protected void logInButton_Click(object sender, EventArgs e)
        {
            User anUser = new User(userNameTextBox.Text);

            string password = passwordTextBox.Text;
            anUser = aDrinksGateway.UserLogIn(anUser);
            if (anUser.Password == password)
            {
                if (anUser.UserType == "Administrator")
                {
                    Session["logIn"] = anUser.Name;
                    Session["Type"] = anUser.UserType;
                    Response.Redirect("DrinksOverview.aspx");

                }
                else {
                    Session["logIn"] = anUser.Name;
                    Session["Type"] = anUser.UserType;
                    Response.Redirect("Shop.aspx");

                }

            }
            else {
                errorLabel.Text = "Wrong User Name and Password!";
            }
        }
 public static bool IsUserNameExists(User aUser)
 {
     bool exists = false;
      SqlConnection connection = new SqlConnection(connectionString);
     string query = "SELECT * FROM UserTBL WHERE Name='"+aUser.Name+"'";
     SqlCommand command = new SqlCommand(query, connection);
     connection.Open();
     SqlDataReader reader = command.ExecuteReader();
     while (reader.Read())
     {
         exists = true;
     }
     reader.Close();
     connection.Close();
     return exists;
 }
 public static string SaveUser(User aUser)
 {
     SqlConnection connection = new SqlConnection(connectionString);
     string query = "INSERT INTO UserTBL VALUES('" + aUser.Name + "','" + aUser.Email + "','" + aUser.Password + "','" + aUser.Address+ "','" + "User" + "')";
     SqlCommand command = new SqlCommand(query, connection);
     connection.Open();
     int rowAffected = command.ExecuteNonQuery();
     connection.Close();
     if (rowAffected > 0)
     {
         return "New account has been created!";
     }
     else
     {
         return "Save Faild!";
     }
 }
 protected void createButton_Click(object sender, EventArgs e)
 {
     try
     {
         User aUser = new User(userNameTextBox.Text, emailTextBox.Text, passwordTextBox.Text, addressTextBox.Text);
         if (UserGateway.IsUserNameExists(aUser))
         {
             messageLabel.Text = "User Name already exists!";
         }
         else
         {
             messageLabel.Text = UserGateway.SaveUser(aUser);
             userNameTextBox.Text = "";
             emailTextBox.Text = "";
             addressTextBox.Text = "";
         }
     }
     catch (Exception)
     {
         messageLabel.Text = "Registration Faild!";
     }
 }
 public User UserLogIn(User aUser)
 {
     User lUser=new User();
      SqlConnection connection = new SqlConnection(connectionString);
     string query = "SELECT * FROM UserTBL WHERE Name='"+aUser.Name+"'";
     SqlCommand command = new SqlCommand(query, connection);
     connection.Open();
     SqlDataReader reader = command.ExecuteReader();
     while (reader.Read())
     {
         lUser.Name = reader["Name"].ToString();
         lUser.Password = reader["Password"].ToString();
         lUser.UserType = reader["UserType"].ToString();
     }
     reader.Close();
     connection.Close();
     return lUser;
 }