How to do login with 2 different conditions?

Question

0.00/5 (No votes)

See more:

Hi,

Can anyone hlp?

How to do login with 2 different cnditions?

1.when we enter proper email & wrong password it should show "Invalid Username & password".

2.when we enter just wrong email & wrong password it shold show "Please register to login"...

code:

C#

protected void ImageButton1_Click5(object sender, ImageClickEventArgs e)
   {
       if (cn.State == ConnectionState.Closed)
       {
           cn.Open();
       }
       //int chkusers;
       string loginemailid, password;
       string fuid = null;
       loginemailid = txtusername.Text.Trim();
       password = txtpw.Text.Trim();
       Session["username"] = loginemailid;
       Session["password"] = password;
       //cn.Open();

       SqlCommand cmd = new SqlCommand("select loginemailid,password from tbl_register where loginemailid='" + txtusername.Text + "' and password='" + txtpw.Text + "'", cn);
       SqlDataReader dr = cmd.ExecuteReader();
       if (dr.HasRows)
       {
           while (dr.Read())
           {

               loginemailid = dr["loginemailid"].ToString();
               password = dr["password"].ToString();
               string userid = mydac.findid(fuid, loginemailid, password);
               Response.Redirect("Home.aspx?userid=" + userid);
           }
           dr.Close();
       }
       else
       {
           lblmsg.Text = "Invalid Username and Password";
       }

   }

Posted 28-Feb-12 1:59am

sathiyak

Updated 28-Feb-12 2:20am

Rajesh Anuhya

v4

Add a Solution

Comments

ZurdoDev 28-Feb-12 8:13am

So, what is the problem?

sathiyak 28-Feb-12 8:14am

in this i just show only one msg...but i have to show 2 messages for above conditions...

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-02-28T02:31:00

There are so many things wrong with that approach.

1) You shouldn't report different errors - if you do, it tells the naughty peoiple thjat they have a valid user id, but a bad password.
2) I could bypass your password checking without even trying! And if I can, anyone can! Use parametrized queries, or your database is at risk from an SQL Injection attack which could damage or destroy it.
3) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

Bojjaiah · Answer 2 · 2012-02-28T02:31:00

Solution 1

Hi sat,

try this

C#

static int loginfail = 0;
            if (dr.HasRows)
            {
                //do something
            }
            else
            {
                lblmsg.Text = "Invalid Username and Password";
                loginfail++;
            }

if(loginfail==3)
{
 lblmsg.Text = "Please register to Login;
}

Posted 28-Feb-12 2:31am

Bojjaiah

Comments

sathiyak 28-Feb-12 8:40am

loginfail==3...why this?

Bojjaiah 28-Feb-12 8:45am

every user have own username or password their credentials,
but the user login failed 3 times.
here 2 things or there
1.user forgot the password
2.user don't have username and password

So, you can show message like that("Please register to Login or send request in forgotpasswrod page to get password").

sathiyak 28-Feb-12 8:49am

i dont need forgot password and all ...first thing is when i enter right email & wrong pw it should show "invalid credentials"...but when i enter email like ggg and wrong password it should display"pleasr register to login"....

Bojjaiah 28-Feb-12 8:54am

good you can do. after completing your functionality post me.how do you solve?

sathiyak 28-Feb-12 8:56am

nice...

Keith Barrow · Answer 3 · 2012-02-28T02:33:00

A few things spring to mind:

According to your code, you are storing passwords in plain text, this is extremely bad and poses a high security risk. You should (best) use a salted hash or (less good) use encrypted values. I would only suggest the latter if it is mandated somewhere that users should be able to retrieve their passwords, and I would even advise against this as a requirement
Please consider using the .net providers for authentication and authorisation: the already do the work you are doing. The SqlMemberShip and role providers will do pretty much what you want out of the box(See this video[^]). If you need to, you can write your own providers or subclass existing ones (See this video[^])

Finally, I would suggest always showing the "register" link. Users won't know to try logging in first before registering: this is bad usuability. I would also stringly advise against your strategy of showing the message if the e-mail is wrong: it gives people a way of testing for Ids sp they then know 50% of the two-part authentication you are using.

How to do login with 2 different conditions?

3 solutions

Solution 2

Solution 1

Solution 3

Add your solution here

Preview 0