// GET: MyOrders public ActionResult MyOrders() { List <Orders> order1 = Data_Orders.ordersList_method(); ViewData["list"] = order1; string sessionId = Data_Session.GetSessionId(); using (SqlConnection C = new SqlConnection(Datalink.connectionString)) { C.Open(); string query = @"SELECT * FROM User_Info WHERE SessionId= '" + sessionId + "'"; SqlCommand cmd = new SqlCommand(query, C); SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { var userId = (int)reader[0]; ViewData["Userid"] = userId; } } return(View()); }
public ActionResult Login(string Username, string Password) { if (Username == null || Password == null) { return(View()); //display home screen } else { string Hash_Password = GetMD5Hash(Password); Debug.WriteLine(Hash_Password); Customers user = Data_User.GetUserInfo(Username); if (user == null || user.Password != Hash_Password) { return(View()); //display home screen } string sessionId = Data_Session.NewSession(user.Id); //Start new session return(RedirectToAction("Search", "Gallery", new { uid = user.Id, username = Username, ses_id = sessionId })); } }
public ActionResult Logout(string sessionId) { Data_Session.DeleteSession(sessionId); return(RedirectToAction("Login", "Login")); }