-4

i m writing the code:

string query = "Select * from AdminLogin where username='" + name + 
               "' and password='" +   password + "'";

DataSet ds = BusinessLogic.returnDataSet(query);
foreach (DataRow dr in ds.Tables[0].Rows)
{
    if (dr[0].ToString() == name && dr[1].ToString() == password)
    {
      Response.Redirect("~/Home.aspx");
    }
    else
    {
      //Here I want to write the code that will open a message box 
      //that will tell to user that username and password does not match.
     }
}
yogi
  • 17,657
  • 12
  • 53
  • 89
Ankur
  • 17
  • 1
  • 1
  • 7

4 Answers4

1

By message box I'm assuming you mean a javascript alert. I'm not a big fan of posting back with javascript functions. I think its messy, and that javascript should only be used when dealing with client-side actions.

I would actually recommend to use a placeholder and a literal control for this. You could have the following in your webform:

<asp:placeholder id="phLoginFailed" runat="server" visible="false">
     <div class="loginfailed">
        Login failed
     </div>
</asp:placeholder>

This placeholder could be styled like a popup, or displayed within your page using CSS.

Then change your C# to:

else
{
    phLoginFailed.Visible = true;
}

Also, its worth mentioning, your SQL query is prone to SQL Injection. You should use parameterised queries.

And you should encrypt passwords when storing them in the database for security purposes.

Curt
  • 94,964
  • 60
  • 257
  • 340
  • And you shouldn't be storing plain text passwords. Hash them first & compare the hashed values – Simon Halsey Aug 09 '12 at 11:25
  • @SimonHalsey You've downvoted me for that? – Curt Aug 09 '12 at 11:26
  • didn't downvote you. just adding to your very good point about SQL injection. Sorry if that wasn't clear – Simon Halsey Aug 09 '12 at 11:29
  • @SimonHalsey Sorry, I assumed you -1 because I got a downvote at the same time. I've added your point regarding password encryption :) – Curt Aug 09 '12 at 11:29
  • @Ankur I need more information than that. What is not working? Are you getting an error – Curt Aug 09 '12 at 11:30
  • @Ankur And I'll be impressed if you've managed to parametise your queries, style your login failure and improve your password security in the last 6 minutes! – Curt Aug 09 '12 at 11:31
  • ya thanks...but when i am using placeholder and i have visible it then it is not showing error message on the page. – Ankur Aug 09 '12 at 11:36
0

This is not as easy as it sounds. Basically, you have two options:

  • Send some JavaScript to the client (for example, using RegisterClientScriptBlock) which calls the JavaScript alert(...); method.

  • Alternatively, use an ASP.NET component that "looks like" a popup. One example is the ModalPopup component in the ASP.NET Ajax Control Toolkit.

Heinzi
  • 151,145
  • 51
  • 326
  • 481
0

just write this line where you want o show message 

this.Page.RegisterClientScriptBlock(Page.GetType(),"key", "alert('Wrong username or password')",true);

Edited code 

 if (dr[0].ToString() == name && dr[1].ToString() == password)
     {
       Response.Redirect("~/Home.aspx");
     }
     else
     {
         this.Page.RegisterClientScriptBlock(Page.GetType(),"key", "alert('Wrong username or password')",true);

       //Here I want to write the code that will open a message box
        //that will tell to user that username and password does not match.
      }
Pranay Rana
  • 164,177
  • 33
  • 228
  • 256
0
ClientScript.RegisterClientScriptBlock(Page.GetType(),"key", "alert('Wrong username or password')", true);

or if it is used outside page scope then 

        Page page = (HttpContext.Current.Handler as Page);
        if (page!=null)
        {
            page.ClientScript.RegisterClientScriptBlock(Page.GetType(), "key", "alert('Wrong username or password')", true);
        }
jekcom
  • 1,937
  • 2
  • 22
  • 33