Friday, March 16, 2012

Login Page, Logout after 3 attempts

I am using a datareader to get employees loginid / password. after 3 tries though I would like to lock them out and return them to the forgot pwd window. I'm having issues w/ my loops Please help... Below is my code.

*************************************************
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click

Dim Dr As System.Data.SqlClient.SqlDataReader
Dim user, pwd As String
Dim Count As Integer = 0
user = Me.txtUser.Text
pwd = Me.txtPwd.Text
Session("Username") = user
Session("Password") = pwd
SqlConn.Close()
SqlConn.Open()
Dr = SqlComm.ExecuteReader

While Dr.Read
Session("FirstName") = Dr("DTFName").ToString
Session("LastName") = Dr("DTLName").ToString
If (user = Dr("DTLoginID").ToString And pwd = Dr("DTPassword").ToString) Then
Response.Redirect("Broadcast.aspx")

ElseIf (user <> Dr("DTLoginID").ToString Or pwd <> Dr("DTPassword").ToString) Then
Me.lblError.Text = "Invalid Username/Password; Please Try Again"

'ElseIf (user <> Dr("DTLoginID").ToString And pwd = Dr("DTPassword").ToString) And Count <= 3 Then
' Me.lblError.Text = "Invalid Username/Password; Please Try Again"
' Count = Count + 1
End If

End While

End Sub

*********************************************

Any help would be appreciatedHi Compkitty,

Please try the following code..


Dim Dr As System.Data.SqlClient.SqlDataReader
 Dim user, pwd As String
 Dim ct As String = Viewstate("Count")
 If ct = "" Then
 ct = 0
 End If
 user = Me.txtUser.Text
 pwd = Me.txtPwd.Text
 Dim valid As Boolean = False
 Session("Username") = user
 Session("Password") = pwd
 SqlCOnn.Close()
 SqlCOnn.Open()
 Dr = sqlComm.ExecuteReader(CommandBehavior.CloseConnection)
 While Dr.Read
 Session("FirstName") = Dr("DTFName").ToString
 Session("LastName") = Dr("DTLName").ToString
 If (user = Dr("DTLoginID").ToString And pwd = Dr("DTPassword").ToString) Then
 valid = True
 Else
 valid = False
 End If
 End While
 Dr.Close()
 If valid = True Then
 Response.Redirect("Broadcast.aspx")
 Else
 If ct <= 3 Then
 Viewstate("Count") = ct + 1
 Me.lblError.Text = "Invalid Username/Password; Please Try Again"
 Else
 'Redirect to Recover password page
 End If
 End If

Hope this helps.
Hi again,

I switched the valid true/false on the datareader because of my if statement was not going to the broadcast page; and I thought maybe it was my username/pwd... not sure why; it was working before; not it seems to not be seeing the pwd/username as correct...
Ie.

 SqlConn.Open()
 Dr = SqlComm.ExecuteReader(CommandBehavior.CloseConnection)
 While Dr.Read
 Session("FirstName") = Dr("DTFName").ToString
 Session("LastName") = Dr("DTLName").ToString
 If (user = Dr("DTLoginID").ToString And pwd = Dr("DTPassword").ToString) Then
 Valid = False
 ElseIf (user <> Dr("DTLoginID").ToString Or pwd <> Dr("DTPassword").ToString) Then
 Valid = True
 End If
 End While
 Dr.Close()

not sure where the breakdown is. THANKS. it does the same thing w/ all usernames.
Hi there,

What is your SQL statement ?

Cheers!
It's Select * From the Employee's Table... i would like to change it into a stored procedure soon though.
Is there a way I can just change it to be a Dataset instead of a Datareader? would that make it easier? I have even changed the SQL statement to just those two fields ,but still isn't working...
Hi CompKitty,

No Datareader will work, and it is more efficient.

Try the code below,


 Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
 ''Viewstate("Action") = 1
 If IsValid Then
 Dim ct As String = Viewstate("Count")
 If ct = "" Then
 ct = 0
 End If
 Dim SqlCOnn As New SqlConnection
 Dim sqlComm As New SqlCommand("", SqlCOnn)
 Dim dr As SqlDataReader
 Dim user, pwd As String
 Dim Valid As Boolean = False
 user = Trim(txtUser.text)
 pwd = Trim(txtPwd.text)
 sqlComm.CommandText = "Select DTFName, DTFLName From Employees where DTLoginID = @.USerName and DTPassword = @.Password"
 sqlComm.Parameters.Add("@.USerName", SqlDbType.VarChar).Value = user
 sqlComm.Parameters.Add("@.Password", SqlDbType.VarChar).Value = pwd
 SqlCOnn.Open()
 dr = sqlComm.ExecuteReader(CommandBehavior.CloseConnection)
 dr.Read()
 If dr.HasRows Then
 Session("FirstName") = dr("DTFName").ToString
 Session("LastName") = dr("DTLName").ToString
 Session("Username") = user
 Session("Password") = pwd
 Valid = True
 End If
 dr.Close()
 SqlCOnn.Close()
 If Valid = True Then
 Response.Redirect("Broadcast.aspx")
 Else
 If ct <= 3 Then
 Viewstate("Count") = ct + 1
 Me.lblError.Text = "Invalid Username/Password; Please Try Again"
 Else
 'Redirect to Recover password page
 End If
 End If
 End If
 End Sub

Please note that you should always select only the things you need from the database. I think it was your select statement which was causing all the problems. The above code should and will work.

Stored procedures are not going to improve the performance of your application alone, You will have to consider the design of the table also. Are you aware about Indexes in SQL ?? I will recommend you to have a quick read about them in SQL Books.

Hope this will help :)
THANKS for all your help; somehow someway the page became corrupt; wouldn't work w/ any statements. so I redid the page; works... I appreciate all your help....

Posted by nonfictionnmqo at 10:27 PM
Labels: , , , , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)