how to get users details

[James]

Hello

I have customised the login on my site, so the person uses their email
address and password to log in, rather than a user name.

At the moment when a user logs in have a line:

Session("UserID") = User.Identity.Name

Which as they log in using their email address gives the UserID the value of
the email address. This works great, until they change their email address.

Then UserID does not equal any email addresses in the system as it is out of
date, and therefore pages come up blank with no data, so they need to log off
and back on again.

The table has a unique primary key that links the tables together (called
memid). It would be best to use this value as they cannot change it.

So either:

1, How can I update the UserID when they change their email address

2, Or is there a way of looking up other information other than the Name,
EG: Dlookup("memid","members","emailaddress=" & user.identity.name)

Dlookup is something I know from VB and it does not seem to be in ASP, but
is there something similar?

Any other suggestions welcome.

Thanks
James

 

[Mark Rae [MVP]]

1, How can I update the UserID when they change their email address

At the risk of stating the obvious, by running an update statement against
the database table which holds this information...

Is there a reason that you're not able to do this...?

 

[James]

Hi,

I'm quite new to this so not sure how to do that. Would it be better to have
the UserID as the primary key? So when opening other pages the query would be:

WHERE memid = UserID

Instead of haveing a query with the field email in it? therfore reducing the
data the page would need to load?

I could be doing this the wrong way tho.

How would I do a statement against the table? I have a button 'Update' and I
could run the code then to re value the UserID.

James

 

[Barrie Wilson]

I'm not sure I fully understand what you're doing and why you're doing it
..... but ...

why does User ID have to change when a user changes email addresses?

when they change their email address, on submit you execute:
UPDATE userTable SET email = newEmail WHERE memid = frmMemid

I'm not clear why anything would be out of date; you're only changing the
email column and the new one is now associated with memID and UserID, no?

forget dLookup from VB ... it's a relic from your past .... you can do
whatever you need to do with ADO.NET/T-SQL ...

conceptually, I don't know why you don't just view the email address as the
UserID, at least for login purposes, rather than as a separate entity ... in
other words, I guess I'm unclear why you needed to customize the login
control at all ... bob234 is a string of characters and so is (e-mail address removed)
.....

 

[Mark Rae [MVP]]

How would I do a statement against the table?

What database are you using...?

 

[James]

Hi

Well Im using email address instead of username for a few reasons, first I
dont like having to think up usernames all the time, and usualy the ones I
want are taken. Second I can never rember my username. But mainly because its
easier, everyone knows their email address, and I am working with an exsiting
database so rather than get everyone to come up with a username just email
them a password.

I have got the custom Validate User function now, and think I do it by
adding a line in like:

HttpContext.Current.Session("UserID") = reader.GetValue(1)

This should get the first column in the row for the persons record when they
are being validated. Problem is that is returns a Null.

I could be doing this the wrong way, but at the moment when the user opens
pages to view their orders etc, the datasource SQL is SELECT * FROM orders
WHERE email = User.Identity.Name. So if they change their email after loggin
in
it wont match.

Plus it is awkward putting email address into the orders table, when there
is already the memid field there.

 

[Barrie Wilson]

I could be doing this the wrong way, but at the moment when the user opens
pages to view their orders etc, the datasource SQL is SELECT * FROM orders
WHERE email = User.Identity.Name. So if they change their email after
loggin
in it wont match.

this is a problem; that's why you want the immutable key identifying the
user as an attribute in the ORDERS row (a column)

then you can retrieve orders with something like this:

SELECT a.id, b.id, b.*
FROM USERS a JOIN ORDERS b ON a.pkID = b.userID
WHERE a.emailAddress = <userEmailAddress>

and it won't matter if they've changed their email address because ORDERS
knows about IDs and doesn't know about email addresses

 

[kaza]

Hi

Well Im using email address instead of username for a few reasons, first I
dont like having to think up usernames all the time, and usualy the ones I
want are taken. Second I can never rember my username. But mainly because its
easier, everyone knows their email address, and I am working with an exsiting
database so rather than get everyone to come up with a username just email
them a password.

I have got the custom Validate User function now, and think I do it by
adding a line in like:

HttpContext.Current.Session("UserID") = reader.GetValue(1)

This should get the first column in the row for the persons record when they
are being validated. Problem is that is returns a Null.

I could be doing this the wrong way, but at the moment when the user opens
pages to view their orders etc, the datasource SQL is SELECT * FROM orders
WHERE email = User.Identity.Name. So if they change their email after loggin
in
it wont match.

Plus it is awkward putting email address into the orders table, when there
is already the memid field there.











- Show quoted text -

is your pirmary key in table user-email adress? if yes why?
usually it is not a good idea to have something like that (primary key
which changes) instead make primary key an interger (auto-increment)
and use column email adress as unique but not as primary key, after
login write intos session variable this integer which will never
changen, this will make your life much much easier.

otherwise update the records as sugessted above

regards

 

[James]

Hi

Thanks for your help but maybe I wasnt being clear.

The table has a unique key, I just use the email address to log in as its
easier to remember and saves users having to come up with usernames.

I was doing it as Barrie suggested but the problem was that if someone logs
in, user.identity.name is saved as email address. If the first thing they do
is change their email address the user.identity.name is now different to that
on the record. So the query would not work, WHERE email = user.identity.name.

I have now fixed the problem with a little extra code added to the
ValidateUser Function:

mysqlreader.read()
httpcontext.current.session("UserID") = mysqlreader.getint32(0)

This finds the first column in the table (which is the unique key) and adds
its value to the session UserID. Then I don't need to worry about queries
with the email field in as I can just use the session("UserID").

Thanks for your help.

James