void Login_Click(Object sender, EventArgs e) { String sHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text,"MD5"); String sqlStmt = "Select username from Users where username='" + UserName.Text + "' and password='" + sHashedPassword + "'"; SqlConnection sqlConn = new SqlConnection("server=localhost;uid=sa;pwd=password;database=master;"); SqlCommand sqlCmd = new SqlCommand(sqlStmt, sqlConn); sqlCmd.Connection.Open(); SqlDataReader sqlReader = sqlCmd.ExecuteReader(CommandBehavior.CloseConnection);
if (sqlReader.Read()) FormsAuthentication.RedirectFromLoginPage(username.Text, true); else status.InnerHtml += "Invalid Login"; }
|