There is a login page in aspx.net that asks the user to enter in their username and what authorization level they are.
My question is once they do that I have to read from that and check what they entered from a sql database with all the possible usernames and authorizations. Problem is the login page is in aspx.net and the code to check the login information is in regular .cs file.
If someone can look over my code and tell me what I am doing wrong and possibly give me a better code or fix what I have that would be great!
And sorry about the errors and confusion, I am new to coding!
Here is what I have so far:
public bool getCredentials(string UserName, string Authlvl)
{
bool valid = false;
string loginSQL = "SELECT COUNT FROM user_verification WHERE userID = '" + UserName + "' AND auth_lvl = '" + Authlvl + "'";
SqlCommand cmd = new SqlCommand(loginSQL, dB.Connect());
try
{
int rowCount = Convert.ToInt32(cmd.ExecuteScalar());
if (rowCount >= 1)
{
valid = true;
}
else if (rowCount <= 0)
{
valid = false;
}
}
catch
{
}
return valid;
}
public void getInfo(string _Username, string Authlvl)
{
string selectAllSql = "Select auth_lvl FROM user_verification WHERE userID = '" + UserName + "'AND auth_lvl = '" + Authlvl
+ "'";
SqlCommand cmd = new SqlCommand(selectAllSql, dB.Connect());
Authlvl = "";
SqlDataReader reader;
try
{
reader = cmd.ExecuteReader();
while (reader.Read())
{
UserName.Text = reader["username"].ToString();
Authlvl.Text = reader["auth_lvl"].ToString();
}
}
catch (Exception ex)
{
throw (new Exception("" + ex));
}
}
private void Form1_Load(object sender, EventArgs e)
{
// TODO: This line of code loads data into the 'import_logDataSet.DB_tables' table. You can move, or remove it, as needed.
this.dB_tablesTableAdapter.Fill(this.import_logDataSet.DB_tables);
}
private void button1_Click(object sender, EventArgs e)
{
save.ShowDialog();
}
private void button3_Click(object sender, EventArgs e)
{
//Clears all text in text box
ID.Clear();
}
private void button4_Click(object sender, EventArgs e)
{
string str = @"";
Process process = new Process();
process.StartInfo.FileName = str;
process.Start();
}
private void ID_KeyPress(object sender, KeyPressEventArgs e)
{
char ch = e.KeyChar;
if (!Char.IsDigit(ch) && ch != 8 && ch != 13 && e.KeyChar < 65 || e.KeyChar > 122)
{
e.Handled = true;
}
StreamWriter sw = new StreamWriter("ExporterOutput.txt");
sw.WriteLine(ID.Text);
sw.Close();
}
private void OutputBox_TextChanged(object sender, EventArgs e)
{
MessageBox.Show("Here is the information you input: ");
StreamWriter sw = new StreamWriter("ExporterOutput.txt");
sw.WriteLine(ID.Text, UserName.Text, Authlvl.Text, comboBox1.Text, comboBox2.Text, FolderDrop.Text);
sw.Close();
}
private void Help_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
{
System.Diagnostics.Process.Start("http://www.google.com");
Help.LinkVisited = true;
}
private void save_FileOk(object sender, CancelEventArgs e)
{
}
}
}
Assuming that
UserIDis a numeric field,UserID = UserNamewill not work.EDIT
I think the problem is with your select statement.
COUNTis a function and requires an argument. Try something like this instead: