popup login asp.net webform project with database code

1k views Asked by At

I am trying to build a popup log-in form in asp.net web-form project. i named the page PopupLogin.aspx. i found a good way in this link "http://jqueryasp.net/popup-login-formpage-using-jquery-asp-net/ " in this link you can see that they just write down the username = "ajay" and password = "admin". but i want to retrive the data from the database. i use sqlserver 2008. i write ado.net code in my code behind PopupLogin.aspx.cs. but i cant successfully login. an error alert shown. i give my code to you.

please give me the right ado.net code for this situation, or find out my mistakes. thank you.

.cs code.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Services;
using System.Data.SqlClient;
using System.Data;
using System.Text;
using System.Configuration;
using System.Collections;

namespace OnlineDhaka
{
    public partial class PopupLogin : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
        }

        [WebMethod]
        public bool CheckUser(string username, string password)
        {
            int temp =0;
               SqlConnection conn = new SqlConnection("Data Source=AKASH-PC\\SQLEXPRESS;Initial Catalog=Registration;Integrated Security=True");
            conn.Open();
            string checkuser = "select count(*) from RegData where Username='" + username + "'";
            SqlCommand com = new SqlCommand(checkuser, conn);
            temp = Convert.ToInt32(com.ExecuteScalar().ToString());
            conn.Close();
            if (temp == 1)
            {
                conn.Open();
                string checkPasswordQuery = "select Password from RegData where Username='" + username + "'";
                SqlCommand passcom = new SqlCommand(checkPasswordQuery, conn);
                string Password = passcom.ExecuteScalar().ToString().Replace(" ", "");
                if (Password == password)
                {
                    Session["New"] = username;
                    using (SqlCommand cmdid = new SqlCommand("select Id from RegData where Username = '" + username+ "'", conn))
                    {
                        int id = (int)cmdid.ExecuteScalar();
                        Session["ID"] = id;
                    }

                    return true;
                }
                else
                {
                    return false;
                }
            }
            else
            {
                return false;
            }
        }
    }
}
1

There are 1 answers

4
Alexey Nis On

You should check a user and password pair once.

var selectText = "SELECT Id FROM RegData WHERE Username=@UserName AND Password = @Password"
using (var command = connection.CreateCommand())
{
    command.CommandText = selectText;
    command.Parameters.AddWithValue("@Username", username);
    command.Parameters.AddWithValue("@Password", password);
    using(var reader = command.ExecuteReader())
    {
        //If table has row with username and password
        if(reader.read()) 
        {
             //Username and password is valid
             var id = reader["Id"];
             //Your logic here
        }
        else
        {
            //Username and password is invalid.
        }
    }
}