I am building a login page for a website using ASP.NET and Visual Basic without Razor, as well as T-SQL. When I try to login with an existing account, I get an incorrect password message even if the password is correct.

I've tried to conduct some research on Stack Overflow and Code Project about this problem, but most people use ASP.NET Razor which is not what I am using.

Imports System.Data.SqlClient
Partial Class Login
    Inherits System.Web.UI.Page
    Public Sub Submit(e As Object, sender As EventArgs) Handles submitButton.Click
        Dim conn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("RegistrationConnectionString").ConnectionString)
        Dim checkuser As String = "SELECT count(*) FROM [Table] WHERE Username='" + user.Text + "'"
        Dim com As SqlCommand = New SqlCommand(checkuser, conn)
        Dim temp As Integer = Convert.ToInt32(com.ExecuteScalar())
        If temp = 1 Then
            Dim checkpasswordquery As String = "SELECT password FROM [Table] WHERE Username='" + user.Text + "'"
            Dim passComm As SqlCommand = New SqlCommand(checkpasswordquery, conn)
            Dim password As String = passComm.ExecuteScalar().ToString()
            MsgBox(password) //I have this here to test if my password matches (and my password does match)
            If password = pass.Text Then
                MsgBox("Login successful!")
                MsgBox("Incorrect password. If you would like to reset your password, please email [email protected]")
            End If
            MsgBox("Incorrect username")
        End If

    End Sub
End Class

I expect to get a message box telling me that the login is successful, but instead I get a message box telling me that the password is incorrect and I should email [email protected] if I need a password reset.

0 Answers