protected void btnlogin_Click(object sender, EventArgs e)
        {
            string Query = "select count(*) from UsersInfo where Username='******' and Password='******'";

            db.CheckIfExist(Query);
            if (db.count == 0)
            {
                Response.Write("<script>alert('Username or Password incorrect')</script>");
            }

            else
            {
                Session["user"] = loginusername.Text;
                string        query = "Select ID from UsersInfo where Username='******'";
                SqlConnection con   = new SqlConnection(db.connectstr);
                SqlCommand    cmd2  = new SqlCommand(query, con);
                con.Open();
                user.getid = (int)cmd2.ExecuteScalar();
                con.Close();
                Session["id"] = user.getid;
                if (loginusername.Text == "Admin")
                {
                    Response.Redirect("~/AdminPanel.aspx");
                }
                else if (loginusername.Text == "Fox123")
                {
                    Response.Redirect("~/AuthorityFirstPage.aspx");
                }
                else
                {
                    Response.Redirect("/UserComplaints.aspx");
                }
            }
        }
Esempio n. 2
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["user"] == null)
            {
                Response.Redirect("FirstPage.aspx");
            }

            DataOperation db     = new DataOperation();
            User          user   = new User();
            string        uname  = Session["user"].ToString();
            int           userid = (int)Session["id"];

            msg.Text = userid.ToString();
            SqlConnection con   = new SqlConnection(db.connectstr);
            string        query = "select count(*) from AdminMessages where ID='" + userid + "'";

            db.CheckIfExist(query);
            if (db.count == 0)
            {
                msg.Text     = "No Messages";
                date.Visible = false;
            }
            else
            {
                string        query2  = "select Message from AdminMessages where ID='" + userid + "' ";
                SqlCommand    cmd     = new SqlCommand(query2, con);
                SqlDataReader reader  = null;
                string        message = "";
                con.Open();
                reader = cmd.ExecuteReader();
                while (reader.Read())
                {
                    message = reader["Message"].ToString();
                }
                msg.Text  = message.ToString();
                date.Text = DateTime.Today.ToString("dd-MM-yyyy");
            }
        }