Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 HELP!!!!!!

Author  Topic 

rahyu
Starting Member

1 Post
Posted - 2011-07-19 : 07:48:21
<%@ Page Language="VB" %>
<%@ Import Namespace = "System.Data.SqlClient" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
Protected Sub ebtn_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim keytemp As Integer = 2
Dim tempstr As String
Dim estr As String
Dim charset As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

charset += "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
charset += "abcdefghijklmnopqrstuvwxyz"
charset += "abcdefghijklmnopqrstuvwxyz"
charset += "01234567890123456789"

estr = ""
tempstr = pwdtxt.Text
For i = 0 To (tempstr.Length - 1)
For j = 0 To (charset.Length - 1)
If (tempstr.Substring(i, 1) = charset.Substring(j, 1)) Then
estr &= charset.Substring((j + keytemp), 1)
Exit For
End If
Next
Next
pwdtxt.Text = estr
End Sub
Protected Sub clear_textfields()
uidtxt.Text = ""
pwdtxt.Text = ""
End Sub

Protected Sub loginbtn_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim tpwd As String = "Admin"
Dim have_record As Boolean
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim reader As SqlDataReader
Dim cmdstring As String = "Select * from etable where UID=@UID"

conn = New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\efile.mdf;Integrated Security=True;User Instance=True")
cmd = New SqlCommand(cmdstring, conn)
cmd.Parameters.Add("@UID", Data.SqlDbType.Char)
cmd.Parameters("@UID").Value = uidtxt.Text
conn.Open()
reader = cmd.ExecuteReader()
errlbl.Text = ""
have_record = reader.HasRows
reader.Close()
conn.Close()
If Not have_record Then
errlbl.Text = "Invalid username."
uidtxt.Focus()
ElseIf Not have_reco Then
ElseIf uidtxt.Text & pwdtxt.Text = "" Then
errlbl.Text = "Please fill in the blanks."
uidtxt.Focus()
ElseIf pwdtxt.Text = "" Then
errlbl.Text = "Please fill in the password."
pwdtxt.Focus()
ElseIf have_record Then
Response.Redirect("welcome.aspx?User=" & uidtxt.Text & ".")
pwdtxt.Text = reader.Item("UPW")
End If
End Sub

</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<style type="text/css">
.style1
{
text-align: center;
}
</style>
</head>
<body>
<h1 class="style1">
MIDLAND COMPUTER WAREHOUSE</h1>
<form id="form1" runat="server">
<div>

<h3>
Username:
<asp:TextBox ID="uidtxt" runat="server"></asp:TextBox>
</h3>
</div>
<h3>
Password: <asp:TextBox ID="pwdtxt" runat="server" TextMode="Password"></asp:TextBox>
</h3>
<asp:Button ID="loginbtn" runat="server" Text="Login"
onclick="loginbtn_Click" />
<p>
<asp:Label ID="errlbl" runat="server"></asp:Label>
</p>
</form>
</body>
</html>

hi:) the problem is, it is working perfectly fine but i can also log in with the wrong password! is there anything wrong??

Rahayu

sunitabeck
Master Smack Fu Yak Hacker

5155 Posts
Posted - 2011-07-19 : 09:10:35
You are logging into the database server using the Windows credentials; so the username and password are not sent to the server and not used.
conn = New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\efile.mdf;Integrated Security=True;User Instance=True")
If you want to change the login to use the username and password supplied by the user, you can use SQL authentication (assuming SQL authentication is enabled on the server). See here for examples of connection strings.
Go to Top of Page

jcelko
Esteemed SQL Purist

547 Posts
Posted - 2011-07-19 : 17:41:18
This is a SQL Server forum. We will answer a SQL server question when you ask one. We do not care about the front and whatever language you wrote.

--CELKO--
Books in Celko Series for Morgan-Kaufmann Publishing
Analytics and OLAP in SQL
Data and Databases: Concepts in Practice
Data, Measurements and Standards in SQL
SQL for Smarties
SQL Programming Style
SQL Puzzles and Answers
Thinking in Sets
Trees and Hierarchies in SQL
Go to Top of Page

russell
Pyro-ma-ni-yak

5072 Posts
Posted - 2011-07-19 : 17:43:33
quote:
Originally posted by jcelko

This is a SQL Server forum. We will answer a SQL server question when you ask one. We do not care about the front and whatever language you wrote.


But the question was already satisfactorily answered.

If you don't care, no need to chime in.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site