protected void btnLogin_Click(object sender, EventArgs e) { UsersBAL usersBAL = new UsersBAL(); if (usersBAL.ValidateUser(txtusername.Text.Replace("'", "''"), txtpassword.Text.Replace("'", "''"))) // replace single cote to avoid sql injection atack { Session["User"] = 1; Response.Redirect("AddScore.aspx"); } }
public ActionResult Login2(UsersDTO usersDTO) { bool status = false; List <string> messages = new List <string>(); if (UsersBAL.ValidateUser(usersDTO)) { usersDTO = UsersBAL.GetUserByLogin(usersDTO.Login); Session["UserId"] = usersDTO.Id; Session["UserName"] = usersDTO.Name; return(Redirect("~/Home/Index")); } messages.Add("Invalid Login/Password combination."); ViewBag.Status = status; ViewBag.Messages = messages; return(View(usersDTO)); }