public ActionResult DoLogin() { var username = Request.Form["username"]; var pass = Request.Form["pass"]; var sm = ""; var cmd = new SqlCommand(); cmd.CommandText = "getUser"; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@username", SqlDbType.VarChar, 90).Value = username.ToString(); DataTable dt = new LHR.lib.DataAdapter().ExecPro(cmd); if (dt.Rows.Count > 0) { DataRow dr = dt.NewRow(); dr = dt.Rows[0]; if (dr[7].ToString() == LHR.lib.CoreSecurity.getMd5Hash(pass)) { Session["userid"] = dr[0].ToString(); Session["username"] = username; Session["groupid"] = dr[8].ToString(); sm = "yes"; } else { sm = "no"; } } else { sm = "no"; } return(Content(sm)); }