Member Avatar for Jesi523

I need some help. I have a website where people can create a class or event with times and places for the class or event. Once this instance is created they are supplied a link for people to sign up and a passcode for them to use to modify the class or take attendence for the class, or change attendees for the class. I have never done a login page before. I have read a lot about them but I cannot find anything that just uses a passcode to login. The passcode is stored in one of my SQL tables. I have about three or four pages that require the passcode before the user can go to those pages. I do not know how start doing any of this. I need help please.

Thank you,
Jesi

  • 5 Contributors
  • 19 Replies
  • 122 Views
  • 4 Months Discussion Span
  • Latest Post Latest Post by crishjeny

Recommended Answers

All 19 Replies

Member Avatar for finito

Well, Do you know how to retrieve data from the SQL database?

Do you know what if statements are?

If you can answer both you can do it.

Please explain which part you don't understand, so I may try and clarify.

Regards.

Member Avatar for Jesi523

Yes, I know how to retrieve data from the SQL database. I am somewhat familar with if statements, but not very good at them. So there are several things I do not understand. I do not understand how to setup the web config file to only allow login for a few pages of the web site. I also not know how I would verify that they put in the correct passcode from the database. I have only used the database to display and change things in the database from my site, but not to validate something that is in the database. I have no clue how that would be done. Oh, and I am using C# in the code behind if that makes a difference. Thank you.

Member Avatar for finito

It is simple there is no need to stress over it.

Here try this.

if (Password.Text.Equals(RetrievedInformation)) //where Password.Test is your Password TextBox
    MessageBox.Show("Successful login");
else 
    MessageBox.Show("Wrong Password");

Where I said Successful Login you replace it with loading the new form or what ever you want to do when the authorization is successful.

Member Avatar for Jesi523

Ok, I will try that, now could you help me with the web.config file. I have only two links in my menu that need a passcode to login, I understand that I need to put these in my web.config file, but I have not found a clear place that tells me which tags that goes under...authentications or where? Thanks.

Member Avatar for Jesi523

I tried a version of you code:

protected void enterBtn_Click(object sender, EventArgs e)
        {
            string passcode = passcodeTxt.Text.Trim();
            string eventAuid = Request.QueryString["eventAuid"];
            string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;
            string connString = ConfigurationManager.ConnectionStrings["RSVPApplicationConnectionString"].ConnectionString;
            SqlConnection sqlConn = new SqlConnection(connString);
            SqlCommand sqlComm = new SqlCommand(sqlString, sqlConn);

            sqlConn.Open();
            string passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();

            if (passcode == "passcode1")

                FromsAuthentication.RedirectFromLoginPage(passcode, false);

            else

                MessageBox.Show("Wrong Passcode");
        }

I am getting the errors:

"The name 'FromsAuthentication' does not exist in the current context" and
"The name 'MessageBox' does not exist in the current context"

So I guess I am still doing something wrong...

Member Avatar for dnanetwork

are you working in windows env or web env.

if web then no MessageBox will be there..
and also i think you forgot to import namespace

using System.Web.Security;

if windows there is no such thing as FormsAuthentication..
yes messagebox is there..

Member Avatar for Jesi523

I am working in the web env and I have that namespace.

Member Avatar for finito 
string passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();ing is passcode the variable

            if (passcode == passcode1) // what you were checking against was "passcode1" what you ought to be testing is the variable passcode1

                FromsAuthentication.RedirectFromLoginPage(passcode, false);

            else

                MessageBox.Show("Wrong Passcode");
        }

As for FromsAuthentication I think you misspelled it maybe Forms not Froms?

I have never wrote an ASP.Net code but I am sure some one will help you with the config file.

Edited by finito because: n/a
Member Avatar for Jesi523

I did notice that Forms was spelled wrong, so I did fix that. Thank you. Passcode is equal to what is in the textbox. And passcode1 is what I am trying to get from the database to compare to what was entered in the textbox.

I think I figured out the config file.

Member Avatar for Jesi523

Here's my new code:

protected void enterBtn_Click(object sender, EventArgs e)
        {
            string passcode = passcodeTxt.Text.Trim();
            string eventAuid = Request.QueryString["eventAuid"];
            string passcode1;
            string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;
            string connString = ConfigurationManager.ConnectionStrings["RSVPApplicationConnectionString"].ConnectionString;
            SqlConnection sqlConn = new SqlConnection(connString);
            SqlCommand sqlComm = new SqlCommand(sqlString, sqlConn);

            sqlConn.Open();
            passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();

            if (passcode == "passcode1")

                FormsAuthentication.RedirectFromLoginPage(passcode, false);
            else
                message.Text = "Invalid passcode, please enter the correct passcode and try again.";
        }

Even if I enter the correct passcode it gives me the message I place above in the else area.

Member Avatar for Jesi523

Thank you removing the quotes did it. Thank you finito.

Member Avatar for Jesi523

So now it works if I put the correct passcode in but if I put the incorrect passcode in it gives me a "NullReferenceException was unhandled by user code. Object reference not ser ro an instance of an object."

protected void enterBtn_Click(object sender, EventArgs e)
        {
            string passcode = passcodeTxt.Text.Trim();
            string eventAuid = Request.QueryString["eventAuid"];
            string passcode1;
            string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;
            string connString = ConfigurationManager.ConnectionStrings["RSVPApplicationConnectionString"].ConnectionString;
            SqlConnection sqlConn = new SqlConnection(connString);
            SqlCommand sqlComm = new SqlCommand(sqlString, sqlConn);

            sqlConn.Open();
            passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();

            if (passcode == passcode1)

                FormsAuthentication.RedirectFromLoginPage(passcode, false);
            else
                message.Text = "Invalid passcode, please enter the correct passcode and try again.";
        }

It throws the error here:

passcode1 = sqlComm.ExecuteScalar().ToString();

Anybody???

Member Avatar for MichaelWClark

I tried a version of you code:

string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;

I know you are trying this for your first time but be aware that this query is a security flaw. You can be exploited by SQL Injection if you leave it as is. I would recommend using a Regex.replace() function or some other methods. Check this out before you implement on the internet with your script.

http://msdn.microsoft.com/en-us/library/ff648339.aspx

Member Avatar for MichaelWClark 
passcode1 = sqlComm.ExecuteScalar();
            sqlConn.Close();

            if(passcode != DBNull){
            if (passcode.ToString() == passcode1)

                FormsAuthentication.RedirectFromLoginPage(passcode, false);
            else
                message.Text = "Invalid passcode, please enter the correct passcode and try again.";
        }
}

Try that

Member Avatar for MichaelWClark

Missing a { after the 2nd If...but you should be able to figure that out ;)

Member Avatar for finito

Just Do this.

#
try {
    sqlConn.Open();
    passcode1 = sqlComm.ExecuteScalar().ToString();
    sqlConn.Close();
}
catch 
{
    passcode1 = "";
    sqlConn.Close();
}

Add the Try catch.

Member Avatar for Jesi523

This is just an internal web application for my company, but I will look into the SQL injection for sure. Thank you for that information. I also changed my code to use count to see if the passcode matched so I went a little different way with this. Thank you all very much for your help.

Member Avatar for dnanetwork

Damn...! :)

Member Avatar for crishjeny

Hi

Its a example of Login with passcode from SQL Database.You can refer this.It will help you.

if (Password.Text.Equals(RetrievedInformation)) //where Password.Test is your Password TextBox

MessageBox.Show("Successful login");

else

MessageBox.Show("Wrong Password");

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.