I've created a login page that connects to a sql db for username and password. Unfortunately regardless of what the user enters it always grants access. Can anyone please help? Below is the code for the method (AuthenticateUser) and the button click event:
privatebool AuthenticateUser(string user,string pwd)
{
bool isAuthenticated =false;
SqlConnection myConnection =new SqlConnection (ConfigurationSettings.AppSettings["connectionString"].ToString());
SqlCommand cmdAuthenticate =new SqlCommand ("verifyUser",myConnection);
cmdAuthenticate.CommandType = CommandType.StoredProcedure;
SqlParameter parUser =new SqlParameter ("@dotnet.itags.org.UserName",SqlDbType.NVarChar);
parUser.Value = user;
cmdAuthenticate.Parameters.Add(parUser);
SqlParameter parUserPassword =new SqlParameter ("@dotnet.itags.org.UserPassword",SqlDbType.NVarChar);
parUserPassword.Value = pwd;
cmdAuthenticate.Parameters.Add(parUserPassword);
SqlDataReader dr;
try
{
myConnection.Open();
dr = cmdAuthenticate.ExecuteReader();
if(dr.HasRows)
{
isAuthenticated=true;
}
else
{
isAuthenticated=false;
}
dr.Close();
}
catch(SqlException exception)
{
this.lblError.Text = (exception.Message);
}
finally
{
myConnection.Close();
cmdAuthenticate.Dispose();
}
return isAuthenticated;
}
privatevoid btnLogIn_Click(object sender, System.EventArgs e)
{
bool b = AuthenticateUser(txtUserName.Text,txtPassword.Text);
if (b=true)
{
Response.Redirect("WebForm1.aspx");
}
else
{
this.lblError.Text = "Invalid details";
this.txtUserName.Text="";
this.txtPassword.Text="";
}
}
In this line you are using an assignment operator instead of an equality operator:if (b=true)
Try it like this:
if (b)or like this:
if (b==true)
When I change it to if (b) or if (b==true) it always denies access even though the username and password is correct.
My Fault! Used a slightly different name when referencing the stored procedure - all sorted now!
Many thanks,
James
0 comments:
Post a Comment