If statement to compare to text values (this should be easier I'm sure!)

Question

User1234091709 posted

Hey all,

I'm sure this should be a really easy thing to do, but I am just not getting the results I would expect.

Consider a basic log in process where a user enters a password and from their username I load the saved password from an SQL database.  To compare the two I should be able to simple do a If statement can't I?  If one equals the other, password is correct, if it doesn't then the user isn't logged in.  The problem is, I have confirmed that the values I am comparing pretty much make no difference, the user is processes as being logged on.  Its really simple code:

info:

myReader("password") is the password extracted from the SQL database

login_password.Text is the value in the form of the users entered password

I have added the .ToString.ToLower only to try everything to simply the comparison.  It doesn't work without them either.  I have also tried using a StrComp function comparison as well however I get the same results.  I can see the values are the same when I added them to some screen output.  Oddly, when I use watch variables, the values appear as "value1" in one case, and "value2 in the other (missing the trailing ").  However these " are never displayed in any output so I am not sure if that is a qwerk in Studio Web 2013 Express.

Here is the If statement

If myReader("password").ToString.ToLower = login_password.Text.ToString.ToLower Then
                Session("Username") = myReader("email").ToString.ToLower & " " & myReader("password").ToString.ToLower & " " & login_password.Text.ToString.ToLower
                Session("LoggedIn") = 1
      Else
                Session("Username") = "Wrong password"
                Session("LoggedIn") = 0
End If

_________________________________

Even if I use the wrong password the If gets processed as a successful comparison, not the else and I end up with:

Logged Username: emailaddress password bpassword

and the Session loggedin variable is set to 1.

I'll be honest, if I had any hair left I'd be pulling it out in chuncks at the moment.

Thanks for any help in advance.

Cheers

Guy

Answer 1

User1508394307 posted

Guy,

few thoughts

- comment that code out and put this instead

Response.Write("db pass=" & myReader("password").ToString())
Response.Write("entered pass=" & login_password.Text)
Response.End 

This should help you to see the values.

- it seems that the problem is not in the IF statement but somewhere else. If you cannot find the issue, please, share the entire method

- best practice is to compare password in the database

instead of doing 

select password from mytable where email=@email

use

select id from mytable where email=@email and password=@password

then in the code check, if sql returned 1 record - success - if not - failure.

Hope this helps.

Answer 2

User1234091709 posted

Thanks, in working though your suggestions I ended up trying this, which I think is working

If myReader("password").ToString.TrimEnd(" ") = login_password.Text Then

I'm sure I had already tried that and it didn't work but now it seems too, man I hate computers sometimes lol