protected void Login(object sender, EventArgs e) { System.Threading.Thread.Sleep(3000); UserModule userModule = new UserModule(); string userid = input_userid.Text; string password = input_password.Text; try { UserAccount authenticatedUser = userModule.login(userid, password); SessionIDManager sessionIdManager = new SessionIDManager(); string newId = sessionIdManager.CreateSessionID(Context); string oldUserId = ""; string oldUsername = ""; string oldUserRole = ""; if(Session["userid"] != null) oldUserId = Session["userid"].ToString(); if(Session["username"] != null) oldUsername = Session["username"].ToString(); if(Session["userRole"] != null) oldUserRole = Session["userRole"].ToString(); Session["userid"] = userid; Session["username"] = authenticatedUser.USERNAME; Session["userRole"] = authenticatedUser.ROLE; //Session["Sessionid"] = Session.SessionID; //Unnecessary if (Session["previous_url"] != null && userid.Equals(oldUserId)) //impt! potential security vulnerability { string previous_url = Session["previous_url"].ToString(); Session["previous_url"] = ""; //Clear session variable just in case Response.Redirect(previous_url); } string redirectURL = UserRoleDispatcher.getPageByUserRole(authenticatedUser.ROLE); if (redirectURL.Length <= 0) { throw new Exception("No role configured for " + authenticatedUser.ROLE + " yet, please contact administrator."); } Response.Redirect(redirectURL); } catch (LoginException lex) { login_message.Controls.Add(new LiteralControl( "<div class='alert alert-danger col-sm-10 col-sm-offset-1'>" + lex.Message + "</div>")); } catch (Exception ex) { login_message.Controls.Add(new LiteralControl( "<div class='alert alert-danger col-sm-10 col-sm-offset-1'>" + ex.Message + "</div>")); } }
public void login(string userid, string password) { UserModule userModule = new UserModule(); userModule.login(userid, password); }