When I enter incorrect username and password it does not go to error.aspx(form).
this is my code:
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(#"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\1\Documents\DB.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
conn.Open();
string checkuser = "select count(*) from [Users] where Username '" + TextBoxUserName.Text + "'";
SqlCommand com = new SqlCommand(checkuser,conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkpassword = "select Password from Users where Password'" + TextBoxPassword.Text + "'";
SqlCommand passComm = new SqlCommand(checkpassword, conn);
string password = passComm.ExecuteScalar().ToString();
if (password == TextBoxPassword.Text)
{
//Session["NEW"] = TextBoxUserName.Text;
Response.Redirect("Welcome.aspx");
}
**else
if (password != TextBoxPassword.Text)
{
Response.Redirect("Error.aspx");
}**
}
It gives me an error saying "Object reference not set to an instance of an object" in this line of code: string password = passComm.ExecuteScalar().ToString();
Related
This is not working at all. I have done it many times but I don't know what's going wrong. the textbox always shows "not found" whereas it should be showing username.
Note: Textbox is just an example.
Login Page:
protected void login_Click(object sender, EventArgs e)
{
Session.RemoveAll();
Session.Abandon();
Session.Clear();
string username = email.Text.ToLower().Trim();
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["myConnectionString"].ToString());
con.Open();
string sql = "SELECT USERNAME, PASSWORD FROM MANAGER WHERE USERNAME = #USERNAME AND PASSWORD=#PASSWORD";
SqlCommand command = new SqlCommand(sql, con);
command.Parameters.AddWithValue("#USERNAME", username);
command.Parameters.AddWithValue("#PASSWORD", password.Text.Trim());
SqlDataAdapter da = new SqlDataAdapter(command);
DataTable dt = new DataTable();
da.Fill(dt);
command.ExecuteNonQuery();
command.Dispose();
con.Close();
if (dt.Rows.Count > 0)
{
Session["manager"] = username;
Response.Redirect("ManagerHomePage.aspx");
Session.RemoveAll();
}
else
{
Label1.Text = "Invalid Email or Password!";
}
}
ManagerHomePage.aspx :
protected void Page_Load(object sender, EventArgs e)
{
if(Session["manager"]!=null)
{
TextBox1.Text = Session["manager"].ToString();
}
else
{
TextBox1.Text = "not found";
}
}
Do not use ExecuteNonQuery for Select command. ExecuteNonQuery is used for Insert, Update, Delete command. Try using ExecuteReader
Bellow is the code
protected void login_Click(object sender, EventArgs e)
{
Session.RemoveAll();
Session.Abandon();
Session.Clear();
string username = email.Text.ToLower().Trim();
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["myConnectionString"].ToString());
con.Open();
string sql = "SELECT USERNAME, PASSWORD FROM MANAGER WHERE USERNAME = #USERNAME AND PASSWORD=#PASSWORD";
SqlCommand command = new SqlCommand(sql, con);
command.Parameters.AddWithValue("#USERNAME", username);
command.Parameters.AddWithValue("#PASSWORD", password.Text.Trim());
SqlDataReader rdr=command.ExecuteReader();
if(rdr.HasRows())
{
Session["manager"] = username;
Response.Redirect("ManagerHomePage.aspx");
}
else
{
Label1.Text = "Invalid Email or Password!";
}
}
I'm using asp.net to create a login page; in debugging I see the correct inputted data but I keep gettting the error message Invalid Username or Password even when it is valid. I have also executed the stored procedure with values and shows the correct result. I'm not sure what is happening.
protected void login_Click(object sender, EventArgs e)
{
String username = txtUserName.Text.ToString();
String password = txtPassword.Text;
string con = ConfigurationManager.ConnectionStrings["LoginConnectionString"].ToString();
SqlConnection connection = new SqlConnection(con);
connection.Open();
string passwords = encryption(password);
SqlCommand cmd1 = new SqlCommand("spLogin", connection);
cmd1.CommandType = CommandType.StoredProcedure;
cmd1.Parameters.AddWithValue("#UserName", username);
cmd1.Parameters.AddWithValue("#password", passwords);
SqlDataReader sqldr = cmd1.ExecuteReader();
if (sqldr.Read())
{
Session["UserName"] = username.ToUpper();
Response.Redirect("~/Home/Welcome.aspx");
}
else
{
lblError.Text = "Invalid Username or Password";
}
connection.Close();
sqldr.Close();
}
StoredProcedure
select * from Users u where UserName=#UserName and password=#password
i have implemented my user passwords to be hashed. And what i want is to implement a forgot/change password. However i am not able to convert the hashed password to the original password and that gives me a failure to do the forgot/change password feature. Here is my code from my registration page:
cmd.Parameters.AddWithValue("#Password", BusinessLayer.ShoppingCart.CreateSHAHash (txtPW.Text));
Here is my creathash code:
public static string CreateSHAHash(string Phrase)
{
SHA512Managed HashTool = new SHA512Managed();
Byte[] PhraseAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(Phrase));
Byte[] EncryptedBytes = HashTool.ComputeHash(PhraseAsByte);
HashTool.Clear();
return Convert.ToBase64String(EncryptedBytes);
}
and my changepassword page:
protected void btn_update_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(conn);
con.Open();
str = "select * from UserData ";
com = new SqlCommand(str, con);
SqlDataReader reader = com.ExecuteReader();
while (reader.Read())
{
if (txt_cpassword.Text == reader["Password"].ToString())
{
up = 1;
}
}
reader.Close();
con.Close();
if (up == 1)
{
con.Open();
str = "update UserData set Password=#Password where UserName='" + Session["New"].ToString() + "'";
com = new SqlCommand(str, con);
com.Parameters.Add(new SqlParameter("#Password", SqlDbType.VarChar, 500));
com.Parameters["#Password"].Value = (txt_npassword.Text);
com.ExecuteNonQuery();
con.Close();
lbl_msg.Text = "Password changed Successfully";
}
else
{
lbl_msg.Text = "Please enter correct Current password";
}
}
What i want to do is to be able to convert my hashed password to the original password for it to be changed. Any tricks? or is it possible though?
I am trying to check whilist registrating. When an enterd email exists and then try to register it untill the registration is successfull but I don't want that.
protected void btnRegister_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["conn"].ConnectionString);
con.Open();
SqlCommand cmd = new SqlCommand ("Select count(*) from tblUsers where Email = '" + txtEmail.Text + "' ", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
p.UserName = txtUsername.Text;
p.Email = txtEmail.Text;
p.DOB = Convert.ToDateTime(txtDob.Text);
p.Password = txtPass.Text;
p.InsertUser(p);
Response.Write("Registration Successfull..");
}
else {
Response.Write("This Email is Already Exist...!!");
}
}
else
{
Response.Write("Fail...");
}
}
Added a column "LastLogin" to a User table, however, it only stores the last login date the first time a user logs in to a password-protected page.
When the same user logs in a second time, the cell does not reflect his last login. Here is my stored procedure:
Here is my stored procedure:
ALTER PROCEDURE [dbo].[UpdateLastLogin] (
#intUserID int
)
-- Add the parameters for the stored procedure here
AS
SET NOCOUNT ON
UPDATE Users SET LastLogin = GETDATE() WHERE UserID = #intUserID
Here is my code:
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//SqlConnection oConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["XXXConnectionString"].ConnectionString);
//SqlCommand oCommand = new SqlCommand();
//oCommand.Connection = oConnection;
//oCommand.CommandText = "UpdateLastLogin";
//oCommand.CommandType = CommandType.StoredProcedure;
//oCommand.Parameters.Add(new SqlParameter("#intUserID", SqlDbType.NVarChar, 10)).Value = Int32.MaxValue;
//SqlDataAdapter adpt = new SqlDataAdapter(oCommand);
//DataSet ds = new DataSet();
//adpt.Fill(ds);
}
protected void loginButton_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["3GPSConnectionString"].ConnectionString);
con.Open();
string cmdStr = "Select count(*) from Users where UserName='" + userTextBox.Text + "'";
SqlCommand Checkuser = new SqlCommand(cmdStr, con);
int temp = Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
if (temp == 1)
{
string cmdStr2 = "Select Password from Users where UserName='" + userTextBox.Text + "'";
SqlCommand pass = new SqlCommand(cmdStr2, con);
string password = pass.ExecuteScalar().ToString();
con.Close();
if (password == pwdTextBox.Text)
{
Session["New"] = userTextBox.Text;
Response.Redirect("/Protected/Default.aspx");
}
else
{
userCompareLbl.Visible = true;
userCompareLbl.Text = "Invalid Password!";
}
}
else
{
userCompareLbl.Visible = true;
userCompareLbl.Text = "Invalid Username!";
}
}
}