Beispiel #1
0
    public static void AuthenticateUser(CRSUserType pcutUserType, string pUserName, string pCrsCode)
    {
        bool blnHasRecord;

        using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["Speedo"].ToString()))
        {
            SqlCommand cmd = cn.CreateCommand();
            if (pcutUserType == CRSUserType.ChannelManager)
            {
                cmd.CommandText = "SELECT cmname FROM CM.Crs WHERE crscode='" + pCrsCode + "' AND cmname='" + pUserName + "'";
            }
            else if (pcutUserType == CRSUserType.ChannelManagerHead)
            {
                cmd.CommandText = "SELECT cmhname FROM CM.Crs WHERE crscode='" + pCrsCode + "' AND cmhname='" + pUserName + "'";
            }
            else if (pcutUserType == CRSUserType.CoursewareCoordinator)
            {
                cmd.CommandText = "SELECT ccname FROM CM.Crs WHERE crscode='" + pCrsCode + "' AND ccname='" + pUserName + "'";
            }
            else if (pcutUserType == CRSUserType.EliteUsers)
            {
                cmd.CommandText = "SELECT username FROM CM.CrsUsers WHERE username='******' AND userlvl='eu'";
            }
            cn.Open();
            SqlDataReader dr = cmd.ExecuteReader();
            blnHasRecord = dr.Read();
            dr.Close();
        }

        if (!blnHasRecord)
        {
            System.Web.HttpContext.Current.Response.Redirect("~/AccessDenied.aspx");
        }
    }
Beispiel #2
0
    public static bool IsUser(CRSUserType pUserType, string pUsername)
    {
        bool blnReturn = false;

        using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["Speedo"].ToString()))
        {
            SqlCommand cmd = cn.CreateCommand();
            if (pUserType == CRSUserType.ChannelManager)
            {
                cmd.CommandText = "SELECT userlvl FROM CM.CrsUsers WHERE userlvl='cm' AND username='******'";
            }
            else if (pUserType == CRSUserType.ChannelManagerHead)
            {
                cmd.CommandText = "SELECT userlvl FROM CM.CrsUsers WHERE userlvl='cmhead' AND username='******'";
            }
            else if (pUserType == CRSUserType.CoursewareCoordinator)
            {
                cmd.CommandText = "SELECT userlvl FROM CM.CrsUsers WHERE userlvl='cc' AND username='******'";
            }
            else if (pUserType == CRSUserType.EliteUsers)
            {
                cmd.CommandText = "SELECT userlvl FROM CM.CrsUsers WHERE userlvl='eu' AND username='******'";
            }
            cn.Open();
            SqlDataReader dr = cmd.ExecuteReader();
            blnReturn = dr.Read();
            dr.Close();
        }
        return(blnReturn);
    }