How is it possible that a user is able to create duplicate account?
I am truly puzzled by this.
We were giving a spec to build an app that requires users to create their
own accounts before using the app.
The spec says that user's email should be validated against the email s/he
has on our database.
If that email already exists, inform the user and ask him/her to choose
another.
Below is the code that does all that.
//Markup:
<tr>
<td height="27" width="129"><font face="Tahoma" size="2">
<label for="txtEmail">Your Email address:</label></font></td>
<td height="27" width="244">
<asp:TextBox ID="txtEmail" CssClass="Treb10Blue" Runat="server"
style="font-family: Trebuchet MS; font-size: 10pt; font-weight: bold;
font-style: italic; color: #000080;"></asp:TextBox>
<asp:RequiredFieldValidator ID="RequiredFieldValidator4"
Runat="server" ErrorMessage="*" Display="Dynamic"
ControlToValidate="txtEmail"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="RegularExpressionValidator1"
ControlToValidate="txtEmail" ValidationExpression=".*@.*\..*"
ErrorMessage="Email not in correct format" Display="Dynamic"
Runat="server"></asp:RegularExpressionValidator>
</td>
</tr>
//Then codebehind
Function Fixquotes(ByVal thesqlenemy As String) As String Fixquotes =
Replace(thesqlenemy, "'", "''") End Function
Sub btnRegister_Onclick(ByVal Src As Object, ByVal e As
System.Web.UI.ImageClickEventArgs) If Page.IsValid Then Dim objConn As
IDbConnection = New
SqlConnection(ConfigurationManager.ConnectionStrings("DBConnectionString").ConnectionString)
Dim chkUsername As IDbCommand Dim addUser As IDbCommand Dim strSQL1 As
String Dim strSQL2 As String Dim strUserCount As Integer
'first, check if user already exists
Try
strSQL1 = "SELECT COUNT(*) FROM [tblLogin] WHERE [Email]='" &
Fixquotes(txtEmail.Text) & "'"
strSQL2 = "INSERT INTO [tblLogin] ([Fullname], [Email],
[Username],
[Password],[Rights],[ModifiedDate],Precinct,PositionId,ProcessedFlag)"
strSQL2 = strSQL2 & " VALUES "
strSQL2 = strSQL2 & "('" & Fixquotes(txtFullname.Text) & "', '" &
Fixquotes(txtEmail.Text) & "', '" & Fixquotes(txtUsername.Text) &
"', '" & Fixquotes(txtPassword.Text) & "',2,getdate(), '" &
precinctList.SelectedValue & "'," & PosisitionList.SelectedValue &
",'No')"
'Response.Write(strSQL2)
'Response.End()
objConn.Open()
chkUsername = New SqlCommand(strSQL1, objConn)
strUserCount = chkUsername.ExecuteScalar()
If strUserCount = 0 Then
addUser = New SqlCommand(strSQL2, objConn)
addUser.ExecuteNonQuery()
objConn.Close()
'Display some feedback to the user to let them know it was sent
lblMsg.ForeColor = System.Drawing.Color.Green
lblMsg.Text = "Your account has been successfully
created.<br><br>Please click the Close button below to close
this window and log in with your newly created username and
password."
'Clear the form
txtFullname.Text = ""
txtEmail.Text = ""
Else
lblMsg.Text = "That email address already exists. Please
choose another..."
lblMsg.ForeColor = Drawing.Color.Red
End If
Catch
objConn.Close()
End Try
End If
End Sub
So far, out of a total of 1,035 users who have signed up, nine (9) of them
have been able to create duplicate accounts using SAME email address.
One of those users did it 5 times!
How is this possible and how do I prevent further occurences?
Thanks a lot in advance
No comments:
Post a Comment