public void ProcessRequest(HttpContext context)
{
if (context.Request.HttpMethod != "POST")
{
context.Response.End();
}
else
{
// User has already authenticated
if (context.Session["id"] != null)
{
context.Response.Redirect("index.aspx");
return;
}
// Determine if authentication is successful
AuctionDB db = new AuctionDB();
int userid = db.Authenticate(context.Request.Form["username"], context.Request.Form["password"]);
if (userid > -1)
{
// User successfully authenticated, log them in by adding the username key to our session
context.Session.Add("id", userid);
context.Session.Add("username", context.Request.Form["username"]);
context.Response.Redirect("index.aspx");
return;
}
else
{
// User failed to authenticate, kick them out
context.Session.Abandon();
context.Response.Redirect("index.aspx");
return;
}
}
}
