0

Here is my code,problem is i'm able to login even with wrong username and password.
Can anybody tell wat is the mistake in my code..

using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using MySql.Data.MySqlClient;
using MySql.Data.Types;
using System.Data.Odbc;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        string userName = Login1.UserName;
        string password = Login1.Password;

        string connetionString = null;
        connetionString = "Data Source=Localhost;Initial Catalog=employee_connect;User ID=root;Password=techsoft";
        MySqlConnection con = new MySqlConnection(connetionString);
        con = new MySqlConnection(connetionString);
        con.Open();
        MySqlDataAdapter da = new MySqlDataAdapter("Select * from admin", con);
        string thesql = "SELECT * FROM admin WHERE EmpName = @UserName AND Password = @Password";
        MySqlCommand cmd = new MySqlCommand(thesql, con);
        DataTable dt = new DataTable();
        DataSet ds = new DataSet();
        da.Fill(ds, "admin");
        ds.Tables.Add(dt);
        cmd.Parameters.AddWithValue ("@UserName", SqlDbType.NVarChar).Value = userName;
        cmd.Parameters.AddWithValue("@Password", SqlDbType.NVarChar).Value = password;
        foreach (DataRow r in dt.Rows)
        {
            if (r[1].ToString() == Login1.UserName && r[2].ToString() == Login1.Password)
            {
                e.Authenticated = true;
                Response.Redirect("login.aspx");
            }
        }
        con.Close();
        e.Authenticated = false;
        Response.Redirect("wrong.aspx");
        
    }
   
}
2
Contributors
1
Reply
5
Views
5 Years
Discussion Span
Last Post by hericles
0

Hi, you have logic errors in your code. You are loading up your dataTable with the data using the SQL statement: "Select * from admin" and then checking against the rows in the table in your foreach loop. You never use the command object to extract the users that match the user name and password; that code is being used by anything as you never reset the dataAdapter's command object to that.
But that won't be causing your code to fail. Have you checked Username and Password are holding the correct values?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.