protected void Register_Click(object sender, EventArgs e) { SqlConnection con = DB_helper.GetConnection(); con.Open(); String cquery = "SELECT COUNT(*) FROM Users WHERE email='" + remail.Value + "'"; SqlCommand ccmd = new SqlCommand(cquery, con); int temp = Convert.ToInt32(ccmd.ExecuteScalar().ToString()); if (temp == 1) { Response.Write("User already exists"); } else { String guid = System.Guid.NewGuid().ToString(); try { String query = "INSERT INTO Customer (cid, Name, companyName, contact, email, personInCharge) " + "values(@ID, @Name, @CN, @Contact, @Email, @PC)"; String query2 = "INSERT INTO Users (uid, email, password, userrole) values(@uid, @Email, @Password, @Role)"; SqlCommand cmd2 = new SqlCommand(query2, con); cmd2.Parameters.AddWithValue("@uid", guid); cmd2.Parameters.AddWithValue("@Email", remail.Value); cmd2.Parameters.AddWithValue("@Password", rpassword.Value); cmd2.Parameters.AddWithValue("@Role", "Customer"); cmd2.ExecuteNonQuery(); SqlCommand cmd = new SqlCommand(query, con); cmd.Parameters.AddWithValue("@ID", guid); cmd.Parameters.AddWithValue("@Name", rname.Value); cmd.Parameters.AddWithValue("@CN", rcompanyname.Value); cmd.Parameters.AddWithValue("@Contact", remail.Value); cmd.Parameters.AddWithValue("@PC", rperson.Value); cmd.Parameters.AddWithValue("@Email", remail.Value); cmd.ExecuteNonQuery(); createSession(guid, remail.Value, "Customer"); //Response.Redirect("Defualt.aspx"); } catch (Exception ex) { Response.Write("Error: " + ex.ToString()); } } }
protected void Login_Click(object sender, EventArgs e) { SqlConnection con = DB_helper.GetConnection(); con.Open(); String cquery = "SELECT * from Users Where email = '" + lemail.Value + "' AND password = '******'"; SqlCommand command = new SqlCommand(cquery, con); if (lemail.Value.Equals("*****@*****.**") && lpassword.Value.Equals("12345")) { Session["Admins"] = "*****@*****.**"; Response.Write(email); Response.Redirect("~/Admin/AdminHome.aspx"); } using (SqlDataReader reader = command.ExecuteReader()) { if (reader.Read()) { createSession(String.Format("{0}", reader["uid"]), email = String.Format("{0}", reader["email"]), String.Format("{0}", reader["userrole"])); if (String.Format("{0}", reader["userrole"]).ToLower() == "customer") { Response.Redirect("~/Customer/CustomerHome.aspx"); } else if (String.Format("{0}", reader["userrole"]) == "Staff") { Response.Redirect("~/Staff/StaffHome.aspx"); } else { Response.Redirect("~/Default.aspx"); } } else { ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Login Unsuccessful, please try again')", true); } } con.Close(); }