Last post Oct 30, 2013 03:18 AM by GuyB_Downunder
Oct 30, 2013 02:08 AM|GuyB_Downunder|LINK
I'm sure this should be a really easy thing to do, but I am just not getting the results I would expect.
Consider a basic log in process where a user enters a password and from their username I load the saved password from an SQL database. To compare the two I should be able to simple do a If statement can't I? If one equals the other, password is correct,
if it doesn't then the user isn't logged in. The problem is, I have confirmed that the values I am comparing pretty much make no difference, the user is processes as being logged on. Its really simple code:
myReader("password") is the password extracted from the SQL database
login_password.Text is the value in the form of the users entered password
I have added the .ToString.ToLower only to try everything to simply the comparison. It doesn't work without them either. I have also tried using a StrComp function comparison as well however I get the same results. I can see the values are the same when
I added them to some screen output. Oddly, when I use watch variables, the values appear as "value1" in one case, and "value2 in the other (missing the trailing "). However these " are never displayed in any output so I am not sure if that is a qwerk in
Studio Web 2013 Express.
Here is the If statement
If myReader("password").ToString.ToLower = login_password.Text.ToString.ToLower Then
Session("Username") = myReader("email").ToString.ToLower & " " & myReader("password").ToString.ToLower & " " & login_password.Text.ToString.ToLower
Session("LoggedIn") = 1
Session("Username") = "Wrong password"
Session("LoggedIn") = 0
Even if I use the wrong password the If gets processed as a successful comparison, not the else and I end up with:
Logged Username: emailaddress password bpassword
and the Session loggedin variable is set to 1.
I'll be honest, if I had any hair left I'd be pulling it out in chuncks at the moment.
Thanks for any help in advance.
Oct 30, 2013 02:46 AM|smirnov|LINK
- comment that code out and put this instead
Response.Write("db pass=" & myReader("password").ToString())
Response.Write("entered pass=" & login_password.Text)
This should help you to see the values.
- it seems that the problem is not in the IF statement but somewhere else. If you cannot find the issue, please, share the entire method
- best practice is to compare password in the database
instead of doing
select password from mytable where email=@email
select id from mytable where email=@email and password=@password
then in the code check, if sql returned 1 record - success - if not - failure.
Hope this helps.
Oct 30, 2013 03:18 AM|GuyB_Downunder|LINK
Thanks, in working though your suggestions I ended up trying this, which I think is working
") = login_password.Text
sure I had already tried that and it didn't work but now it seems too, man I hate computers sometimes lol