protected void login_btn_Click(object sender, EventArgs e) { string query = "select count(*) from Users where Email = '" + text_userName.Text + "' AND Password = '******' "; int rv = 0; FUF_User execute = new FUF_User(); rv = execute.ExecuteQuery_ExecuteScalar(query); if (rv > 0) { query = "Select * from Users where Email = '" + text_userName.Text + "' AND Password = '******' "; DataSet ds = new DataSet(); ds = execute.ExecuteQuery_DataSet(query, "User_Data"); if (ds.Tables["User_Data"].Rows.Count > 0) { var cookieText = Encoding.UTF8.GetBytes(ds.Tables["User_Data"].Rows[0]["UserID"].ToString()); var encryptedValue = Convert.ToBase64String(MachineKey.Protect(cookieText, "ProtectedKey")); Response.Cookies["UserID"].Value = encryptedValue; Response.Cookies["UserID"].Expires = DateTime.Now.AddHours(2); cookieText = Encoding.UTF8.GetBytes(ds.Tables["User_Data"].Rows[0]["UserName"].ToString()); encryptedValue = Convert.ToBase64String(MachineKey.Protect(cookieText, "ProtectedKey")); Response.Cookies["UserName"].Value = encryptedValue; Response.Cookies["UserName"].Expires = DateTime.Now.AddHours(2); Response.Redirect("Home.aspx"); } } else { query = "select count(*) from Admin where AdminName = '" + text_userName.Text + "' AND Password = '******' "; rv = execute.ExecuteQuery_ExecuteScalar(query); if (rv > 0) { query = "Select * from Admin where AdminName = '" + text_userName.Text + "' AND Password = '******' "; DataSet ds = new DataSet(); ds = execute.ExecuteQuery_DataSet(query, "AdminData"); if (ds.Tables["AdminData"].Rows.Count > 0) { var cookieText = Encoding.UTF8.GetBytes(ds.Tables["AdminData"].Rows[0]["UserID"].ToString()); var encryptedValue = Convert.ToBase64String(MachineKey.Protect(cookieText, "ProtectedKey")); Response.Cookies["UserID"].Value = encryptedValue; Response.Cookies["UserID"].Expires = DateTime.Now.AddHours(2); cookieText = Encoding.UTF8.GetBytes(ds.Tables["AdminData"].Rows[0]["AdminName"].ToString()); encryptedValue = Convert.ToBase64String(MachineKey.Protect(cookieText, "ProtectedKey")); Response.Cookies["AdminName"].Value = encryptedValue; Response.Cookies["AdminName"].Expires = DateTime.Now.AddHours(2); Response.Redirect("~/Admin/Dashboard.aspx"); } else { ScriptManager.RegisterStartupScript(this, GetType(), "Script", "alert('Incorrect username or password');window.location='index.aspx'", true); } } } }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { FUF_User execute = new FUF_User(); lbl_timer.Text = DateTime.Now.ToString("dddd dd MMMM yyyy hh:mm:ss tt"); var bytes = Convert.FromBase64String(Request.Cookies["UserID"].Value); var output = MachineKey.Unprotect(bytes, "ProtectedKey"); string userID = Encoding.UTF8.GetString(output); string query = "Select * from Admin where UserID = '" + userID + "' "; DataSet ds = new DataSet(); ds = execute.ExecuteQuery_DataSet(query, "AdminData"); lbl_session.Text = "<span style='font-size:15px;color:#fff;'>Welcome..</span>" + ds.Tables["AdminData"].Rows[0]["AdminName"].ToString(); userImage.ImageUrl = ds.Tables["AdminData"].Rows[0]["ImagePath"].ToString(); } string pageName = Path.GetFileName(Request.Path); string[] Page = pageName.Split(new string[] { "." }, StringSplitOptions.None); lbl_pageHeading.Text = Page[0].ToString(); page_icon.Attributes["class"] = "fa fa-" + Page[0].ToString().ToLower(); }