views:

62

answers:

1

created this simple login page..it's supposed to display in the label text like "Wrong user " when user doesn't exist.."Wrong password" when password entered is incorrect etc

but whenever i try and login it ALWAYS displays "Wrong user" when the user does exist in the table..have entered usernames and passwords manually..not using any stored proceedure for that in this app

here's the code:- plz tell me what am I doing wrong..apparently its some logical error..

Default.cs file:-

using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

    public partial class _Default : System.Web.UI.Page 
    {

        SqlConnection con = new SqlConnection();



        protected void Page_Load(object sender, EventArgs e)
        {
            con.ConnectionString = ConfigurationManager.ConnectionStrings["cn"].ConnectionString;
            if (con.State == ConnectionState.Closed)
            {
                con.Open();
            }
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            Int32 d = checkUser(UserName.Text, Password.Text);
            if (d == -1)
            {
                Label1.Text = "Wrong user";

            }
            if (d == -2)
            {
                Label1.Text = "Wrong password";
            }

            if (d == 2)

            {
                Label1.Text = "Login Successful";

            }
        }


        private Int32 checkUser(String u, String p)

        {

            SqlCommand cmd = new SqlCommand();
            cmd.CommandText = "LogInCheck";
            cmd.CommandType = CommandType.StoredProcedure;
            cmd.Connection = con;
            cmd.Parameters.Add("@u", SqlDbType.VarChar, 50).Value = u;
            cmd.Parameters.Add("@p", SqlDbType.VarChar, 50).Value = p;
            SqlParameter p1 = new SqlParameter("@ret", SqlDbType.Int);
            p1.Direction = ParameterDirection.ReturnValue;
            cmd.Parameters.Add(p1);
            cmd.ExecuteNonQuery();
            Int32 k = Convert.ToInt32(cmd.Parameters["@ret"].Value);
            return k;

        }
    }

.aspx file

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>

        Username :&nbsp;
        <asp:TextBox ID="UserName" runat="server"></asp:TextBox>
        <br />
        Password :
        <asp:TextBox ID="Password" runat="server" TextMode="Password"></asp:TextBox>
&nbsp;
        <asp:Button ID="Button1" runat="server" Text="Login" onclick="Button1_Click"/>
        <br />
        <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>

    </div>
    </form>
</body>
</html>

My Stored Procedure LogInCheck:-

ALTER PROCEDURE LogInCheck

    (

    @u varchar(50),
    @p varchar(50)
    )

AS

    Declare @ap varchar(50)
    Select @ap from tbuser where uname=@u
    if @ap is null
    begin
    return -1
    end
    else 
    if @ap=@p
    return 1
    else 
    return -2
A: 

Your select query is not putting any value into @ap. Try this:

Select @ap=<col_name> from tbuser where uname=@u

Update Try putting a begin and end after you've started your main else.

Declare @ap varchar(50)
Select @ap from tbuser where uname=@u
if @ap is null
begin
return -1
end
else 
begin         --Here
if @ap=@p
return 1
else 
return -2
end          --And here
Sidharth Panwar
the col names in my table are uname and upass..I tried what u said..changed it to "Select @ap=upass from tbuser where uname=@u"..its still not working ...displaying Wrong Password only ..everytime
Serenity
ok its checking the username alright but just won't check the password ..even when I am entering the correct password...it says "Wrong password"
Serenity
hellloo????????
Serenity
So now we're struck at wrong password are we?
Sidharth Panwar
yep..what's wrong now? plz help
Serenity
ok..lemme try that
Serenity
still not working :/
Serenity
Is the output still wrong password?
Sidharth Panwar
Try this: if( LTRIM(RTRIM(@ap))=LTRIM(RTRIM(@p)) )
Sidharth Panwar
in my table..one username is "admin" and its password is 'ad' ..when I type this info and press enter..nothing happens..ie TExt in label doesnt change..it dsplays "Label " only...
Serenity
I have some work let's catch up in an hour or so.
Sidharth Panwar
changed it to " if( LTRIM(RTRIM(@ap))=LTRIM(RTRIM(@p)) ) " ...its checking the user and the password alright but just won't display "Login successful" when both fields are being entered correctly
Serenity
What is the return value from the stored procedure?
Sidharth Panwar
its 1 ..isn't it suppposed to display "Login Successful" then ? why wont it ?
Serenity
Dude in your code you're checking d == 2!!!!
Sidharth Panwar
ouch! ok changed it to one :p ....thnx..working fine now
Serenity
It's one of those days isn't it :)
Sidharth Panwar
it sure was..lol
Serenity