Firstly, I would suggest (which has already been suggested), that you recheck the connection string...
Personally, I wouldn't re-use the same OleDbCommand
, as this may lead to undesired results. Instead, I'd try something like the following:
Protected Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
If Not String.IsNullOrWhiteSpace(txtUsername.Text) Then
Using con As New OleDbConnection(ConnectionString)
con.Open()
Dim Result As Integer = 0
Using cmd As New OleDbCommand("Select count(*) From tblAccounts where Username = @Username", con)
cmd.Parameters.AddWithValue("@Username", txtUsername.text)
Result = CInt(cmd.ExecuteScalar)
End Using
If Result > 0 Then
Using cmd As New OleDbCommand("Select CPassword From tblAccounts Where Username = @Username", con)
cmd.Parameters.AddWithValue("@Username", txtUsername.text)
Dim Obj As Object = cmd.ExecuteScalar()
If (Obj IsNot Nothing) AndAlso (Obj IsNot DBNull.Value) Then
Dim matches As String = Obj.ToString
If matches = SHA1(txtPassword.Text) Then
Response.Redirect("main.aspx")
Exit Sub
End If
End If
End Using
End If
End Using
End If
Invalid()
End Sub
Hope this helps