0

i am using Regular expression validator c# in asp.net for a login page..i have different login pages for student,lecturer and admin..the login ids are of the form 1RNxxCSxxx,1RNLECSxxx,1RNADCSxxx respectively(x-digits) my problem is it validates the text box and displays the error message.. but it still continues n logs in..my code is..

    <asp:RegularExpressionValidator ID="RegularExpressionValidator1" runat="server"       ControlToValidate="TextBox1" ErrorMessage="Enter in 1RNxxCSxxx format" ValidationExpression="[1][R][N][0-9][0-9][C][S][0-9][0-9][0-9]"></asp:RegularExpressionValidator>

ie..if i type lecturer id in student login page i can still login inspite of gettin error message..any help would be appreciated.thank u

Improve this question
1
  • Can you post the validation code. Commented Apr 25, 2013 at 15:00

1 Answer 1

Reset to default
1

It seems from the name of your textbox that you're using custom login logic. I would suggest you look into using a membership provider which will be more robust in securing your entire application. Check out How to configure member ship with a database other than aspnetdb

For your immediate problem though in the method that logs the user in check if the page is valid. 

if( !Page.IsValid )
{
     return;
}

More information can be found here: this link

Also your regular expression is incorrect. Use the following for a successful match.

^1RN([0-9]{2}|LE|AD)CS[0-9]{3}$

The expression above says that the string should start (^ signifies a start) with 1RN have two digits or LE or AD followed by the letters CS and three digits ($ signifies end).

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thank you for the reply..i have used membership stuff..only members can login..but the problem exists among members itself..i changed my regular expression..it is still not working.. in the code behind to validate the id and password i have given if (RegularExpressionValidator1.IsValid == true) { conditions check.. } and this value is always getting stored as true..so it is logging in
if (pswd == valid){ String q2 = "select ANO from USERS where ID='" + usn +"';"; SqlCommand myc2 = new SqlCommand(q2, con); SqlDataReader myd2; myd2 = myc2.ExecuteReader(); myd2.Read(); a = myd2[0].ToString(); myd2.Close(); Session["usn"] = usn; Session["ANO"] = a; Response.Redirect("SHome.aspx"); } else{ string script = "<script type=\"text/javascript\">alert('invalid ID or Password..Try again!');</script>"; ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script); } }
Dude you should delete this comment you have your password in the code you posted.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.