DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   ASP.NET (http://www.daniweb.com/forums/forum18.html)
-   -   Help me in username and password validation through accessing the database (http://www.daniweb.com/forums/thread71781.html)

blitz2bleach Mar 7th, 2007 6:05 am
Help me in username and password validation through accessing the database
 
Hello there, i just need your opinion about this...i have now database and all i need to do is to connect it on this page..my question is..where i should put the code of connecting this page to my database that has a column of "ID" and "Password" and it has already a data of for example "ID:054806054" and PAssword:"blitz2bleach"...can i access it on my database..should i used a "connection string" on it?what is the easy to used "data Source"?sqlDataSource or AccessDataSource?...i dont want to include some ado.net on it...it is possible to code it only in asp.net?..
this are the codes hope you can help me and should i get your opinion what code i should remove and add..and in where i should put it...
sorry but i know that all you can do is to make a comment but this is urgent..it is our project to bulid a website and im new in progamming in asp.net, i read books and have aself study on it..but the things is actual teaching is the best, but here no one in my professor can teach me..
hope you can help to figure out what should i add and remove code..
for now thank you for you cooperation and for the help you will given me n advance for reviewing the code...

----.this some part code from the file name "index.aspx"
<form id="FormIndex" method="post" runat="server" action=index.aspx>
<<table width="168" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><span class="style1">
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ErrorMessage="*"
Display="Dynamic" ControlToValidate=txtUname></asp:RequiredFieldValidator>Username</span></td>
<td><div align="right">
<input name="txtUname" type="text" id="txtUname" size="11" runat=server/>
</div>
</td>
</tr>
<tr>
<td width="62"><span class="style1">
<asp:RequiredFieldValidator Display=Dynamic ID="RequiredFieldValidator2" ControlToValidate="txtPass" runat="server" ErrorMessage="*"></asp:RequiredFieldValidator>Password</span></td>
<td width="106"><div align="right">
<input type="password" name="txtPass" size="11" runat=server id="txtPass" />
</div>
</td>
</tr>
<tr>
<td height="19">&nbsp;</td>
<td><div align="right">
<asp:Button ID="Button1" runat="server" Text="Sign In" PostBackUrl="index.aspx" />&nbsp;
</div>
</td>
</tr>
</table>
</form>
</td>
<-------End of code "index.aspx"
-------------->this code is my index.aspx.vb
Option Explicit On
Imports System.Data.OleDb
Imports System.Configuration.ConfigurationSettings
Imports System.Web.Security

Namespace Informatics

Partial Class index
Inherits System.Web.UI.Page
Dim strString As String
Dim oOleDbConnection As OleDbConnection
Dim sConnString As String
Dim oOleDbCommand As OleDbCommand
Dim oOleDbdr As OleDbDataReader
Dim tempUser As String
Dim tempPass As String
Dim ctr As Integer

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
Private Sub InitializeComponent()
Me.odaGbook = New System.Data.OleDb.OleDbDataAdapter
Me.OleDbDeleteCommand1 = New System.Data.OleDb.OleDbCommand
Me.OleDbConnection1 = New System.Data.OleDb.OleDbConnection
Me.OleDbInsertCommand1 = New System.Data.OleDb.OleDbCommand
Me.OleDbSelectCommand1 = New System.Data.OleDb.OleDbCommand
Me.OleDbUpdateCommand1 = New System.Data.OleDb.OleDbCommand
Me.PdsGbook2 = New Informatics.pdsGbook
Me.OleDbCommand1 = New System.Data.OleDb.OleDbCommand
CType(Me.PdsGbook2, System.ComponentModel.ISupportInitialize).BeginInit()
'
'odaGbook
'
Me.odaGbook.DeleteCommand = Me.OleDbDeleteCommand1
Me.odaGbook.InsertCommand = Me.OleDbInsertCommand1
Me.odaGbook.SelectCommand = Me.OleDbSelectCommand1
Me.odaGbook.TableMappings.AddRange(New System.Data.Common.DataTableMapping() {New System.Data.Common.DataTableMapping("Table", "gbook", New System.Data.Common.DataColumnMapping() {New System.Data.Common.DataColumnMapping("address", "address"), New System.Data.Common.DataColumnMapping("age", "age"), New System.Data.Common.DataColumnMapping("gender", "gender"), New System.Data.Common.DataColumnMapping("ID", "ID")})})
Me.odaGbook.UpdateCommand = Me.OleDbUpdateCommand1
'
'OleDbDeleteCommand1
'
Me.OleDbDeleteCommand1.CommandText = "DELETE FROM gbook WHERE (ID = ?) AND (address = ? OR ? IS NULL AND address IS NUL" & _
"L) AND (age = ? OR ? IS NULL AND age IS NULL) AND (gender = ? OR ? IS NULL AND g" & _
"ender IS NULL)"
Me.OleDbDeleteCommand1.Connection = Me.OleDbConnection1
Me.OleDbDeleteCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_ID", System.Data.OleDb.OleDbType.Integer, 0, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "ID", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbDeleteCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_address", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "address", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbDeleteCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_address1", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "address", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbDeleteCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_age", System.Data.OleDb.OleDbType.Integer, 0, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "age", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbDeleteCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_age1", System.Data.OleDb.OleDbType.Integer, 0, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "age", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbDeleteCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_gender", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "gender", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbDeleteCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_gender1", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "gender", System.Data.DataRowVersion.Original, Nothing))
'
'OleDbConnection1
'
Me.OleDbConnection1.ConnectionString = "Jet OLEDB:Global Partial Bulk Ops=2;Jet OLEDB:Registry Path=;Jet OLEDB:Database L" & _
"ocking Mode=1;Data Source=""C:\Documents and Settings\Joy.PHOENIX-1D0486C\Desktop" & _
"\db1.mdb"";Jet OLEDB:Engine Type=5rovider=""Microsoft.Jet.OLEDB.4.0"";Jet OLEDB:S" & _
"ystem database=;Jet OLEDB:SFP=False;persist security info=False;Extended Propert" & _
"ies=;Mode=Share Deny None;Jet OLEDB:Encrypt Database=False;Jet OLEDB:Create Syst" & _
"em Database=False;Jet OLEDB:Don't Copy Locale on Compact=False;Jet OLEDB:Compact" & _
" Without Replica Repair=False;User ID=Admin;Jet OLEDB:Global Bulk Transactions=1" & _
""
'
'OleDbInsertCommand1
'
Me.OleDbInsertCommand1.CommandText = "INSERT INTO gbook(address, age, gender) VALUES (?, ?, ?)"
Me.OleDbInsertCommand1.Connection = Me.OleDbConnection1
Me.OleDbInsertCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("address", System.Data.OleDb.OleDbType.VarWChar, 50, "address"))
Me.OleDbInsertCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("age", System.Data.OleDb.OleDbType.Integer, 0, "age"))
Me.OleDbInsertCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("gender", System.Data.OleDb.OleDbType.VarWChar, 50, "gender"))
'
'OleDbSelectCommand1
'
Me.OleDbSelectCommand1.CommandText = "SELECT address, age, gender, ID FROM gbook"
Me.OleDbSelectCommand1.Connection = Me.OleDbConnection1
'
'OleDbUpdateCommand1
'
Me.OleDbUpdateCommand1.CommandText = "UPDATE gbook SET address = ?, age = ?, gender = ? WHERE (ID = ?) AND (address = ?" & _
" OR ? IS NULL AND address IS NULL) AND (age = ? OR ? IS NULL AND age IS NULL) AN" & _
"D (gender = ? OR ? IS NULL AND gender IS NULL)"
Me.OleDbUpdateCommand1.Connection = Me.OleDbConnection1
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("address", System.Data.OleDb.OleDbType.VarWChar, 50, "address"))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("age", System.Data.OleDb.OleDbType.Integer, 0, "age"))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("gender", System.Data.OleDb.OleDbType.VarWChar, 50, "gender"))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_ID", System.Data.OleDb.OleDbType.Integer, 0, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "ID", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_address", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "address", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_address1", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "address", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_age", System.Data.OleDb.OleDbType.Integer, 0, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "age", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_age1", System.Data.OleDb.OleDbType.Integer, 0, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "age", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_gender", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "gender", System.Data.DataRowVersion.Original, Nothing))
Me.OleDbUpdateCommand1.Parameters.Add(New System.Data.OleDb.OleDbParameter("Original_gender1", System.Data.OleDb.OleDbType.VarWChar, 50, System.Data.ParameterDirection.Input, False, CType(0, Byte), CType(0, Byte), "gender", System.Data.DataRowVersion.Original, Nothing))
'
'PdsGbook2
'
Me.PdsGbook2.DataSetName = "pdsGbook"
Me.PdsGbook2.Locale = New System.Globalization.CultureInfo("en-US")
CType(Me.PdsGbook2, System.ComponentModel.ISupportInitialize).EndInit()
End Sub
Protected WithEvents OleDbSelectCommand1 As System.Data.OleDb.OleDbCommand
Protected WithEvents OleDbInsertCommand1 As System.Data.OleDb.OleDbCommand
Protected WithEvents OleDbUpdateCommand1 As System.Data.OleDb.OleDbCommand
Protected WithEvents OleDbDeleteCommand1 As System.Data.OleDb.OleDbCommand
Protected WithEvents OleDbConnection1 As System.Data.OleDb.OleDbConnection
Protected WithEvents PdsGbook1 As Informatics.pdsGbook
Protected WithEvents PdsGbook2 As Informatics.pdsGbook
Protected WithEvents OleDbCommand1 As System.Data.OleDb.OleDbCommand
Protected WithEvents odaGbook As System.Data.OleDb.OleDbDataAdapter

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
End Sub
Public Overrides Sub Dispose()
End Sub

End Class
End Namespace
<--------------end of index.aspx.vb
----------------->this code is my web.config file

<?xml version="1.0" encoding="utf-8"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings>
<add key="strConn" value="Provider = Microsoft.Jet.OLEDB.4.0;Data Source=C:\Documents and Settings\Joy.PHOENIX-1D0486C\Desktop\db1.mdb;User ID=Admin;Password=;"/>
</appSettings>
<!--
<connectionStrings>
<add name="db1ConnectionString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=&quot;C:\Documents and Settings\Joy.PHOENIX-1D0486C\Desktop\db1.mdb&quot;"
providerName="System.Data.OleDb" />
</connectionStrings> -->
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<compilation debug="true" strict="false" explicit="true"/>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows"/>
<!--<authorization>
<allow user="*" />

</authorization>-->
<!--

The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
</configuration>

<------------end of web.config file
:?:

f1 fan Mar 23rd, 2007 12:20 pm
Re: Help me in username and password validation through accessing the database
 
firstly i would use the membership provider given with .net framework2 and VS2005.
Then you can create the tables and everything needed in the database using the aspnet_regsql program that comes with the .net framework (it is in the framework folder on your pc just do a search).
Then you can use webconfig to put your provider information and use the login tools etc with little or no code on your behalf.

glfoster Oct 27th, 2007 3:21 am
Re: Help me in username and password validation through accessing the database
 
Hello,

I am trying to do something similar against a SQL server database with a user database already up and running.

The code below connects to the SQL server with no problems and returns the number of users that match the criteria.

My problem arises when I want to do a simple comprison against the result. How do I access the "NUM_OF_USERS" value for comparison?

I have this same issue with another part of the project where I can pull data from the DB but I can't access the individual parts to perform formattin and conputations on them.

If there is a better method for completing this I am open to input! :-)

  Function DBConnection(ByVal strUserName As String, ByVal strPassword As String) As Boolean



    Try



      SqlDataSource1.ConnectionString = MyConn.ConnectionString



      SqlDataSource1.SelectCommand = "SELECT COUNT(*) AS Num_of_User FROM PID WHERE (PID = '" & strUserName & "') AND (PASSWORD = '" & strPassword & "');"



      'If count = 1 Then

      'Return True

      'Else

      'Return False

      'End If



    Catch ex As Exception



      lblMessage.Text = "Error Connecting to Database!"



    End Try



  End Function

SheSaidImaPregy Oct 27th, 2007 10:57 pm
Re: Help me in username and password validation through accessing the database
 
Try not to use a datasource. You only use datasources, or should anyway, when binding it to a certain repeater/grid/datalist. What I would recommend is using a scalar for this unlessif you are retrieving information as well, then use the reader. Do something like:

Dim strPass As String
Dim conLogin = New OleDBConnection( connection stuff)
Dim cmdSelect = New OleDBCommand( "SELECT PASSWORD FROM PID WHERE PID=@PID", conLogin )
cmdSelect.Parameters.AddWithValue( "@PID", strUserName )
conLogin.Open()
strPass= cmdSelect.ExecuteScalar()
conLogin.Close()
if (String.Compare(strPass, strPassword, False)) = 0 then
'False means that you are comparing case-sensitive. True means case-insensitive
'do user stuff here as zero means it passed validation
else
'do bad stuff here as anything BUT zero means it failed validation
end if


All times are GMT -4. The time now is 6:45 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC