protected void Login_Click(object sender, EventArgs e) { Validate validate = new Validate(); string user="",password=""; if (validate.isValidInput(UserName, 3)) user = UserName.Text.Trim(); else showMessage("Invalid User Name"); if (validate.isValidInput(Password, 3)) password = Password.Text.Trim(); else showMessage("Invalid Password"); int res = new ValidateUser().isValidUser(user,password); if (res > 0) { string strUser = "******" + "um_logstat,um_special,um_group_id,um_email,um_lastresetday,datediff(d, um_lastresetday, getdate()) as intDay," + "um_resetpwddays, um_locked, um_poaforpayin,um_status from User_master where um_user_id ='" + user + "'"; DBHelper db = new DBHelper(); DataTable dt = db.executeQuery(strUser); db.setSessionValue("UserId", user); db.setSessionValue("Password", password); db.setSessionValue("UserGroup", db.GetDtValue(dt, "um_group_id")); Response.Redirect("~/Home.aspx"); db.setSessionValue("LoginPage","~/Login.aspx"); } else { showMessage("Invalid User Name / Password"); } }
public int isValidUser(string user,string password) { try { string strQuery = "select count(um_user_id) from User_master where um_user_id ='" + user + "' and um_passwd='" + password + "'"; DBHelper db = new DBHelper(); //string result = db.executeScalar(strQuery); int res = Convert.ToInt32(db.executeScalar(strQuery)); if (res > 0) db.setSessionValue("UserId", user.Trim()); return res; } catch (Exception) { return 0; } }