Пример #1
0
        public PricingUser Userlogin(PricingUser User_)
        {
            PricingUser DBUser = new PricingUser();
            bool blnAreThereErrors = false;
            bool blnHasRows = false;

            try
            {
                sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]);
                sqlConnectionX.Open();

                sqlCommandX = new SqlCommand();
                sqlCommandX.Connection = sqlConnectionX;
                sqlCommandX.CommandType = CommandType.StoredProcedure;
                sqlCommandX.CommandText = "spx_Pricing_UserAuth";

                sqlParam = new SqlParameter("UserName", User_.Username);
                sqlCommandX.Parameters.Add(sqlParam);
                sqlDR = sqlCommandX.ExecuteReader();

                while (sqlDR.Read())
                {
                    DBUser.UserID = sqlDR.GetInt32(0);
                    DBUser.Username = sqlDR.GetString(1);
                    DBUser.Password = sqlDR.GetString(2);
                }

                blnHasRows = sqlDR.HasRows;

                sqlDR.Close();
                sqlCommandX.Cancel();
                sqlCommandX.Dispose();

                if (blnHasRows)
                {
                    //Check the password is correct
                    bool flag = VerifyHash(User_.Password, "SHA512", DBUser.Password);
                    if (flag != true)
                    {
                        blnAreThereErrors = true;
                        if (DBUser.Result != null)
                        {
                            DBUser.Result += ", User password is incorrect";
                        }
                        else
                        {
                            DBUser.Result = "User password is incorrect";
                        }
                    }
                    else
                    {
                        DBUser.Result = "Success";
                        DBUser.Password = "";
                    }
                }
                else
                {
                    DBUser.Result = "User does not exist";
                    DBUser.Password = "";
                }

            }
            catch (Exception ex)
            {
                DBUser.Result = ex.Message;
                return DBUser;
            }
            //finally
            //{
            //    sqlDR.Close();
            //    sqlDR.Dispose();
            //    sqlConnectionX.Close();
            //}

            return DBUser;
        }
Пример #2
0
        protected void RadButtonLogin_Click(object sender, EventArgs e)
        {
            try
            {
                PricingUser User = new PricingUser();
                User.Username = RadTextBoxUsername.Text;
                User.Password = RadTextBoxPassword.Text;

                User = Userlogin(User);

                if (User.Result == "Success")
                {
                    DataSet dsUserMenu = Get_UserMenu(User.UserID);

                    Session["UserID"] = User.UserID;
                    Session["UserMenu"] = dsUserMenu;
                    Response.Redirect("Quote.aspx",false);
                }
                else
                {
                    lblInfo.Text = User.Result;
                }
            }
            catch (Exception ex)
            {

                lblInfo.Text = ex.Message;
            }
        }