protected void btnLogin_Click(object sender, EventArgs e) { ThesysController.QueryExecuteWithParameters("sp_UserExpiryCheck", new string[0], new string[0]); string username = txtUserName.Text.ToString(); byte[] hashedBytes; // PASSWORD MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider(); UTF8Encoding encoder = new UTF8Encoding(); hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text.ToString())); DataSet ds = new DataSet(); using (SqlConnection con = new SqlConnection(ThesysController.ConnectionString)) { using (SqlCommand com = new SqlCommand("SELECT * FROM v_UserPasswords WHERE user_name=@username AND password=@password", con)) { con.Open(); com.Parameters.AddWithValue("@username", username); com.Parameters.AddWithValue("@password", hashedBytes); SqlDataAdapter da = new SqlDataAdapter(com); da.Fill(ds); con.Close(); if (ds.Tables[0].Rows.Count > 0) { Session["user_id"] = ds.Tables[0].Rows[0]["id"].ToString(); Session["user_type"] = ds.Tables[0].Rows[0]["type"].ToString(); switch (ds.Tables[0].Rows[0]["type"].ToString()) { case "Admin": Response.Redirect("administrator/dashboard.aspx"); break; case "Student": Response.Redirect("student/dashboard.aspx"); break; case "Faculty": Response.Redirect("faculty/dashboard.aspx"); break; case "Visitor": Response.Redirect("visitor/dashboard.aspx"); break; } } else { Response.Redirect("Default.aspx"); } } } }
protected void Page_Load(object sender, EventArgs e) { if (Session["user_id"] == null) { Response.Redirect("../Default.aspx"); } else { if (Session["user_type"].ToString() != "Admin") { Response.Redirect("not_admin"); } } string user_id = (string)Session["user_id"]; string full_name = ThesysController.GetStringFromQuery("SELECT CONCAT(last_name,', ',first_name) FROM v_Admins WHERE id=" + user_id); lblUserFullName_Header.Text = full_name; lblUserFullName_Panel.Text = full_name; lblUserFullName_Sidebar.Text = full_name; if (!IsPostBack) { } }