views:

351

answers:

4

Hello all, Somebody please help me by modying this code.when i retrieve the Login value through stored procedure call,though i give the correct user name and password i am getting the error message "Invalid UserName or Password" means always checking the false condition only.pls help me somebody......Here is my code.

Login.cs:

 public int GetLogin(string UserName, string Password)
    {
        SqlConnection con = new SqlConnection(str);     
        SqlDataAdapter da = new SqlDataAdapter("GetUserLogin", con);
        da.SelectCommand.CommandType = CommandType.StoredProcedure;
        da.SelectCommand.Parameters.Add("@UserName", SqlDbType.VarChar, 50).Value = UserName;
        da.SelectCommand.Parameters.Add("@Password", SqlDbType.VarChar, 50).Value = Password;      
        DataSet ds = new DataSet();
        da.Fill(ds);
        if (ds.Tables[0].Rows.Count > 0)
        {
            if ((ds.Tables[0].Rows[0].ItemArray[1].ToString() == UserName) && (ds.Tables[0].Rows[0].ItemArray[2].ToString() == Password))
            {
                return 1;
            }
            else
            {
                return 0;
            }
        }
        else
        {
            return -1;
        }
    }

Stored Procedure:

CREATE PROCEDURE GetUserLogin( @UserName varchar(50),@Password varchar(50))   
AS
select UserName, Password
From Login where UserName=@UserName and Password=@Password
RETURN

Login.aspx.cs:

protected void BtnLogin_Click(object sender, EventArgs e)
    {
        Session["UserName"] = TxtUserName.Text;    
        Login lg = new Login();    
        if ((lg.GetLogin(TxtUserName.Text, TxtPassword.Text) == 1)&&(DropDownList1.SelectedIndex == 1))
        {                      
                Response.Redirect("c1.aspx");        
        }
        else if ((lg.GetAdminLogin(TxtUserName.Text, TxtPassword.Text) == 1) && (DropDownList1.SelectedValue == 0))
        {
            Response.Redirect("Admin.aspx");
        }
        else
        {
            Lbl1.Text = "<b>Sorry,Invalid UserName or Password</b>";
        }             

    }

Above highlighted condition always going to else condition though i give the correct input.

A: 
 Session["UserName"] = TxtUserName.Text; 
    Login lg = new Login();    
    if ((lg.GetLogin(TxtUserName.Text, **TxtPassword.Text**)

Where have you declared or assigned TxtPassword.Text ? When you are passing it to the GetLogin function, there is no value set for TxtPassword.Text . Maybe thats why its always going to the last else block since both times it fails (no value for TxtPassword.Text).

Session["UserName"] = TxtUserName.Text; 
Session["Password"] = TxtPassword.Text;      
    Login lg = new Login();    
    if ((lg.GetLogin(TxtUserName.Text, **TxtPassword.Text**)

I guess your code should add the line.

    Session["Password"] = TxtPassword.Text;

verify ;)

tHeSiD
A: 

You should surely be checking ItemArray[0] and ItemArray[1] rather than ItemArray[1] and ItemArray[2].

Joe
+1  A: 

First, this looks like it could be a case-sensitivity issue; even if the TSQL isn't case-sensitive, the C# will be. But why return the password at all (in fact, youshouldn't even store a password - only a hash).

Personally, I'd just have:

CREATE PROCEDURE GetUserLogin( @UserName varchar(50),@Password varchar(50))   
AS
select UserName
From Login where UserName=@UserName
and Password=@Password -- yeuch (should compare **hash**)

Then just check for the existance of rows; if ds.Tables[0].Rows.Count > 0, they are validated. Of course, DataTable is also overkill here, but it should work.

Marc Gravell
A: 

Or is this just SelectedValue 1 vs "1", 0 vs "0"???

Marc Gravell