I am building a login page for a website using ASP.NET and Visual Basic without Razor, as well as T-SQL. When I try to login with an existing account, I get an incorrect password message even if the password is correct.
I've tried to conduct some research on Stack Overflow and Code Project about this problem, but most people use ASP.NET Razor which is not what I am using.
Imports System.Data.SqlClient Partial Class Login Inherits System.Web.UI.Page Public Sub Submit(e As Object, sender As EventArgs) Handles submitButton.Click Dim conn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("RegistrationConnectionString").ConnectionString) conn.Open() Dim checkuser As String = "SELECT count(*) FROM [Table] WHERE Username='" + user.Text + "'" Dim com As SqlCommand = New SqlCommand(checkuser, conn) Dim temp As Integer = Convert.ToInt32(com.ExecuteScalar()) conn.Close() If temp = 1 Then conn.Open() Dim checkpasswordquery As String = "SELECT password FROM [Table] WHERE Username='" + user.Text + "'" Dim passComm As SqlCommand = New SqlCommand(checkpasswordquery, conn) Dim password As String = passComm.ExecuteScalar().ToString() MsgBox(password) //I have this here to test if my password matches (and my password does match) If password = pass.Text Then MsgBox("Login successful!") Else MsgBox("Incorrect password. If you would like to reset your password, please email [email protected]") End If Else MsgBox("Incorrect username") End If End Sub End Class
I expect to get a message box telling me that the login is successful, but instead I get a message box telling me that the password is incorrect and I should email [email protected] if I need a password reset.