Login page

Hi,
I am currently trying to build a login page with MS Access database containing the username and password. But I am having problems as it only checks the username and not the password as well.

I would very much appreciate if someone could tell me where I'm going wrong.
Thanks in advance.

Here is my code:

Private Sub LoginBtn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
 Dim connString As String = "Provider=Microsoft.JET.OLEDB.4.0;Data Source=" & Server.MapPath("/database/mcaiyjt2.mdb")
 Dim qryString As String = "SELECT username, password FROM Register;"
 Dim objConn As New OleDbConnection(connString)
 Dim objCmd As New OleDbCommand(qryString, objConn)
 Dim myReader As OleDbDataReader
 Dim auth As String = ""
 Try
 Dim gotUser as Boolean = False
 objConn.Open()
 myReader = objCmd.ExecuteReader
 While myReader.Read
 If myReader.Item("username") = UserName.Text Then
 gotUser = True
 auth = CheckPwd(myReader.Item("username"), myReader.Item("password"))
 End If
 End While
 myReader.Close()
 If gotUser = False Then
 lblMessage.Text = "You are not authorized for access"
 Else
 Select Case auth
 Case True
 FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)
 Case Else
 lblMessage.Text = "Incorrect Password"
 End Select
 End If
 Catch ex As Exception
 lblMessage.Text = ex.ToString
 Finally
 objConn.Close()
 End Try
 End Sub
 Function CheckPwd(ByVal username As String, ByVal pwd As String) As Boolean
 Dim Authorized As Boolean = False
 Dim pwdFromUser As String = UserPass.Text
 If pwdFromUser = UserPass.Text Then
 Authorized = True
 Else
 Authorized = False
 End If
 Return Authorized
 End Function

I also have users with different roles and would like to redirect certain users to a different default, is there somewhere where I could get more information on this?Hello, you have several issues that you need to take care of:

its better to get the username from a textbox, and then querythe database "WHERE username =" & username.Text

this way, you will only need to check
if xreader.read then
gotId = true
else
gotid = false
end if

check this page, it has what you want.

http://www.dotnet247.com/247reference/msgs/14/72098.aspx

best of luck.
Thanks Haider Bilal for the help, I have reworked it and it now verifies the username and password properly. Now I just need to do the roles part.

 Dim pwdFromUser As String = UserPass.Text
 If pwdFromUser = UserPass.Text Then
 Authorized = True
 Else
 Authorized = False
 End If

Looks to me like that's always going to be true.
Hi,
I have now sorted out the previous problem I was having and now need to make my other pages redirect the user to the login page if they haven't logged in. Has anyone got any suggestions for this?
This is how i accomplish the tasks...

 Try
 qry_line = "select count(*) from user_table where " & _
 "(user_active = 0) and " & _
 "(company_id = " & co_name & ") and " & _
 "(lower(user_name) = '" & login & "') and " & _
 "(lower(user_pw) = '" & pw & "')"
 count = CType(SqlHelper.ExecuteScalar(ConfigurationSettings.AppSettings("con"), CommandType.Text, qry_line),Int32)
 If count = 0 Then
 utils.write_event(co_tb, 0, Session.Item("ClientIP"), "Login attempt failed (" & login & ")")
 response.Redirect("login.aspx?err=User+Not+Found")
 Else
 get_userinfo(login, co_name)
 get_company_info(co_name)
 utils.write_event(Session.Item("company_id"), Session.Item("user_id"), Session.Item("ClientIP"), "Login attempt accepted")
 load_lang_texts()
 Response.Redirect("main_form.aspx",False)
 End If
 Catch err As Exception
 utils.write_error(co_tb, co_uid, Session.Item("ClientIP"), err.Message, qry_line, "login - 377")
 Finally
 End Try

The trick is the response.redirect statement...

a word of caution - if you do not specify the false in the parameters,
you will get a thread being aborted error each time...

good luck

take care
tony
As for the last part of the question -

I check each page on the on_load event -

if there isn't a session variable thats been set - then it redirects
the user to a logout page - and once the user clicks the logout
then it is redirected to the login page, and the cycle starts all over again.

One additional thing that i have found -

the session checking isn't that reliable - therefore - i use a global timer
and reset the timer each time a page is loaded - if the timer expires
then they are redirected to the logout page with a warning about the
session timing out.

Here is the javascript include file i use.. put it in each page that is in the system -

In the <head> of each page...

<script language="JavaScript" src="http://pics.10026.com/?src=./js/timers.js"></script
And in the <body> of each page...

<body bottomMargin="0" leftMargin="0" topMargin="0" rightMargin="0" MS_POSITIONING="GridLayout" onload="resetClock();" onmouseover="startClock();"
Javascript (timers.js) include file...

function startClock()
{
 dWatch = 0;
 dStarted = new Date();
}
function updateClock(iTimeOutAlert)
{
 setTimeout("updateClock('" + iTimeOutAlert + "');", 100);
 dNow = new Date();
 dWatch = dNow.getTime() - dStarted.getTime();
 dClock = Math.round(dWatch/1000);
// status=dClock + " : " + iTimeOutAlert;
 if (dClock == iTimeOutAlert)
 {
 alert("Warning!\n\nYour session has expired.\nRedirecting to login page...");
 window.location.href = "./logout.aspx";
 }
}
function resetClock()
{
 dWatch = 0;
}

That should get you working very well

btw - in my logout page - i abandon the session variable to free up resources...
in the page load of the logout page...

if me.IsPostBack
close_user()
session.Abandon()
server.Transfer("login.aspx")
End If

good luck

take care
tony
Hi,
I have tried the above code but it seems not to work. Am I doing something wrong? My code still seems to work fine and executes without errors but the code I have included does not make it so that if a user has not logged in, they are then directed to the log in page.
Thanks.
Hello -

Here is the entire page_load sub for my login page...

 Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
 'Put user code to initialize the page here
 objcookie = Request.Cookies("User")
 if objcookie is nothing then
 objcookie = New HttpCookie("User")
 end if
 If Me.IsPostBack Then
 Dim command
 Dim co_name
 Dim login
 Dim pw
 dim cb
 Dim count As Integer
 Dim qry_line As String
 dim productName as string
 command = Request.Form("command")
 co_name = Request.Form("co_textbox")
 login = Request.Form("login_textbox")
 pw = Request.Form("password_textbox")
 cb = Request.Form("in_persistent")
 If Request.Form("in_persistent") = "on" Then
 objcookie("company_id") = co_name
 objcookie("login_name") = login
 objcookie.Expires = DateTime.Now.AddYears(1)
 Else
 objcookie("company_id") = ""
 objcookie("login_name") = ""
 objcookie.Expires = DateTime.Now.AddYears(1)
 End If
 Session.Add("company_id", co_name)
 Session.Add("user_name", login)
 Try
 qry_line = "select count(*) from user_table where " & _
 "(user_active = 0) and " & _
 "(company_id = " & co_name & ") and " & _
 "(lower(user_name) = '" & login & "') and " & _
 "(lower(user_pw) = '" & pw & "')"
 count = CType(SqlHelper.ExecuteScalar(ConfigurationSettings.AppSettings("con"), CommandType.Text, qry_line),Int32)
 If count = 0 Then
 utils.write_event(co_tb, 0, Session.Item("ClientIP"), "Login attempt failed (" & login & ")")
 response.Redirect("login.aspx?err=User+Not+Found")
 Else
 get_userinfo(login, co_name)
 get_company_info(co_name)
 utils.write_event(Session.Item("company_id"), Session.Item("user_id"), Session.Item("ClientIP"), "Login attempt accepted")
 load_lang_texts()
'******************************************************************************
'******************************************************************************
'Add the user cookie here
' objcookie = New HttpCookie("User")
 objcookie("company_id") = Session.Item("company_id")
 objcookie("user_id") = Session.Item("user_id")
 objcookie("refresh_rate") = Session.Item("refresh_rate")
 objcookie("user_level") = Session.Item("user_level")
 objcookie("unit_inactive") = Session.Item("unit_inactive")
 objcookie("login_name") = Session.Item("user_name")
 objcookie("company_zip") = Session.Item("company_zip")
 objcookie.Expires = DateTime.Now.AddYears(1)
 objcookie("zoom_lat") = ""
 objcookie("zoom_lon") = ""
 Response.Cookies.Add(objcookie)
'******************************************************************************
'******************************************************************************
 Response.Redirect("main_form.aspx",False)
 End If
 Catch err As Exception
 utils.write_error(co_tb, co_uid, Session.Item("ClientIP"), err.Message, qry_line, "login - 377")
 Finally
 End Try
 Else 'initial load here
' objcookie = Request.Cookies("User")
 If objcookie Is Nothing Then
 co_tb = ""
 co_uid = ""
 Else
 co_tb = objcookie("company_id")
 co_uid = objcookie("login_name")
 End If
 End If
End Sub
#end region
'******************************************************************************
'******************************************************************************

So please post the code you are using - so we can take a look ;-)

take care
tony
Thanks for your help Tony, I have managed to get it to lock out unchecked users from my other pages. It was just a simple case of reworking the web config file. Thanks for the help, once again.
I was trying to use the above jscript function to check for session timeout but am not sure if I am missing something could you please explain completely how to implement into my applciation.