// GET: MyOrders
public ActionResult MyOrders()
{
List <Orders> order1 = Data_Orders.ordersList_method();
ViewData["list"] = order1;
string sessionId = Data_Session.GetSessionId();
using (SqlConnection C = new SqlConnection(Datalink.connectionString))
{
C.Open();
string query = @"SELECT * FROM User_Info
WHERE SessionId= '" + sessionId + "'";
SqlCommand cmd = new SqlCommand(query, C);
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
var userId = (int)reader[0];
ViewData["Userid"] = userId;
}
}
return(View());
}
public ActionResult Login(string Username, string Password)
{
if (Username == null || Password == null)
{
return(View()); //display home screen
}
else
{
string Hash_Password = GetMD5Hash(Password);
Debug.WriteLine(Hash_Password);
Customers user = Data_User.GetUserInfo(Username);
if (user == null || user.Password != Hash_Password)
{
return(View()); //display home screen
}
string sessionId = Data_Session.NewSession(user.Id); //Start new session
return(RedirectToAction("Search", "Gallery", new { uid = user.Id, username = Username, ses_id = sessionId }));
}
}
public ActionResult Logout(string sessionId)
{
Data_Session.DeleteSession(sessionId);
return(RedirectToAction("Login", "Login"));
}
