private LoginDetails ValidateUser(string username, string password) { LoginDetails obj = new LoginDetails(); obj.IsAuthUser = false; try { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["bs"].ConnectionString); SqlDataAdapter da; DataSet ds = new DataSet(); string query = "select * from users_table where username='******' and pwd='" + password.Trim() + "'"; da = new SqlDataAdapter(query, con); con.Open(); da.Fill(ds); if (ds.Tables[0].Rows.Count > 0) { obj.IsAuthUser = true; obj.UserName = ds.Tables[0].Rows[0]["UserName"].ToString(); obj.UserId = int.Parse(ds.Tables[0].Rows[0]["UserId"].ToString()); obj.Role = ds.Tables[0].Rows[0]["Role"].ToString(); } } catch (Exception ex) { obj.IsAuthUser = false; } return(obj); }
protected void btnLogin_Click(object sender, EventArgs e) { SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["bs"].ConnectionString); conn.Open(); String checkuser = "******" + inputEmail.Value + "' and UserPassword='******'"; SqlCommand com = new SqlCommand(checkuser, conn); SqlDataReader reader = com.ExecuteReader(); //conn.Close(); if (reader.Read()) { //conn.Open(); Response.Write("password is correct"); Response.Redirect("Home.aspx"); } //reader.Close(); //conn.Close(); else if (inputEmail.Value.ToUpper() == "ADMIN" && inputPassword.Value.ToUpper() == "ADMIN@123") { Session["userid"] = "1"; Session["role"] = "Admin"; Session["username"] = "******"; Session["IsAuth"] = "true"; Response.Redirect("Home.aspx"); } else { LoginDetails log = ValidateUser(inputEmail.Value, inputPassword.Value); if (log.IsAuthUser) { Session["userid"] = log.UserId; Session["username"] = log.UserName; Session["IsAuth"] = log.IsAuthUser; Session["role"] = log.Role; Response.Redirect("Home.aspx"); } else { Response.Redirect("Login.aspx"); } } }