protected void btnlogin_Click(object sender, EventArgs e)
{
//Check if is a post back to the server
if (IsPostBack)
{
//Check is the page is valid
if (Page.IsValid)
{
//Check if the Account is locked or opened
string CS = ConfigurationManager.ConnectionStrings["Connect"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
string query = "Select Locked from tblUsers where Username=@username";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@username", txtUsername.Text);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
if (dr.Read())
{
if (Convert.ToBoolean(dr["Locked"]))
{
lblmessage.ForeColor = System.Drawing.Color.Red;
lblmessage.Text = "Account locked please contact the admin";
}
else
{
//Login to the dashboard
CS = ConfigurationManager.ConnectionStrings["Connect"].ConnectionString;
using (SqlConnection connection = new SqlConnection(CS))
{
string password = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1");
cmd = new SqlCommand("Select Username, Password from tblUsers Where Username =@username and Password =@password", connection);
cmd.Parameters.AddWithValue("@username", txtUsername.Text.Trim());
cmd.Parameters.AddWithValue("@password", password.Trim());
connection.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
//byte locked = 1;
DBNull lockeddate = DBNull.Value;
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, chkrememberme.Checked);
Handler.UpdateLogin(0, lockeddate, txtUsername.Text, password);
}
else
{
CS = ConfigurationManager.ConnectionStrings["Connect"].ConnectionString;
using (SqlConnection conn = new SqlConnection(CS))
{
cmd = new SqlCommand("Select RetryAttempts from tblUsers Where Username =@username", conn);
cmd.Parameters.AddWithValue("@username", txtUsername.Text.Trim());
conn.Open();
dr = cmd.ExecuteReader();
if (dr.HasRows)
{
if (dr.Read())
{
retry = (int)dr["RetryAttempts"];
if ((4 - retry) == 0)
{
Handler.LockAccount(DateTime.Now.ToString(), txtUsername.Text.Trim(), lblmessage);
}
else if (retry < 5)
{
Handler.Retry(retry, txtUsername.Text);
lblmessage.ForeColor = System.Drawing.Color.Red;
lblmessage.Text = "Invalid Username or Password <br/> " + (4 - retry) + " Retry Attempt (s) Remaining";
}
}
}
}
}
}
}
}
}
else
{
lblmessage.ForeColor = System.Drawing.Color.Red;
lblmessage.Text = "Invalid Username or Password";
}
}
}
}
}