0

I have a simple form for this scenario written in razor/webmatrix. I would like to have a user be able to login to an external website with the login credentials provided by my db.Query via a foreach loop. The login works if I don't use a foreach loop. It simply returns the first row from the DB Query, and logs in. When I add the foreach loop, it opens the login page without any credentials. Any help would be appreciated. My code is below:

var selectQueryString = "SELECT user_id,password FROM user_table
var user_row = db.Query(selectQueryString);


     <form name="UpdateOrRac" method="POST" action="Login Page URL would be here">      

             @foreach (var row in user_row){
                <div>
                 <input  name="txtUserID" value="@row.user_id" readonly="readonly" />
                 <input  name="txtPassword" value="@row.password" readonly="readonly" />
                 <input type="submit" value="Login" />
                    </div> 
            }

    </form>
cholloway
  • 82
  • 8

1 Answers1

1

With the foreach loop your page sends to the login page all the user/password pairs stored in your database together.

I think that you should select a user and populate with it the form. Somenthing like:

@{   
    var db = Database.Open("MyDb");
    var selectQueryString = "SELECT user_id,password FROM user_table WHERE user_id = @0";
    var user_row = db.QuerySingle(selectQueryString, "YourUserName");
}
 <form name="UpdateOrRac" method="POST" action="Login.cshtml">
    <div>
        <input  name="txtUserID" value="@user_row.user_id" readonly="readonly" />
        <input  name="txtPassword" value="@user_row.password" readonly="readonly" />
        <input type="submit" value="Login" />
    </div>
</form>

Edit

In response to your comment, yes, but now your target is clearer.

To obtain a list of your acccounts with the possibility of login, the easiest way is to use a link to the Login page with a querystring with userid and password:

@{   
    var db = Database.Open("MyDb");
    var selectQueryString = "SELECT user_id,password FROM user_table";
    var user_row = db.Query(selectQueryString); 
} 

<div>
    @foreach(var row in user_row)
    {
        <p>
            @row.user_id &nbsp;&nbsp; 
            @row.password &nbsp;&nbsp;
            <a href="~/Login?id=@row.user_id&pwrd=@row.password">Login</a>
        </p>
    }
</div>

You can get the passed data in the Login.cshtml page with this statements:

var user = Request.QueryString["id"];
var pwrd = Request.QueryString["pwrd"];

If the security is a concern, you must consider that GET and POST are nearly the same (look at Is either GET or POST more secure than the other?)

Community
  • 1
  • 1
GmG
  • 1,372
  • 1
  • 9
  • 10
  • thanks for the input. I would like to display all users from the user table with a login button to the right of each user id. Your solution would only display the user specified in the user_row variable correct? – cholloway Sep 07 '12 at 13:51
  • Great @user1600634, that put me on the right track. I used a POST to post the data to the Login page. I specified the FORM action as "Login.cshtml?userid=@row.user_id&password=@row.password". Thanks again. – cholloway Sep 07 '12 at 16:21