protected void btnLogin_Click(object sender, EventArgs e) { SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString); con.Open(); //create new customer String query = "Select CustomerID from customer where email = @email"; SqlCommand cmd = new SqlCommand(query, con); cmd.Parameters.AddWithValue("@email", HttpUtility.HtmlEncode(txtEmail.Text));; SqlDataReader myReader3 = cmd.ExecuteReader(); if (myReader3.HasRows) { while (myReader3.Read()) { Session["ID"] = Convert.ToString(myReader3[0]); } myReader3.Close(); } con.Close(); Session["Email"] = HttpUtility.HtmlEncode(txtEmail.Text); try { System.Data.SqlClient.SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString()); lblStatus.Text = "Database Connection Successful"; sc.Open(); System.Data.SqlClient.SqlCommand findPass = new System.Data.SqlClient.SqlCommand(); findPass.Connection = sc; // SELECT PASSWORD STRING WHERE THE ENTERED USERNAME MATCHES findPass.CommandText = "SELECT PasswordHash FROM CustPass WHERE Username = @Username"; findPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtEmail.Text))); SqlDataReader reader = findPass.ExecuteReader(); // create a reader if (reader.HasRows) // if the username exists, it will continue { while (reader.Read()) // this will read the single record that matches the entered username { string storedHash = reader["PasswordHash"].ToString(); // store the database password into this variable if (PasswordHash.ValidatePassword(txtPassword.Text, storedHash)) // if the entered password matches what is stored, it will show success { lblStatus.Text = "Success!"; Response.Redirect("CustomerServInfo1.aspx"); } else { lblStatus.Text = "Password is incorrect."; } } } else // if the username doesn't exist, it will show failure { lblStatus.Text = "Login failed. User Does not Exist"; } sc.Close(); } catch { lblStatus.Text = "Database Error."; } }
// Logs the user into the system protected void btnLogin_Click(object sender, EventArgs e) { int count = 0; // Checks the simple credentials table for a username and password // This is used for so non-teachers can still login to the system if (count == 0) { SqlConnection sqlConnection = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString.ToString()); SqlCommand sqlCommand = new SqlCommand(); sqlCommand.Connection = sqlConnection; sqlCommand.CommandType = CommandType.StoredProcedure; sqlCommand.CommandText = "JeremyEzellLab3"; sqlCommand.Parameters.AddWithValue("@Username", txtUsername.Text.ToString()); sqlCommand.Parameters.AddWithValue("@Password", txtPassword.Text.ToString()); sqlConnection.Open(); SqlDataReader loginResults = sqlCommand.ExecuteReader(); if (loginResults.Read()) { count++; } sqlConnection.Close(); } // If non non-teacher account is found checks the AUTH database for a teacher login if (count == 0) { // connect to database to retrieve stored password string try { SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString()); sc.Open(); System.Data.SqlClient.SqlCommand findPass = new System.Data.SqlClient.SqlCommand(); findPass.Connection = sc; // SELECT PASSWORD STRING WHERE THE ENTERED USERNAME MATCHES findPass.CommandText = "select PasswordHash from Pass where Username = @Username"; findPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtUsername.Text))); SqlDataReader reader = findPass.ExecuteReader(); // create a reader if (reader.HasRows) // if the username exists, it will continue { while (reader.Read()) // this will read the single record that matches the entered username { string storedHash = reader["PasswordHash"].ToString(); // store the database password into this variable if (PasswordHash.ValidatePassword(txtPassword.Text, storedHash)) // if the entered password matches what is stored, it will show success { count = 1; btnLogin.Enabled = false; txtUsername.Enabled = false; txtPassword.Enabled = false; } } } sc.Close(); } catch { lblLoginFeedback.Text = "Database Error."; } } // Checks to make sure the username and password are valid if (count == 1) { Session["Username"] = txtUsername.Text; login.Visible = false; logout.Visible = true; lblLoggedInUser.Text = "Current User: "******"Username"].ToString(); } else { lblLoginFeedback.Text = "Incorrect Username and/or Password! Please try again!"; } }