protected void btnlogin_Click(object sender, EventArgs e)
{
string Query = "select count(*) from UsersInfo where Username='******' and Password='******'";
db.CheckIfExist(Query);
if (db.count == 0)
{
Response.Write("<script>alert('Username or Password incorrect')</script>");
}
else
{
Session["user"] = loginusername.Text;
string query = "Select ID from UsersInfo where Username='******'";
SqlConnection con = new SqlConnection(db.connectstr);
SqlCommand cmd2 = new SqlCommand(query, con);
con.Open();
user.getid = (int)cmd2.ExecuteScalar();
con.Close();
Session["id"] = user.getid;
if (loginusername.Text == "Admin")
{
Response.Redirect("~/AdminPanel.aspx");
}
else if (loginusername.Text == "Fox123")
{
Response.Redirect("~/AuthorityFirstPage.aspx");
}
else
{
Response.Redirect("/UserComplaints.aspx");
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["user"] == null)
{
Response.Redirect("FirstPage.aspx");
}
DataOperation db = new DataOperation();
User user = new User();
string uname = Session["user"].ToString();
int userid = (int)Session["id"];
msg.Text = userid.ToString();
SqlConnection con = new SqlConnection(db.connectstr);
string query = "select count(*) from AdminMessages where ID='" + userid + "'";
db.CheckIfExist(query);
if (db.count == 0)
{
msg.Text = "No Messages";
date.Visible = false;
}
else
{
string query2 = "select Message from AdminMessages where ID='" + userid + "' ";
SqlCommand cmd = new SqlCommand(query2, con);
SqlDataReader reader = null;
string message = "";
con.Open();
reader = cmd.ExecuteReader();
while (reader.Read())
{
message = reader["Message"].ToString();
}
msg.Text = message.ToString();
date.Text = DateTime.Today.ToString("dd-MM-yyyy");
}
}
