hi. i am new to sql and recently wrote a login.aspx script that doesn't work no matter what i seem to do. I have a SHA1 hashed password in the database and i am wondering if there is something in particular i have to do to verify it. It authenticates true or false based on the email/pass match. code below:
Code:
if(Page.IsValid)
{
bool authenticated;
SqlDataReader reader;
const string connStr =
"data source= SERVER\\NETSDK;" +
"Initial Catalog = master;" +
"User ID = sa;" +
"Password =";
SqlConnection conn=new SqlConnection(connStr);
String sHashedPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(Pass.Text,"SHA1");
string sql = "SELECT EmailAddress FROM members WHERE EmailAddress ='" +
Email.Text + "' AND Password ='"+ sHashedPassword +"'";
SqlCommand comm=new SqlCommand(sql, conn);
conn.Open();
reader=comm.ExecuteReader();
if(reader.Read())
{
authenticated = true;
}
else
{
authenticated = false;
}
reader.Close();
conn.Close();
conn.Dispose();
}
}