public PricingUser Userlogin(PricingUser User_)
{
PricingUser DBUser = new PricingUser();
bool blnAreThereErrors = false;
bool blnHasRows = false;
try
{
sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]);
sqlConnectionX.Open();
sqlCommandX = new SqlCommand();
sqlCommandX.Connection = sqlConnectionX;
sqlCommandX.CommandType = CommandType.StoredProcedure;
sqlCommandX.CommandText = "spx_Pricing_UserAuth";
sqlParam = new SqlParameter("UserName", User_.Username);
sqlCommandX.Parameters.Add(sqlParam);
sqlDR = sqlCommandX.ExecuteReader();
while (sqlDR.Read())
{
DBUser.UserID = sqlDR.GetInt32(0);
DBUser.Username = sqlDR.GetString(1);
DBUser.Password = sqlDR.GetString(2);
}
blnHasRows = sqlDR.HasRows;
sqlDR.Close();
sqlCommandX.Cancel();
sqlCommandX.Dispose();
if (blnHasRows)
{
//Check the password is correct
bool flag = VerifyHash(User_.Password, "SHA512", DBUser.Password);
if (flag != true)
{
blnAreThereErrors = true;
if (DBUser.Result != null)
{
DBUser.Result += ", User password is incorrect";
}
else
{
DBUser.Result = "User password is incorrect";
}
}
else
{
DBUser.Result = "Success";
DBUser.Password = "";
}
}
else
{
DBUser.Result = "User does not exist";
DBUser.Password = "";
}
}
catch (Exception ex)
{
DBUser.Result = ex.Message;
return DBUser;
}
//finally
//{
// sqlDR.Close();
// sqlDR.Dispose();
// sqlConnectionX.Close();
//}
return DBUser;
}
protected void RadButtonLogin_Click(object sender, EventArgs e)
{
try
{
PricingUser User = new PricingUser();
User.Username = RadTextBoxUsername.Text;
User.Password = RadTextBoxPassword.Text;
User = Userlogin(User);
if (User.Result == "Success")
{
DataSet dsUserMenu = Get_UserMenu(User.UserID);
Session["UserID"] = User.UserID;
Session["UserMenu"] = dsUserMenu;
Response.Redirect("Quote.aspx",false);
}
else
{
lblInfo.Text = User.Result;
}
}
catch (Exception ex)
{
lblInfo.Text = ex.Message;
}
}