5 Replies - 1215 Views - Last Post: 14 April 2011 - 08:51 PM Rate Topic: -----

#1 G_rose42   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 60
  • Joined: 15-December 10

login problem

Posted 11 April 2011 - 10:03 PM

hi..
in my project i hav login page here the problem is after i logoff if i click back button placed in browser is going my previous page i mean its going inside my website without login
Is This A Good Question/Topic? 0
  • +

Replies To: login problem

#2 marinus   User is offline

  • D.I.C Addict
  • member icon

Reputation: 138
  • View blog
  • Posts: 575
  • Joined: 14-April 10

Re: login problem

Posted 11 April 2011 - 11:18 PM

hi G_ROSE

Can u show your login code please..

This post has been edited by marinus: 11 April 2011 - 11:19 PM

Was This Post Helpful? 0
  • +
  • -

#3 G_rose42   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 60
  • Joined: 15-December 10

Re: login problem

Posted 12 April 2011 - 01:16 AM

already u had seen my code for alert problem.....

con.Open();

               cmd = new SqlCommand("select count(*) from CUM_Dist_Users where CUM_UserName='" + txt_username.Text + "' and CUM_Password='" + txt_password.Text + "'", con);

               a = Convert.ToInt32 (cmd.ExecuteScalar());

               if (a == 1)

       {

            cmd = new SqlCommand("G_dis_suggselect", con);

           cmd.CommandType = CommandType.StoredProcedure;

           cmd.Parameters.AddWithValue("@CUM_usrnm",txt_username.Text);

           cmd.Parameters.AddWithValue("@CUM_pwd", txt_password.Text);

           SqlDataReader dr = cmd.ExecuteReader();

           if (dr.Read())

           {
               Session["s_cuid"] = Convert.ToInt32(dr.GetValue(1).ToString());

               Session["s_ccmpycd"] = dr.GetValue(0).ToString();
            
               Session["s_cmpynm"] = dr.GetValue(9).ToString();

           }

            Response.Redirect("Dis_Home.aspx");

       }

       else

       {
                    
           myBody.Attributes.Add("onload","alert('Invalid username or password');");
       }


Was This Post Helpful? 0
  • +
  • -

#4 marinus   User is offline

  • D.I.C Addict
  • member icon

Reputation: 138
  • View blog
  • Posts: 575
  • Joined: 14-April 10

Re: login problem

Posted 12 April 2011 - 01:44 AM

You should create a login session ,

if uses logs in create a session

in login page use

if(UserValid)
{
  Session["Code"] = userId;//Create a session for webpage to remember the user.
  Session.TimeOut = 200; //Use will be logged of automatically in 200 minutes..
  Response.Redirect("userloggedin.aspx");

}


and in page you want the use to be logged in . Do this (e.g userloggedin.aspx)

if(Session["Code"] == null)
{
   Response.Redirect = "login.aspx"
}
else 
{
   myBody.Attributes.Add("onload","alert('Welcome fella!!');");
}



If there is no logged in session then this page would not execute futher and redirect the user to you home page

Just remember to use [code] tags when posting you code

You should learn more about Session
Hope this helps...

This post has been edited by marinus: 12 April 2011 - 01:48 AM

Was This Post Helpful? 1
  • +
  • -

#5 Nakor   User is offline

  • Professional Lurker
  • member icon

Reputation: 448
  • View blog
  • Posts: 1,504
  • Joined: 28-April 09

Re: login problem

Posted 12 April 2011 - 04:07 AM

Since marinus covered the login issue I think I'll point out a little bit of a security issue. In your code you are creating two Parameters, CUM_usernm and CUM_pwd, but you only use these with the SqlCommand that uses a stored procedure CommandType but not with the Text CommandType that you use first.

con.Open();
 
cmd = new SqlCommand("select count(*) from CUM_Dist_Users where CUM_UserName='" + txt_username.Text + "' and CUM_Password='" + txt_password.Text + "'", con);
 
a = Convert.ToInt32 (cmd.ExecuteScalar());
 
if (a == 1) 
{ 
    cmd = new SqlCommand("G_dis_suggselect", con);
    cmd.CommandType = CommandType.StoredProcedure;
    cmd.Parameters.AddWithValue("@CUM_usrnm",txt_username.Text);
    cmd.Parameters.AddWithValue("@CUM_pwd", txt_password.Text);
    
    SqlDataReader dr = cmd.ExecuteReader();
 
    if (dr.Read())
    {
        Session["s_cuid"] = Convert.ToInt32(dr.GetValue(1).ToString());
        Session["s_ccmpycd"] = dr.GetValue(0).ToString();
        Session["s_cmpynm"] = dr.GetValue(9).ToString();
    }
 
    Response.Redirect("Dis_Home.aspx");
}
 



You are plugging the text fields directly into your SQL statement which is leaving your site wide open for SQL injection attacks. You need to be using parameters in your Text Commandtypes as well as your StoreProcedure CommandTypes.
Was This Post Helpful? 0
  • +
  • -

#6 G_rose42   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 60
  • Joined: 15-December 10

Re: login problem

Posted 14 April 2011 - 08:51 PM

let me try this man.. thank u
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1