Hi,
I am brand new to programming and I need someones help. I am trying to create a user login page and I am totally lost. I want the user to be able to enter their username and password into textboxes and have their information checked in SQL server. I created a table called user that stores the information. I then need it to verify if they are in the system and either grant access to the application or prompt the user that the username or password is invalid and ask them to enter it again. Can someone please help me I really need it.
Hi,
Following code will solve your problem.
This page two textbox (txtUserId and txtPassword) and submit button.
And on click of button its checking user password with password stored in database.
After that just checking whether password is correct or not and depends on result it transfer to next page.
Private Sub Butt_Submit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Butt_Submit.Click
Dim MyConnection As SqlConnection
Dim MyCommand As SqlDataAdapter
Dim DS1 As DataSet
Dim LoginQuery As String
Dim UserId, UserPassword, UserCode, UserDesg
Dim I
MyConnection = NewSqlConnection(ConfigurationSettings.AppSettings("ConnectionString"))
LoginQuery = "select * from user_master where " _
& " user_name = '" + txtUserId.Value + "' "
'Response.Write(LoginQuery)
MyCommand = New SqlDataAdapter(LoginQuery, MyConnection)
DS1 = New DataSet
MyCommand.Fill(DS1, "LoginCheck")
MyConnection.Close()
For I = 0 To DS1.Tables("LoginCheck").Rows.Count - 1
UserId = DS1.Tables("LoginCheck").Rows(I).Item("USER_NAME")
UserPassword = DS1.Tables("LoginCheck").Rows(I).Item("USER_PAWD")
UserCode = DS1.Tables("LoginCheck").Rows(I).Item("USER_CODE")
UserDesg = DS1.Tables("LoginCheck").Rows(I).Item("USER_DESG")
Next
If UserId = Trim(txtUserId.Value) And UserPassword = Trim(txtPassword.Value) Then
If (Page.IsValid) Then
Session("UserCode") = UserCode
Session("UserName") = UserId
Session("UserDesg") = UserDesg
Server.Transfer("NewHome2.aspx")
End If
Else
Label1.Text = "InValid Login, Try Again"
End If
End Sub
Hope your problem will solved from above thing.
Bye
Amit Thakur
thakur_amit wrote:
Hi,
Following code will solve your problem.
This page two textbox (txtUserId and txtPassword) and submit button.
And on click of button its checking user password with password stored in database.After that just checking whether password is correct or not and depends on result it transfer to next page.
Private Sub Butt_Submit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Butt_Submit.Click
Dim MyConnection As SqlConnection
Dim MyCommand As SqlDataAdapter
Dim DS1 As DataSet
Dim LoginQuery As String
Dim UserId, UserPassword, UserCode, UserDesg
Dim IMyConnection = New SqlConnection(ConfigurationSettings.AppSettings("ConnectionString"))
LoginQuery = "select * from user_master where " _
& " user_name = '" + txtUserId.Value + "' "
'Response.Write(LoginQuery)MyCommand = New SqlDataAdapter(LoginQuery, MyConnection)
DS1 = New DataSetMyCommand.Fill(DS1, "LoginCheck")
MyConnection.Close()
For I = 0 To DS1.Tables("LoginCheck").Rows.Count - 1
UserId = DS1.Tables("LoginCheck").Rows(I).Item("USER_NAME")
UserPassword = DS1.Tables("LoginCheck").Rows(I).Item("USER_PAWD")
UserCode = DS1.Tables("LoginCheck").Rows(I).Item("USER_CODE")
UserDesg = DS1.Tables("LoginCheck").Rows(I).Item("USER_DESG")
NextIf UserId = Trim(txtUserId.Value) And UserPassword = Trim(txtPassword.Value) Then
If (Page.IsValid) Then
Session("UserCode") = UserCode
Session("UserName") = UserId
Session("UserDesg") = UserDesgServer.Transfer("NewHome2.aspx")
End If
Else
Label1.Text = "InValid Login, Try Again"
End IfEnd Sub
Hope your problem will solved from above thing.
Bye
Amit Thakur
I would use inline parameters as the code you have above is an easy victim to SQL injection. Also, why did you use a DataSet where a SqlDataReader will do?
Hello,
Yes That correct , we can use datareader insteaded of using datareader.
But can you explain aboutvictim to SQL injection.
So i can also avoid using above mention way.
Bye
Amit
One of the easiest SQL injection attacks you could perform on that piece of code is to use' or 'a'='a'-- as the username and password and there is a 99.9% chance that you'll get logged into the application. That is one example of a SQL injection attack. But it can get worse. SQL injection can go as far as executing database commands such as extended stored procedures and SQL queries that can do real damage. So, that is why it is important to take preventive measures.
Below is the above code with inline parameters:
Private Sub Butt_Submit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Butt_Submit.Click
Dim MyConnection As SqlConnection
Dim MyCommand As SqlDataAdapter
Dim DS1 As DataSet
Dim LoginQuery As String
Dim UserId, UserPassword, UserCode, UserDesg
Dim I
MyConnection = New SqlConnection(ConfigurationSettings.AppSettings("ConnectionString"))
LoginQuery = "select * from user_master where user_name = @.Username"
'Response.Write(LoginQuery)
Dim sqlCommand As New SqlCommand(LoginQuery, MyConnection)
sqlCommand.Parameters.Add(New SqlParameter("@.Username", txtUserId.Value))
MyCommand = New SqlDataAdapter(sqlCommand)
DS1 = New DataSet
MyCommand.Fill(DS1, "LoginCheck")
MyConnection.Close()
For I = 0 To DS1.Tables("LoginCheck").Rows.Count - 1
UserId = DS1.Tables("LoginCheck").Rows(I).Item("USER_NAME")
UserPassword = DS1.Tables("LoginCheck").Rows(I).Item("USER_PAWD")
UserCode = DS1.Tables("LoginCheck").Rows(I).Item("USER_CODE")
UserDesg = DS1.Tables("LoginCheck").Rows(I).Item("USER_DESG")
Next
If UserId = Trim(txtUserId.Value) And UserPassword = Trim(txtPassword.Value) Then
If (Page.IsValid) Then
Session("UserCode") = UserCode
Session("UserName") = UserId
Session("UserDesg") = UserDesg
Server.Transfer("NewHome2.aspx")
End If
Else
Label1.Text = "InValid Login, Try Again"
End If
End Sub
0 comments:
Post a Comment