UserName] = @UserName And [Password] = @Password"; myCommand.Parameters.Add("@DateTime", DateTime.Now.ToString()); myCommand.Parameters.Add("@UserName", Login1.UserName); myCommand.Parameters.Add("@Password", Login1.Password); myconnection.Open(); myCommand.ExecuteNonQuery(); myconnection.Close(); Response.Redirect("http://localhost/myhomeportal/subfr_index.aspx"); { } } } }Ken Tucker
All-Star
16797 Points
2608 Posts
MVP
Re: Modify Login to verify password
Mar 10, 2012 10:58 PM|LINK
Here you set the sql to check if the user is logged in. You should use parameters instead of adding the text to the sql string directly to protect your self against sql injection
Here you create the command to check the if the user is logged in.
Then you change the command text to update the last login time.
You should execute the sql statement to make sure the user is logged in before you update the user last log in time
Space Coast .Net User Group
asante_za
Member
16 Points
113 Posts
Re: Modify Login to verify password
Mar 11, 2012 04:24 AM|LINK
Hi Ken
If I got you right, I have modified my code to as below, but still accepts any password. Did I get your instructions right?
using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.Data.OleDb; public partial class Login : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { //Write cookie directly to collection. Response.Cookies["UserName"].Value = Login1.UserName.ToString(); //Read a cookie value directly, encoding it for safety. if (Request.Cookies["UserName"] != null) { Label1.Text = Server.HtmlEncode(Request.Cookies["UserName"].Value); } string connectionString = ConfigurationManager.ConnectionStrings["TrainingWebConnectionString"].ConnectionString; string checkOleDb = "select * from Admin where UserName='" + Login1.UserName.ToString() + "' and password='" + Login1.Password.ToString() + "'"; using (OleDbConnection myconnection = new OleDbConnection(connectionString)) { DataSet ds = new DataSet(); OleDbDataAdapter da = new OleDbDataAdapter(); OleDbCommand myCommand = new OleDbCommand(checkOleDb, myconnection); myCommand.CommandText = "UPDATE [Admin] SET [LastLoggedIn] = @DateTime WHERE [UserName] = @UserName And [Password] = @Password"; myCommand.Parameters.Add("@DateTime", DateTime.Now.ToString()); myCommand.Parameters.Add("@UserName", Login1.UserName); myCommand.Parameters.Add("@Password", Login1.Password); myconnection.Open(); myCommand.ExecuteNonQuery(); myconnection.Close(); Response.Redirect("http://localhost/myhomeportal/subfr_index.aspx"); { } } } }Ken Tucker
All-Star
16797 Points
2608 Posts
MVP
Re: Modify Login to verify password
Mar 11, 2012 02:22 PM|LINK
string checkOleDb = "select Count(UserName) from Admin where UserName='" + Login1.UserName.ToString() + "' and password='" + Login1.Password.ToString() + "'"; using (OleDbConnection myconnection = new OleDbConnection(connectionString)) { DataSet ds = new DataSet(); OleDbDataAdapter da = new OleDbDataAdapter(); OleDbCommand myCommand = new OleDbCommand(checkOleDb, myconnection);string result = myCommand.ExecuteScalar().toString();}You should modify the sql statement for the password check to use parameters to limit the possibility of sql injection.Space Coast .Net User Group
asante_za
Member
16 Points
113 Posts
Re: Modify Login to verify password
Mar 11, 2012 04:47 PM|LINK
Hi Ken
Thank you very, very much. It now work perfectly!
Regards
James Asante