Jump to content
danyyelmendez

erro login

Recommended Posts

danyyelmendez

Viva,

contenho os seguintes erros num campo de login

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {

        string userName = Login1.UserName;

        string password = Login1.Password;

        bool rememberUserName = Login1.RememberMeSet;

       

        // ligação a base de dados

        string dataPath = Server.MapPath("~/App_Data/Database.mdf");

        DataSet dSet = new DataSet();

        dSet.ReadXml(dataPath);

        DataRow[] rows = dSet.Tables[0].Select(" UserName = '" + userName + "' AND Password = '" + password + "'");

        // record validated

        if (rows.Length > 0)
        {

            // get the role now

            string roles = rows[0]["Roles"].ToString();


            // Create forms authentication ticket

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

            1, // Ticket version

            userName, // Username to be associated with this ticket

            DateTime.Now, // Date/time ticket was issued

            DateTime.Now.AddMinutes(50), // Date and time the cookie will expire

            rememberUserName, // if user has chcked rememebr me then create persistent cookie

            roles, // store the user data, in this case roles of the user

            FormsAuthentication.FormsCookiePath); // Cookie path specified in the web.config file in <Forms> tag if any.

            // To give more security it is suggested to hash it

            string hashCookies = FormsAuthentication.Encrypt(ticket);

            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket

            // Add the cookie to the response, user browser

            Response.Cookies.Add(cookie);

            // Get the requested page from the url

            string returnUrl = Request.QueryString["ReturnUrl"];

            // check if it exists, if not then redirect to default page

            if (returnUrl == null) returnUrl = "~/homepage.aspx";

            Response.Redirect(returnUrl);

        }

        else // wrong username and password
        {

            // do nothing, Login control will automatically show the failure message

            // if you are not using Login control, show the failure message explicitely

        }
    }

alguma opniao?? :S

comprimentos,

danyyelmendez

Share this post


Link to post
Share on other sites
f-22

Qual é a duvida? O codigo vai directo para o else?

Assim de relance posso ver que isso é susceptivel a SQL Injection (creio eu).

Share this post


Link to post
Share on other sites
marciocardoso

tenta fazer qualquer coisa do género:

using (var command = new SqlCommand("select Password from utilizador WHERE username='" + user + "'", con))
                    {
                        con.Open();
                        var reader = command.ExecuteReader();
                        if (reader.Read())
                        {
                            string temp = reader["Password"].ToString();
                            if (Password.Equals(temp))
                            {
                                //// o teu código aqui..
                            }
                        }

                    }

Share this post


Link to post
Share on other sites
danyyelmendez

o problema e que ele não me encontra o sqlcommand.

diz que não foi enconttrado

no inicio da pagina tenho isto declarado, sera que falta alguma coisa?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;

comps

Share this post


Link to post
Share on other sites
Rechousa

Colocar:

using System.Data.SqlClient;

Em alternativa e, para aprenderes para futuro, quando não encontrar uma determinada class, faz botão direito do rato em cima do nome da class que está a dar erro (deverá ficar sublinhada a vermelho) e escolhe a opção Resolve -> Using ... :thumbsup:

Espero ter ajudado.


Pedro Martins

Sharing is Knowledge!

http://www.linkedin.com/in/rechousa

Share this post


Link to post
Share on other sites
danyyelmendez

ajudou mesmo  :thumbsup:

system.data;

era o que faltava

obrigado a todos

abraço

Daniel Mendes

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.