using System;using System.Collections.Generic;using System.Linq;using Syst

1. using System;
2. using System.Collections.Generic;
3. using System.Linq;
4. using System.Web;
5. using System.Web.UI;
6. using System.Web.UI.WebControls;
7.  
8. public partial class Login : System.Web.UI.Page
9. {
10. protected void Page_Load(object sender, EventArgs e)
11. {
12. if (Request.Form["submit"] != null)
13. {
14. string username = Request.Form["userName"];
15. string password = Request.Form["password"];
16. string Status = "";
17.  
18. if ((username == null) || (username == "") || (password == "") || (password == null))
19. {
20. Status = "Fill all the details";
21. }
22. else
23. {
24. string filename = "db.mdf";
25. string tablename = "siteusers";
26. string selectquery = "SELECT * FROM " + tablename + " WHERE userName ='" + Request.Form["userName"] + "'";
27. string checkadmin = "SELECT * FROM " + tablename + " WHERE userName ='" + Request.Form["userName"] + "'";
28. checkadmin += " AND IsAdmin ='true'";
29. string adminquery="SELECT IsAdmin FROM siteusers WHERE userName ='"+Request.Form["userName"]+"'";
30. if (MyAdoHelper.IsExist(filename, selectquery) == true)
31. {
32. selectquery += " AND password ='" + password + "'";
33. if (MyAdoHelper.IsExist(filename, selectquery))
34. {
35. if (MyAdoHelper.IsExist(filename,checkadmin))
36. {
37. Session["Admin"] = Request.Form["userName"];
38. Session["User"] = Request.Form["userName"];
39. Status = "Login as admin";
40. Response.Write(Status);
41. Response.AddHeader("REFRESH", "1;URL=Default.aspx");
42. Response.End();
43. }
44. else
45. {
46. Session["User"] = Request.Form["userName"];
47. Status = "Login Successful";
48. Response.Write(Status);
49. Response.AddHeader("REFRESH", "1;URL=Default.aspx");
50. Response.End();
51. }
52. }
53. else
54. {
55. Status = "Password is invalid";
56. }
57. }
58. else
59. {
60. Status="Username is invalid";
61. }
62. }
63. Response.Write(Status);
64. Response.AddHeader("REFRESH", "1;URL=Login.aspx");
65. Response.End();
66. }
67. }
68. }