Hi, im facing some problem when i have to verify user at my login function. Im using Visual Web Developer with vb programming and MS SQL Server 2000 as my database.
Basically my login form have few textbox for user to input the id and password, 1 radiolist for user to select its identity and 1 button to login.
User have to select the identity from the radiolist, then radiolist will point to different table to verify user based on the selection. Seems like i having problem at verify user. No matter the password is correct or not the user still able to login. Anyone please give me some advice~ thanks alot!
Imports System.Data.SqlClient
Imports System.Data
Partial Class _Default
Inherits System.Web.UI.Page
Protected WithEvents rblSubject As RadioButtonList
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Dim setting As ConnectionStringSettings
setting = System.Configuration.ConfigurationManager.ConnectionStrings("MyConnection")
Dim connectionString As String = setting.ConnectionString
Dim objConn As New SqlConnection(connectionString)
Dim comm As New SqlClient.SqlCommand
Dim Users As SqlClient.SqlDataReader
Dim mySql As String
Dim ds As DataSet = New DataSet()
Dim dv As DataView = New DataView()
Try
objConn.Open()
Users = comm.ExecuteReader(Data.CommandBehavior.CloseConnection)
Catch ex As Exception
Me.Label2.Text = "Errors while attempting to connect to the system database"
Exit Sub
End Try
While Users.Read
Select Case RadioButtonList1.SelectedIndex
Case 0
'Select the Student Table from database
mySql = "SELECT * FROM Student"
If String.Compare(Users("Stud_ID").ToString, Me.txtID.Text.ToString) = 0 Then
' user id is found
' Compare Password
If String.Compare(Users("Password").ToString, Me.txtPassword.Text) <> 0 Then
Me.Label2.Text = "Invalid password"
Users.Close()
Exit Sub
Else ' Valid user name and password
Session.Add("StudID", Users("Stud_ID").ToString)
Users.Close()
Response.Redirect("Student_Main.aspx")
Exit Sub
End If
End If
' txtID.Text = "You selected: " & rbList1.SelectedItem.Text
Case 1
'Select the Lecturer Table from database
mySql = "SELECT * FROM Lecturer"
If String.Compare(Users("Lec_ID").ToString, Me.txtID.Text.ToString) = 0 Then
' user id is found
' Compare Password
If String.Compare(Users("Password").ToString, Me.txtPassword.Text) <> 0 Then
Me.Label2.Text = "Invalid password"
Users.Close()
Exit Sub
Else ' Valid user name and password
Session.Add("LecID", Users("Lec_ID").ToString)
Users.Close()
Response.Redirect("Lecturer_Main.aspx")
Exit Sub
End If
End If
End Select
End While
End Sub
End Class