created this simple login page..it's supposed to display in the label text like "Wrong user " when user doesn't exist.."Wrong password" when password entered is incorrect etc
but whenever i try and login it ALWAYS displays "Wrong user" when the user does exist in the table..have entered usernames and passwords manually..not using any stored proceedure for that in this app
here's the code:- plz tell me what am I doing wrong..apparently its some logical error..
Default.cs file:-
using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
public partial class _Default : System.Web.UI.Page
{
SqlConnection con = new SqlConnection();
protected void Page_Load(object sender, EventArgs e)
{
con.ConnectionString = ConfigurationManager.ConnectionStrings["cn"].ConnectionString;
if (con.State == ConnectionState.Closed)
{
con.Open();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
Int32 d = checkUser(UserName.Text, Password.Text);
if (d == -1)
{
Label1.Text = "Wrong user";
}
if (d == -2)
{
Label1.Text = "Wrong password";
}
if (d == 2)
{
Label1.Text = "Login Successful";
}
}
private Int32 checkUser(String u, String p)
{
SqlCommand cmd = new SqlCommand();
cmd.CommandText = "LogInCheck";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Connection = con;
cmd.Parameters.Add("@u", SqlDbType.VarChar, 50).Value = u;
cmd.Parameters.Add("@p", SqlDbType.VarChar, 50).Value = p;
SqlParameter p1 = new SqlParameter("@ret", SqlDbType.Int);
p1.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p1);
cmd.ExecuteNonQuery();
Int32 k = Convert.ToInt32(cmd.Parameters["@ret"].Value);
return k;
}
}
.aspx file
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
Username :
<asp:TextBox ID="UserName" runat="server"></asp:TextBox>
<br />
Password :
<asp:TextBox ID="Password" runat="server" TextMode="Password"></asp:TextBox>
<asp:Button ID="Button1" runat="server" Text="Login" onclick="Button1_Click"/>
<br />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
My Stored Procedure LogInCheck:-
ALTER PROCEDURE LogInCheck
(
@u varchar(50),
@p varchar(50)
)
AS
Declare @ap varchar(50)
Select @ap from tbuser where uname=@u
if @ap is null
begin
return -1
end
else
if @ap=@p
return 1
else
return -2