How to create a login page uusing login control with Mysql database in the backend

Question

Shwetha Dali 0 Newbie Poster

12 Years Ago

Here is my code,problem is i'm able to login even with wrong username and password.
Can anybody tell wat is the mistake in my code..

using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using MySql.Data.MySqlClient;
using MySql.Data.Types;
using System.Data.Odbc;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        string userName = Login1.UserName;
        string password = Login1.Password;

        string connetionString = null;
        connetionString = "Data Source=Localhost;Initial Catalog=employee_connect;User ID=root;Password=techsoft";
        MySqlConnection con = new MySqlConnection(connetionString);
        con = new MySqlConnection(connetionString);
        con.Open();
        MySqlDataAdapter da = new MySqlDataAdapter("Select * from admin", con);
        string thesql = "SELECT * FROM admin WHERE EmpName = @UserName AND Password = @Password";
        MySqlCommand cmd = new MySqlCommand(thesql, con);
        DataTable dt = new DataTable();
        DataSet ds = new DataSet();
        da.Fill(ds, "admin");
        ds.Tables.Add(dt);
        cmd.Parameters.AddWithValue ("@UserName", SqlDbType.NVarChar).Value = userName;
        cmd.Parameters.AddWithValue("@Password", SqlDbType.NVarChar).Value = password;
        foreach (DataRow r in dt.Rows)
        {
            if (r[1].ToString() == Login1.UserName && r[2].ToString() == Login1.Password)
            {
                e.Authenticated = true;
                Response.Redirect("login.aspx");
            }
        }
        con.Close();
        e.Authenticated = false;
        Response.Redirect("wrong.aspx");
        
    }
   
}

asp.net

2 Contributors
1 Reply
389 Views
2 Days Discussion Span
Latest Post 12 Years Ago Latest Post by hericles

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

hericles 289 Master Poster Featured Poster · Answer 1 · 2011-10-23T19:33:26+00:00

Hi, you have logic errors in your code. You are loading up your dataTable with the data using the SQL statement: "Select * from admin" and then checking against the rows in the table in your foreach loop. You never use the command object to extract the users that match the user name and password; that code is being used by anything as you never reset the dataAdapter's command object to that.
But that won't be causing your code to fail. Have you checked Username and Password are holding the correct values?