Member Avatar for kylelendo

Hii friends

I am creating a web application Now there are only two users who will login to the system
the two users are Admin and staff

When Admin logins he is directed to Admin.aspx
and when staff login he is directed to Staff.aspx

I have created a database Table in which I have four fields

ID,UserName,passWord,User_type

for admin it is 1,Admin,Admin,Administrator

and for staff it is 2,Staff,Staff,StaffUser

How can i do this ,,,Uptil now I have created a simple login page the code is as follows...

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionstring"].ConnectionString);
        con.Open();
        string cmdStr = "select count(*) from Registration where UserName='"+TextBox1.Text+"'";
        SqlCommand Checkuser = new SqlCommand(cmdStr, con);
        int temp = Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
        if (temp == 1)
        {
            string cmdStr2 = "Select password from Registration where UserName='"+TextBox1.Text+"'";
            SqlCommand pass = new SqlCommand(cmdStr2, con);
            string password = pass.ExecuteScalar().ToString();
           
           
            con.Close();

            
            if (password == TextBox2.Text)
            {
                Session["New"] = TextBox1.Text;
                Response.Redirect("Secure.aspx");

            }
            else
            {
                Label1.Visible = true;
                Label1.Text = "Invalid Password";

            }
        }
            else
            {
                 Label1.Visible = true;
                Label1.Text = "Invalid UserName";

            }
        
           
       
        }
    }
  • 3 Contributors
  • 4 Replies
  • 153 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by jbisono

Recommended Answers

All 4 Replies

Member Avatar for jbisono

There are a few things in your code, that personally don't like, maybe a few friends in daniweb can help you too, I don't know how important is the security for this particular application but it sounds too me that if you are trying to distinct one user from another, it is indeed important.
1) When you login, you don't say that the login or the password is wrong, you just say the credentials either the password or login are incorrect. so if that is ok then you don't need the first statement when you verify if the user exists.
2) You don't usually retrieve your password from the database instead you send the input password to the database to be verify.
If I were you I will rewrite my code like this, and that's not even good secure either.

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegConnectionstring"].ConnectionString);
string cmdStr = "select User_Type from Registration where UserName='"+TextBox1.Text+"' AND passWord = '"+TextBox2.Text+"'";
SqlCommand cmd = New SqlCommand(cmdStr, con);
con.Open();
Object TypeUser = cmd.ExecuteScalar();
con.Close();
if(TypeUser != null)
{
   Label1.Visible = false;
   Label1.Text = "";
   if(TypeUser.ToString() == "Administrator")
      Response.Redirect("Administrator.aspx");
   else
      Response.Redirect("StaffMember.aspx");
}
else
{
   Label1.Visible = true;
   Label1.Text = "Invalid Credentials Entered, Try again";
}

assuming you just have two types of users.

Edited by jbisono because: n/a
Member Avatar for kylelendo

All right What if I have more than 2 users...also how to implement security in my code????

Member Avatar for Ketsuekiame

Use a switch statement to differentiate between your user types.

The code above is secure enough for most cases, however, you may want to think about data encryption such as SHA and MD5.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.