By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,491 Members | 1,169 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,491 IT Pros & Developers. It's quick & easy.

What's wrong with this authenticate user code, please?

P: 53
I have the following code but get a 'log on denied' error even though I know the user and password are correct.

Expand|Select|Wrap|Line Numbers
  1.  Private hashed As String
  2.  
  3.  Protected Sub LogonBtn_Click(sender As Object, e As EventArgs)
  4.  
  5.         'Dim hashedPassword As String = Crypto.HashPassword(hashed)
  6.  
  7.         Dim hashedPassword As String = Crypto.HashPassword(passwordTextBox.Text)
  8.  
  9.         'Authenticate user
  10.  
  11.         'Dim Authenticated As Boolean = Authenticate(strEmailTextBox.Text, passwordTextBox.Text)
  12.  
  13.         Dim Authenticated As Boolean = Authenticate(strEmailTextBox.Text, hashedPassword)
  14.  
  15.         'If authenticated, send user to userpage.aspx
  16.  
  17.         If Authenticated Then
  18.  
  19.             Dim target = String.Format("~/userpage.aspx?strEmailValue={0}", strEmailTextBox.Text)
  20.  
  21.             Session("strEmailValue") = strEmailTextBox.Text
  22.  
  23.             Response.Redirect(target, False)
  24.  
  25.         Else
  26.  
  27.             LabelError.Text = "Email/Password invalid. Login denied"
  28.  
  29.             LabelError.Visible = True
  30.  
  31.         End If
  32.  
  33.     End Sub
  34.  
  35.  
  36.     Protected Function Authenticate(strEmailValue As String, hashedValue As String) As Boolean
  37.  
  38.         'strEmailValue is the unknown email variable
  39.         'hashedValue is the unknown password variable
  40.         'strEmailTextBox is the ID of the email textbox field in my aspx file
  41.         'passwordTextBox is the ID of the password textbox field in my aspx file
  42.         'strEmail is the name of the email column in my MS Access database
  43.  
  44.         Using connection As OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationManager.ConnectionStrings("students").ConnectionString)
  45.  
  46.             Dim cmdText As String = "SELECT COUNT(strEmail) FROM university WHERE strEmail = '" & strEmailValue & "' AND [hashed] = '" & hashedValue & "'"
  47.  
  48.             Dim cmd As New OleDbCommand(cmdText, connection)
  49.  
  50.             connection.Open()
  51.  
  52.             Dim result As Integer = cmd.ExecuteScalar
  53.  
  54.             connection.Close()
  55.  
  56.             Return result > 0
  57.  
  58.         End Using
  59.  
  60.     End Function
Thank for any advice.
2 Weeks Ago #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.