public int check_user(string pUser, string pPass)
{
//string kn = "select * from NguoiDung where TaiKhoan='" + pUser.ToString() + "' and MatKhau='" + pPass.ToString() + "'";
string kn = "select * from NguoiDung where TaiKhoan = @TaiKhoan and MatKhau =@MatKhau";
DataTable dt = new DataTable();
SqlParameter[] a = { new SqlParameter("@TaiKhoan", pUser),
new SqlParameter("@MatKhau", pPass) };
dt = hl.GetAll(kn, a);
//conn.Open();
//SqlDataAdapter daUser= new SqlDataAdapter(kn,conn);
//DataTable dt = new DataTable();
//MessageBox.Show(kn.ToString());
//daUser.Fill(dt);
if (dt.Rows.Count == 0)
{
return(1);
}
else if (dt.Rows[0][4] == null || dt.Rows[0][4].ToString() == "True")
{
return(2);
}
else if (dt.Rows[0][3].ToString() == "GV")
{
return(3);
}
else if (dt.Rows[0][3].ToString() == "SV")
{
return(4);
}
return(0);
//conn.Close();
}