protected void btnSubmit_Click(object sender, EventArgs e)
        {
            string  sql = "";
            DataSet ds  = new DataSet();

            class_is.dbconfig         db       = new class_is.dbconfig();
            class_is.ClassLeaveSystem objLeave = new class_is.ClassLeaveSystem();
            //string username = txtUsername.Text;
            //string password = txtPassword.Text;
            string userName;
            string password;

            sql  = "SELECT USER_NAME , PASSWORD , EMP_CODE , DeptID , ROLE_ID , USER_GROUP ";
            sql += "FROM [USER] ";
            sql += "WHERE USER_NAME = '" + txtUsername.Text + "'";
            ds   = db.getData(sql);
            if (ds.Tables[0].Rows.Count > 0)
            {
                RememberMe();
                userName            = ds.Tables[0].Rows[0]["USER_NAME"].ToString();
                password            = ds.Tables[0].Rows[0]["PASSWORD"].ToString();
                Session["userName"] = userName;
                Session["empCode"]  = ds.Tables[0].Rows[0]["EMP_CODE"].ToString();
                Session["dep"]      = ds.Tables[0].Rows[0]["DeptID"].ToString();
                Session["ROLE"]     = ds.Tables[0].Rows[0]["ROLE_ID"].ToString();
                Session["Group"]    = ds.Tables[0].Rows[0]["USER_GROUP"].ToString();
                //bool flag = Helper.VerifyHash(txtPassword.Text, "SHA512", password);
                bool flag = objLeave.VerifyHash(txtPassword.Text, "SHA512", password);
                if (userName == txtUsername.Text && flag == true)
                {
                    string url = getURL(userName);
                    Response.Redirect(url);
                    //Response.Write("<script> alert('Login Success') </script>");
                }
                else
                {
                    Response.Write("<script> alert('Username or Password Wrong') </script>");
                }
            }
            else
            {
                Response.Write("<script> alert('User Name Not Found!!!') </script>");
            }
        }
Exemple #2
0
        private string getURL(string _userName)
        {
            string sql;

            class_is.dbconfig db = new class_is.dbconfig();
            DataSet           ds = new DataSet();
            int    cnt;
            string url = "";

            sql  = "select menu.MENU_NAME , menu.MENU_LINK ";
            sql += "from [USER] usr , [GROUP_MENU_PERMISSION] per , [MENU] menu ";
            sql += "where USER_NAME = '" + Session["userName"] + "'";
            sql += "and usr.USER_GROUP = per.GROUP_ID ";
            sql += "and per.MENU_ID_PERMISSION = menu.MENU_ID ";
            sql += "order by menu.SEQ ";
            ds   = db.getData(sql);
            cnt  = ds.Tables[0].Rows.Count;
            if (cnt > 0)
            {
                url = ds.Tables[0].Rows[0]["MENU_LINK"].ToString();
            }
            return(url);
        }