I need some help. I have a website where people can create a class or event with times and places for the class or event. Once this instance is created they are supplied a link for people to sign up and a passcode for them to use to modify the class or take attendence for the class, or change attendees for the class. I have never done a login page before. I have read a lot about them but I cannot find anything that just uses a passcode to login. The passcode is stored in one of my SQL tables. I have about three or four pages that require the passcode before the user can go to those pages. I do not know how start doing any of this. I need help please.

Thank you,
Jesi

Well, Do you know how to retrieve data from the SQL database?

Do you know what if statements are?

If you can answer both you can do it.

Please explain which part you don't understand, so I may try and clarify.

Regards.

Yes, I know how to retrieve data from the SQL database. I am somewhat familar with if statements, but not very good at them. So there are several things I do not understand. I do not understand how to setup the web config file to only allow login for a few pages of the web site. I also not know how I would verify that they put in the correct passcode from the database. I have only used the database to display and change things in the database from my site, but not to validate something that is in the database. I have no clue how that would be done. Oh, and I am using C# in the code behind if that makes a difference. Thank you.

It is simple there is no need to stress over it.

Here try this.

if (Password.Text.Equals(RetrievedInformation)) //where Password.Test is your Password TextBox
    MessageBox.Show("Successful login");
else 
    MessageBox.Show("Wrong Password");

Where I said Successful Login you replace it with loading the new form or what ever you want to do when the authorization is successful.

Ok, I will try that, now could you help me with the web.config file. I have only two links in my menu that need a passcode to login, I understand that I need to put these in my web.config file, but I have not found a clear place that tells me which tags that goes under...authentications or where? Thanks.

I tried a version of you code:

protected void enterBtn_Click(object sender, EventArgs e)
        {
            string passcode = passcodeTxt.Text.Trim();
            string eventAuid = Request.QueryString["eventAuid"];
            string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;
            string connString = ConfigurationManager.ConnectionStrings["RSVPApplicationConnectionString"].ConnectionString;
            SqlConnection sqlConn = new SqlConnection(connString);
            SqlCommand sqlComm = new SqlCommand(sqlString, sqlConn);

            sqlConn.Open();
            string passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();

            if (passcode == "passcode1")

                FromsAuthentication.RedirectFromLoginPage(passcode, false);

            else

                MessageBox.Show("Wrong Passcode");
        }

I am getting the errors:

"The name 'FromsAuthentication' does not exist in the current context" and
"The name 'MessageBox' does not exist in the current context"

So I guess I am still doing something wrong...

are you working in windows env or web env.

if web then no MessageBox will be there..
and also i think you forgot to import namespace

using System.Web.Security;

if windows there is no such thing as FormsAuthentication..
yes messagebox is there..

I am working in the web env and I have that namespace.

string passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();ing is passcode the variable

            if (passcode == passcode1) // what you were checking against was "passcode1" what you ought to be testing is the variable passcode1

                FromsAuthentication.RedirectFromLoginPage(passcode, false);

            else

                MessageBox.Show("Wrong Passcode");
        }

As for FromsAuthentication I think you misspelled it maybe Forms not Froms?

I have never wrote an ASP.Net code but I am sure some one will help you with the config file.

I did notice that Forms was spelled wrong, so I did fix that. Thank you. Passcode is equal to what is in the textbox. And passcode1 is what I am trying to get from the database to compare to what was entered in the textbox.

I think I figured out the config file.

Here's my new code:

protected void enterBtn_Click(object sender, EventArgs e)
        {
            string passcode = passcodeTxt.Text.Trim();
            string eventAuid = Request.QueryString["eventAuid"];
            string passcode1;
            string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;
            string connString = ConfigurationManager.ConnectionStrings["RSVPApplicationConnectionString"].ConnectionString;
            SqlConnection sqlConn = new SqlConnection(connString);
            SqlCommand sqlComm = new SqlCommand(sqlString, sqlConn);

            sqlConn.Open();
            passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();

            if (passcode == "passcode1")

                FormsAuthentication.RedirectFromLoginPage(passcode, false);
            else
                message.Text = "Invalid passcode, please enter the correct passcode and try again.";
        }

Even if I enter the correct passcode it gives me the message I place above in the else area.

Thank you removing the quotes did it. Thank you finito.

So now it works if I put the correct passcode in but if I put the incorrect passcode in it gives me a "NullReferenceException was unhandled by user code. Object reference not ser ro an instance of an object."

protected void enterBtn_Click(object sender, EventArgs e)
        {
            string passcode = passcodeTxt.Text.Trim();
            string eventAuid = Request.QueryString["eventAuid"];
            string passcode1;
            string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;
            string connString = ConfigurationManager.ConnectionStrings["RSVPApplicationConnectionString"].ConnectionString;
            SqlConnection sqlConn = new SqlConnection(connString);
            SqlCommand sqlComm = new SqlCommand(sqlString, sqlConn);

            sqlConn.Open();
            passcode1 = sqlComm.ExecuteScalar().ToString();
            sqlConn.Close();

            if (passcode == passcode1)

                FormsAuthentication.RedirectFromLoginPage(passcode, false);
            else
                message.Text = "Invalid passcode, please enter the correct passcode and try again.";
        }

It throws the error here:

passcode1 = sqlComm.ExecuteScalar().ToString();

Anybody???

I tried a version of you code:

string sqlString = "Select passcode from Events where passcode = " + passcode + "and eventAuid = " + eventAuid;

I know you are trying this for your first time but be aware that this query is a security flaw. You can be exploited by SQL Injection if you leave it as is. I would recommend using a Regex.replace() function or some other methods. Check this out before you implement on the internet with your script.

http://msdn.microsoft.com/en-us/library/ff648339.aspx

passcode1 = sqlComm.ExecuteScalar();
            sqlConn.Close();

            if(passcode != DBNull){
            if (passcode.ToString() == passcode1)

                FormsAuthentication.RedirectFromLoginPage(passcode, false);
            else
                message.Text = "Invalid passcode, please enter the correct passcode and try again.";
        }
}

Try that

Missing a { after the 2nd If...but you should be able to figure that out ;)

Just Do this.

#
try {
    sqlConn.Open();
    passcode1 = sqlComm.ExecuteScalar().ToString();
    sqlConn.Close();
}
catch 
{
    passcode1 = "";
    sqlConn.Close();
}

Add the Try catch.

This is just an internal web application for my company, but I will look into the SQL injection for sure. Thank you for that information. I also changed my code to use count to see if the passcode matched so I went a little different way with this. Thank you all very much for your help.

Damn...! :)

Hi

Its a example of Login with passcode from SQL Database.You can refer this.It will help you.

if (Password.Text.Equals(RetrievedInformation)) //where Password.Test is your Password TextBox

MessageBox.Show("Successful login");

else

MessageBox.Show("Wrong Password");

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.