Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MySqlConnection conn = new MySqlConnection("server=localhost; user id=root; database=news_db; pooling=false;");
- conn.Open();
- string user = Request["username"];
- string pass = Request["password"];
- TextWriter wr = Response.Output;
- if ((user != null) && (pass != null))
- {
- string q1 = "SELECT * FROM `users` WHERE username=\"" + user + "\"";
- MySqlCommand cmd = new MySqlCommand(q1, conn);
- MySqlDataReader dr = cmd.ExecuteReader();
- conn.Close();
- conn.Open();
- if (!dr.HasRows)
- {
- string query = "INSERT INTO `users` (`username`, `password`) VALUES (\"" + user + "\", \"" + pass + "\")";
- MySqlCommand cmd1 = new MySqlCommand(query, conn);
- cmd1.ExecuteNonQuery();
- conn.Close();
- conn.Open();
- String q2 = "SELECT id FROM `users` WHERE username=\"" + user + "\"";
- MySqlCommand cmd2 = new MySqlCommand(q2, conn);
- MySqlDataReader dr1 = cmd2.ExecuteReader();
- dr1.Read();
- int id = Convert.ToInt32(dr1["id"].ToString());
- wr.Write(id);
- }
- else
- {
- bool access = (dr["password"].ToString().CompareTo(pass) == 0);
- if (!access)
- wr.Write("<p>Access denied! Wrong password!</p>");
- else
- wr.Write(dr["id"].ToString());
- }
- }
- else
- wr.Write("No values inserted");
- conn.Close();
- }
Add Comment
Please, Sign In to add comment