Torna al Thread
Function ValidateUser(ByVal userName As String, ByVal passWord As String) As Boolean
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim lookupPassword As String
Session("Username") = userName & " Hello"
lookupPassword = Nothing
'CHECK FOR A INVALID USERNAME
If ((userName Is Nothing)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName Failed.")
Return False
End If
'Check for invalid password
If (passWord Is Nothing) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.")
Return False
End If
If ((passWord.Length = 0) Or (passWord.Length > 25)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of password failde.")
Return False
End If
Try
Dim strconn As String = "Data Source=.\SQLEXPRESS;AttachDbFilename='C:\Documents and Settings\Documenti\Visual Studio 2010\WebSites\APP_DATA\database.mdf';Integrated Security=True;User Instance=True"
conn = New SqlConnection(strconn)
conn.Open()
' cmd = New SqlCommand("Select pwd from Users where uname=@userName", conn)
cmd = New SqlCommand("SELECT password FROM utenti where Username=@userName", conn)
cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25)
cmd.Parameters("@userName").Value = userName
lookupPassword = cmd.ExecuteScalar
cmd.Dispose()
conn.Dispose()
Catch ex As Exception
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception" & ex.Message)
End Try
'if no password found
If (lookupPassword Is Nothing) Then
Return False
End If
Return (String.Compare(Trim(lookupPassword), passWord, False) = 0)
End Function