I am building a login page for a website using ASP.NET and Visual Basic without Razor, as well as T-SQL. When I try to login with an existing account, I get an incorrect password message even if the password is correct.
I've tried to conduct some research on Stack Overflow and Code Project about this problem, but most people use ASP.NET Razor which is not what I am using.
Imports System.Data.SqlClient
Partial Class Login
Inherits System.Web.UI.Page
Public Sub Submit(e As Object, sender As EventArgs) Handles submitButton.Click
Dim conn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("RegistrationConnectionString").ConnectionString)
conn.Open()
Dim checkuser As String = "SELECT count(*) FROM [Table] WHERE Username='" + user.Text + "'"
Dim com As SqlCommand = New SqlCommand(checkuser, conn)
Dim temp As Integer = Convert.ToInt32(com.ExecuteScalar())
conn.Close()
If temp = 1 Then
conn.Open()
Dim checkpasswordquery As String = "SELECT password FROM [Table] WHERE Username='" + user.Text + "'"
Dim passComm As SqlCommand = New SqlCommand(checkpasswordquery, conn)
Dim password As String = passComm.ExecuteScalar().ToString()
MsgBox(password) //I have this here to test if my password matches (and my password does match)
If password = pass.Text Then
MsgBox("Login successful!")
Else
MsgBox("Incorrect password. If you would like to reset your password, please email info@maddenu.com")
End If
Else
MsgBox("Incorrect username")
End If
End Sub
End Class
I expect to get a message box telling me that the login is successful, but instead I get a message box telling me that the password is incorrect and I should email info@maddenu.com if I need a password reset.
