using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;
using System.Data.SqlClient;
using System.Configuration;
using System.Security;

public partial class _Default : System.Web.UI.Page
{
    
    protected void Page_Load(object sender, EventArgs e)
    {
        txtUserName.Focus(); 
    }
    private void InitializeComponent()
    {
        this.cmdSubmit.Click += new System.EventHandler(this.cmdSubmit_Click);
        this.Load += new System.EventHandler(this.Page_Load);

    }


    protected void cmdSubmit_Click(object sender, EventArgs e)
    {
        if (Page.IsValid)
        {
            if (DBConnection(txtUserName.Text.Trim(), txtPassword.Text.Trim()))
            {
                FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
            }
            else
            {
                //lblMessage.Text = "Invalid Login, please try again!";
            }
        }

    }
    private bool DBConnection(string txtUser, string txtPass)
        {
        //    SqlConnection myConn = new SqlConnection(ConfigurationSettings.AppSettings["strConn"]);
            String ConnectionString = "server=iconn;database=db_test;user id=sa;password=iconn;";
            SqlConnection Conn = new SqlConnection(ConnectionString);
            SqlCommand myCmd = new SqlCommand("sp_ValidateUser", Conn);
           myCmd.CommandType = CommandType.StoredProcedure;
            
            SqlParameter objParam1;
            SqlParameter objParam2;
            //SqlParameter returnParam;

            objParam1 = myCmd.Parameters.Add("@txtUserName", SqlDbType.VarChar);
            objParam2 = myCmd.Parameters.Add("@txtPassword", SqlDbType.VarChar);
            //objreturnParam = myCmd.Parameters.Add ("@Num_of_User", SqlDbType.Int);

            objParam1.Direction = ParameterDirection.Input;
            objParam2.Direction = ParameterDirection.Input;
            //objreturnParam.Direction = ParameterDirection.ReturnValue;

            objParam1.Value = txtUser;
            objParam2.Value = txtPass;

            try
            {
                if (Conn.State == ConnectionState.Closed)
                {
                    Conn.Open();

                }

                SqlDataReader objReader;
                objReader = myCmd.ExecuteReader(CommandBehavior.CloseConnection);

                while (objReader.Read())
                {

                    if ((bool)(objReader.GetValue(0)) == false)

                    {
                        lblMessage.Text = "Invalid Login!";
                        //return false;
                    }
                    else
                    {
                        objReader.Close();
                        return true;
                    }

                }

            }
            catch 
            {
                lblMessage.Text = "Error Connecting to the database!";
                return false;
            }
        
        }
}

Error 1 '_Default.DBConnection(string, string)': not all code paths return a value C:\Documents and Settings\Administrator.ITECH\My Documents\Visual Studio 2008\WebSites\web_login\login.aspx.cs 46 18 C:\...\web_login\

hii.thnkss for excellent login tutorial.it's my first post to this forum
the procedure posted by u in this forum is executing succesful.i am using sql server.plzz help

>Error: not all code paths return a value
Error says that your method must return a value but you missed that.

At line #103,

private bool DBConnection(string txtUser, string txtPass)
 {

     .....
     return true;
  }

hi and thanks for the quick reply.my code is executing without errors.....but there are some issues like:

(1)if the login is successful(means username and password matches in the database),then user is redirected to the homepage.if not then a message will display on label as invalid login.
(2)one more issue is that i have used rangefieldvalidator and set it's min property to 8 and max property on 18.now when i enter password even of length eight or nine yet it displays the same message as :PASSWORD MUST BE 8 CHARACTER LONG.my code is as follows:

<body>
    <form id="form1" runat="server">
    <asp:Label ID="lblMessage" Style="position: absolute; top: 81px; left: 401px;" runat="server"
        Text="Label"></asp:Label>
    <%--for displayimg messages like invalid login and error connecting to the database--%>
    <asp:Label ID="lblUserName" TabIndex="5" runat="server" Text="USERNAME:" Style="position: absolute;
        top: 164px; left: 408px; height: 19px; right: 873px;">
    </asp:Label>
    <asp:TextBox ID="txtUserName" TabIndex="5" runat="server" Style="position: absolute;
        top: 160px; left: 523px;">
    </asp:TextBox>
    <asp:RequiredFieldValidator ID="rvUserNameValidator" ControlToValidate="txtUserName"
        runat="server" Style="position: absolute; top: 156px; left: 691px;" Display="Dynamic"
        ErrorMessage="The USER NAME field is required!" />
    <asp:Label ID="Label2" TabIndex="5" runat="server" Text="PASSWORD:" Style="position: absolute;
        top: 210px; left: 408px;">
    </asp:Label>
    <asp:TextBox ID="txtPassword" TabIndex="5" runat="server" Style="position: absolute;
        top: 202px; left: 523px;">
    </asp:TextBox>
    <asp:RequiredFieldValidator ID="rvPasswordValidator" ControlToValidate="txtPassword"
        Text="The PASSWORD field is required!" runat="server" Style="position: absolute;
        top: 197px; left: 686px;" />
    <asp:RangeValidator ID="rvPassword" ControlToValidate="txtPassword" runat="server"
        ErrorMessage="PASSWORD MUST BE 8 CHARACTER LONG" Display="Dynamic" Type="Integer"
        MinimumValue="8" MaximumValue="20" Style="position: absolute; top: 222px; left: 686px;">
    </asp:RangeValidator>
    <asp:Button ID="cmdSubmit" TabIndex="5" runat="server" Text="SUBMIT" Style="position: absolute;
        top: 294px; left: 524px;" OnClick="cmdSubmit_Click" />
    <a id="link2" style="position: absolute; top: 357px; left: 500px;" runat="server"
        href="~/signup.aspx">NEW ACCOUNT</a>
    </form>
</body>

CODE BEHIND IS AS:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;
using System.Data.SqlClient;
using System.Configuration;
using System.Security;

public partial class _Default : System.Web.UI.Page
{
    
    protected void Page_Load(object sender, EventArgs e)
    {
        txtUserName.Focus(); 
    }
    private void InitializeComponent()
    {
        this.cmdSubmit.Click += new System.EventHandler(this.cmdSubmit_Click);
        this.Load += new System.EventHandler(this.Page_Load);

    }


    protected void cmdSubmit_Click(object sender, EventArgs e)
    {
        //Response.Redirect("Home.aspx?txtUserName=" + this.txtUserName.Text);
        //Response.Redirect("Webform2.aspx?Name=" + this.UserName.Text + "&LastName=" + this.txtLastName.Text);
        if (Page.IsValid)
        {
            if (DBConnection(txtUserName.Text.Trim(), txtPassword.Text.Trim()))
            {
                FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
            }
            else
            {
               lblMessage.Text = "Invalid Login, please try again!";
            }
        }

    }
    private bool DBConnection(string txtUser, string txtPass)
        {
        //    SqlConnection myConn = new SqlConnection(ConfigurationSettings.AppSettings["strConn"]);
            String ConnectionString = "server=xyz;database=db_test;user id=sa;password=abc;";
            SqlConnection Conn = new SqlConnection(ConnectionString);
            SqlCommand myCmd = new SqlCommand("sp_ValidateUser", Conn);
            myCmd.CommandType = CommandType.StoredProcedure;
            
            SqlParameter objParam1;
            SqlParameter objParam2;
            SqlParameter objreturnParam;

            objParam1 = myCmd.Parameters.Add("@txtUserName", SqlDbType.VarChar);
            objParam2 = myCmd.Parameters.Add("@txtPassword", SqlDbType.VarChar);
            objreturnParam = myCmd.Parameters.Add("@Num_of_User", SqlDbType.Int);

            objParam1.Direction = ParameterDirection.Input;
            objParam2.Direction = ParameterDirection.Input;
            objreturnParam.Direction = ParameterDirection.ReturnValue;

            objParam1.Value = txtUser;
            objParam2.Value = txtPass;
            //bool temp = false;
            try
            {
                if (Conn.State == ConnectionState.Closed)
                {
                    Conn.Open();

                }

                SqlDataReader objReader;
                objReader = myCmd.ExecuteReader(CommandBehavior.CloseConnection);

                while (objReader.Read())
                {

                    if ((bool)(objReader.GetValue(0)) == false)

                    {   
                        lblMessage.Text = "Invalid Login!";
                        return false;
                        //temp = false; 
                    }
                    else
                    {
                        Response.Redirect("~/Home.aspx");
                        objReader.Close();
                        return true;
                        //temp = true;
                    }

                }
                //return temp;//return temp modified
            }
            catch 
            {
                lblMessage.Text = "Error Connecting to the database!";
                //return temp= false;
                return false;
            }
            return true;
        }
}
CREATE PROCEDURE sp_ValidateUser /* How it would appear in QUERY ANALYZER */    
(    
@txtUserName VARCHAR(50) = NULL,    
@txtPassword VARCHAR(50) = NULL,    
@Num_of_User INT = 0    
)    
AS    
SET @Num_of_User = (SELECT COUNT(*) AS Num_of_User    
FROM tbl_signup    
WHERE UserName = @txtUserName AND Password = @txtPassword)    
RETURN @Num_of_User

table is as:

alok alokamar123456
jhtftjhf alokamar12345678
jhtftjhf aa
jhtftjhf aa
jhtftjhf aa
jhtftjhf a
alok alokamar123456

>when i enter password even of length eight or nine

Use RegularExpress validation control.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.