I'm very new to web development and recently started a personal
project using ASP.NET with VBScript.
I'm now working on a Login Page for a Database in SQL Server 2000.
However, Can't seem to get it working correctly.
I've used bits and pieces of codes and examples here and there,
but still can't really make any heads or tails of the usage. I've include
the web.config and my DDPLogin.aspx code below.
Please dun ask me to read here and there coz been reading for the past
week... unless there's a good example somewhere which actually show
coding for SQL database access for userID and password checking.
(Think thats where I might have gone wrong)
Hope someone can enlighten me. Thanx.
<configuration
<!-- enable forms authentication -->
<system.web>
<authentication mode="Forms">
<forms name="DDP" loginUrl="DDPlogin.aspx" />
</authentication>
</system.web
<!-- set secure page to reject anonymous users -->
<location path="login-protected.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location
</configuration
<%@dotnet.itags.org. Page Language="VB" %>
<%@dotnet.itags.org. Import Namespace="System.Data" %>
<%@dotnet.itags.org. Import Namespace="System.Data.SqlClient" %
<script language="vb" runat="server">
Sub ResetOnClick(Src As Object, E As EventArgs)
username.Text = " "
password.Text = " "
End Sub
Sub LoginOnClick(Src As Object, E As EventArgs)
Dim strConnas String
Dim ObjReader1as SqlDataReader
Dim ObjReader2as SqlDataReader
strConn = "Data Source=DTP34;Initial Catalog=DDP;User Id=sa;Pwd=sa;"
Dim strSQL1as string
Dim strSQL2as String
strSQL1 = "SELECT userID From Users"
strSQL1 = "SELECT password From Users"
Dim objConnas new SqlConnection(strConn)
Dim objCmd1as new SqlCommand(strSQL1,objConn)
Dim objCmd2as new SqlCommand(strSQL2,objConn)
ObjConn.Open()
objCmd1.CommandText = "SELECT userID From Users"
ObjReader1 = objCmd1.ExecuteReader
ObjConn.Close()
ObjConn.Open()
objCmd2.CommandText = "SELECT password From Users"
ObjReader2 = objCmd2.ExecuteReader
ObjConn.Close()
If username.Text is ObjReader1 And password.Text is ObjReader2
FormsAuthentication.RedirectFromLoginPage(username.Text, True)
Else
lblInvalid.Text = "Sorry... try again..."
End If
End Sub
</script
<HTML>
<HEAD>
<TITLE>DDP Online Management System Login Page</TITLE>
</HEAD>
<BODY bgcolor="silver">
<P align="left"><FONT face="Century Gothic"><LABEL>DDP Online Management System</LABEL></FONT></P>
<P align="left"><FONT face="Century Gothic"><LABEL></LABEL></FONT> Please
enter your username and password to begin the session.</P
<p><asp:Label id="lblInvalid" runat="server" /></p
<form action="login-protected.aspx" id="mainLogin" name="mainLogin" runat="server">
<P align="left"><FONT face="Century Gothic"><LABEL>Username:
<asp:textbox id="username" style="HEIGHT: 22px; TOP: 92px; WIDTH: 103px" maxlength="9" runat="server"/></LABEL></FONT></P
<P align="left"><FONT face="Century Gothic"><LABEL>Password:
<asp:textbox id="password" TextMode="password" style="HEIGHT: 22px; WIDTH: 105px" maxlength="18" runat="server"/></LABEL></FONT></P
<P align="left"
<asp:button id="submit1" OnClick="LoginOnClick" style="HEIGHT: 24px; WIDTH: 64px" text="Login" runat="server"/
<asp:button id="reset1" OnClick="ResetOnClick" style="HEIGHT: 24px; WIDTH: 62px" text="Reset" runat="server"/>
</P>
</form>
</BODY>
</HTML>Here is a link to a book that has exactly the kind of information you are looking for.
Your problem is you are looking for userID and password in two seperate queries. You can request 2 fields in a query, like:
objCmd1.CommandText = "SELECT userID,password From Users WHERE UserID='" & Username.text & "' AND [Password]='" & password.text & "' "
Then, test for objCmd1.Read() - if it returns True, then that username and password is in the db, otherwise it is not.
This is not a good idea doing it exactly this way: You should not save a password in cleartext, it should be hashed, and you should use parameters for the SQL query (beyond the scope of this reply, but explained in the book referenced above, as well as many other good books).
Try this code:
Sub LoginOnClick(Src As Object, E As EventArgs)
Dim strConn as String
Dim ObjReader as SqlDataReaderstrConn = "Data Source=DTP34;Initial Catalog=DDP;User Id=sa;Pwd=sa;"
Dim strSQL1 as string
strSQL = "SELECT [userID] FROM [Users] WHERE [username]=" & username.text & " AND [password]=" & password.textObjConn.Open()
Dim objConn as new SqlConnection(strConn)
Dim objCmd as new SqlCommand(strSQL,objConn)
ObjReader = objCmd.ExecuteReaderIf ObjReader.Read = True
FormsAuthentication.RedirectFromLoginPage(username.Text, True)
Else
lblInvalid.Text = "Sorry... try again..."
End If''**** Clean up your objects ************
ObjReader.Close()
ObjReader = Nothing
ObjCmd.Dispose()
ObjCmd = Nothing
ObjConn.Close()
ObjConn.Dispose()
ObjConn = Nothing
''***************************************End Sub
</script
HTH
Wes
Thanx!!!
Finally got progress... should have come here sooner!!!
Now I'm trying to reaped some data from my query which I change to:
objCmd.CommandText = "SELECT userID,name,password,LevelOfAccess From Users WHERE userID='" & username.text & "' AND password='" & password.text & "' "
There's extra two parameters I'm getting. I actually want to extract that out
and store it in a Session. My code is below:
ObjReader = objCmd.ExecuteReader
IF ObjReader.read() THEN
Dim name,accessAs String
Dim namePos As Integer = objReader.getordinal("name")
Dim accessPos As Integer = objReader.getordinal("LevelOfAccess")
name = objReader.getvalue(namePos)
access = objReader.getvalue(accessPos)
Session("User") = name
Session("Access") = access
FormsAuthentication.RedirectFromLoginPage(username.Text, True)
ELSE
lblInvalid.Text = "No such user. Please try again..."
End If
I got the getordinal idea from a website... link below.
http://www.aspfriends.com/freebook/learn/datareader.aspx
Besides the getordinal, I also tried using objReader.getvalue(number) and
objReader.item(number).
I intend to use the Session("User") and Session("Access") in the subsequent pages
but when I try to display, there nothing displayed for all triesmention above. I can
only assume that what I'm extracting is blank and so the display is... blank,
obviously! :)
Btw, I use <% =Session("User") %> to display. I believe this is correct.
The question is, Where did I went Wrong?
If you can, debug the application.
If you can't, use
Response.Write("Name=" & name & " AND " & Session("User").ToString())
Response.Write("Access=" & access & " AND " & Session("Access").ToString())
right after you set the session variables, and see what is there.
Okie... the data was captured but it got lost coz in the directed page
upon a successful login, I added this code to test:
'Check if any login attempt was made
IF Session("User") = "" THEN
'If no, then throw back to Login page
Response.Redirect("DDPLogin.aspx")
END IF
'Check access level for user and redirect accordingly
IF Session("Access")= 1
Response.Redirect("StudentMain.aspx")
ELSE
Response.Redirect("LoanComponent.aspx")
END IF
At the first IF, it straights away redirect to the Login page so the field is
blank. I'm currently debuggin it now. Any ideas what could be wrong?
Does it have anything to do with web.config or global.asax file?
Okie, found the problem.
Obviously, I needed to enable cookies for the data to be stored and used
in other pages. Article below enlightened me on that part.
"But what if the user doesn't have cookies enabled? Session variables can still be used, but there will be no way for the user to store the SessionID as he jumps from page to page. Hence, the session variables will not be saved for the user who has cookies disabled. However, session variables that are created and referenced on the same page will work fine. For example, the following script will output "Hello, World" regardless of whether or not the user has cookies enabled."
http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=30
Okie...gonna have a break. Thanks for all the help here guys!!!
I'll be back to ask more later. :)
0 comments:
Post a Comment