private LoginDetails ValidateUser(string username, string password)
{
LoginDetails obj = new LoginDetails();
obj.IsAuthUser = false;
try
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["bs"].ConnectionString);
SqlDataAdapter da;
DataSet ds = new DataSet();
string query = "select * from users_table where username='******' and pwd='" + password.Trim() + "'";
da = new SqlDataAdapter(query, con);
con.Open();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
obj.IsAuthUser = true;
obj.UserName = ds.Tables[0].Rows[0]["UserName"].ToString();
obj.UserId = int.Parse(ds.Tables[0].Rows[0]["UserId"].ToString());
obj.Role = ds.Tables[0].Rows[0]["Role"].ToString();
}
}
catch (Exception ex)
{
obj.IsAuthUser = false;
}
return(obj);
}
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["bs"].ConnectionString);
conn.Open();
String checkuser = "******" + inputEmail.Value + "' and UserPassword='******'";
SqlCommand com = new SqlCommand(checkuser, conn);
SqlDataReader reader = com.ExecuteReader();
//conn.Close();
if (reader.Read())
{
//conn.Open();
Response.Write("password is correct");
Response.Redirect("Home.aspx");
}
//reader.Close();
//conn.Close();
else if (inputEmail.Value.ToUpper() == "ADMIN" && inputPassword.Value.ToUpper() == "ADMIN@123")
{
Session["userid"] = "1";
Session["role"] = "Admin";
Session["username"] = "******";
Session["IsAuth"] = "true";
Response.Redirect("Home.aspx");
}
else
{
LoginDetails log = ValidateUser(inputEmail.Value, inputPassword.Value);
if (log.IsAuthUser)
{
Session["userid"] = log.UserId;
Session["username"] = log.UserName;
Session["IsAuth"] = log.IsAuthUser;
Session["role"] = log.Role;
Response.Redirect("Home.aspx");
}
else
{
Response.Redirect("Login.aspx");
}
}
}
