protected void logInButton_Click(object sender, EventArgs e) { User anUser = new User(userNameTextBox.Text); string password = passwordTextBox.Text; anUser = aDrinksGateway.UserLogIn(anUser); if (anUser.Password == password) { if (anUser.UserType == "Administrator") { Session["logIn"] = anUser.Name; Session["Type"] = anUser.UserType; Response.Redirect("DrinksOverview.aspx"); } else { Session["logIn"] = anUser.Name; Session["Type"] = anUser.UserType; Response.Redirect("Shop.aspx"); } } else { errorLabel.Text = "Wrong User Name and Password!"; } }
public static bool IsUserNameExists(User aUser) { bool exists = false; SqlConnection connection = new SqlConnection(connectionString); string query = "SELECT * FROM UserTBL WHERE Name='"+aUser.Name+"'"; SqlCommand command = new SqlCommand(query, connection); connection.Open(); SqlDataReader reader = command.ExecuteReader(); while (reader.Read()) { exists = true; } reader.Close(); connection.Close(); return exists; }
public static string SaveUser(User aUser) { SqlConnection connection = new SqlConnection(connectionString); string query = "INSERT INTO UserTBL VALUES('" + aUser.Name + "','" + aUser.Email + "','" + aUser.Password + "','" + aUser.Address+ "','" + "User" + "')"; SqlCommand command = new SqlCommand(query, connection); connection.Open(); int rowAffected = command.ExecuteNonQuery(); connection.Close(); if (rowAffected > 0) { return "New account has been created!"; } else { return "Save Faild!"; } }
protected void createButton_Click(object sender, EventArgs e) { try { User aUser = new User(userNameTextBox.Text, emailTextBox.Text, passwordTextBox.Text, addressTextBox.Text); if (UserGateway.IsUserNameExists(aUser)) { messageLabel.Text = "User Name already exists!"; } else { messageLabel.Text = UserGateway.SaveUser(aUser); userNameTextBox.Text = ""; emailTextBox.Text = ""; addressTextBox.Text = ""; } } catch (Exception) { messageLabel.Text = "Registration Faild!"; } }
public User UserLogIn(User aUser) { User lUser=new User(); SqlConnection connection = new SqlConnection(connectionString); string query = "SELECT * FROM UserTBL WHERE Name='"+aUser.Name+"'"; SqlCommand command = new SqlCommand(query, connection); connection.Open(); SqlDataReader reader = command.ExecuteReader(); while (reader.Read()) { lUser.Name = reader["Name"].ToString(); lUser.Password = reader["Password"].ToString(); lUser.UserType = reader["UserType"].ToString(); } reader.Close(); connection.Close(); return lUser; }