protected void btnLogin_Click(object sender, EventArgs e)
{
UsersBAL usersBAL = new UsersBAL();
if (usersBAL.ValidateUser(txtusername.Text.Replace("'", "''"), txtpassword.Text.Replace("'", "''"))) // replace single cote to avoid sql injection atack
{
Session["User"] = 1;
Response.Redirect("AddScore.aspx");
}
}
public ActionResult Login2(UsersDTO usersDTO)
{
bool status = false;
List <string> messages = new List <string>();
if (UsersBAL.ValidateUser(usersDTO))
{
usersDTO = UsersBAL.GetUserByLogin(usersDTO.Login);
Session["UserId"] = usersDTO.Id;
Session["UserName"] = usersDTO.Name;
return(Redirect("~/Home/Index"));
}
messages.Add("Invalid Login/Password combination.");
ViewBag.Status = status;
ViewBag.Messages = messages;
return(View(usersDTO));
}