Login Page & Redirect the page as per usertype in asp.net using mysql database

Question

0.00/5 (No votes)

See more:

I have two tables in the database:

C#

Login (LID, UName, UPasword, UserType_ID)
UserType(UserType_ID, UserType)

I need to validate username and usertype and create a session variable for UserName(UName).
below code is works like when admin and user login they redirect to gallery.aspx page but i want when admin login then they redirect to "View_Reports.aspx" page and when public user login they redirect to gallery.aspx page

code

C#

protected void Button1_Click1 ( object sender, EventArgs e )
{
	name = TextBox1.Text;
	pwd = TextBox1.Text;
	conn.Open( );
	MySqlCommand cmd = new MySqlCommand( " select * from login  where UName =  '" + name + "'  and  UPasword =  '" + pwd + "' " );
	cmd.Connection = conn;
	// cmd.Connection = conn;
	MySqlDataReader dr = cmd.ExecuteReader( );

	if ( dr.HasRows )
	{
		dr.Read( );
		Session[ " UName" ] = dr[ 1 ].ToString( );
		;
		Session[ " UPasword" ] = dr[ 4 ].ToString( );
		Session[ "UserType_ID" ] = dr[ 0 ].ToString( );
		;
		//Session["prenom"] = dr[2].ToString();
		//Session["telephone"] = dr[3].ToString();

		Response.Redirect( "View_Reports.aspx" );
	}
	else
	{
		Response.Redirect( "gallery.aspx" );
	}

	dr.Close( );
	conn.Close( );
}

Posted 29-Sep-14 22:15pm

Diya Ayesa

Updated 8-Mar-17 16:25pm

Kornfeld Eliyahu Peter

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

VC.J · Answer 1 · 2014-09-30T02:32:00

C#

if (Convert.ToString(Session["UserType_ID"]).Equals("admin"))
            {
                Response.Redirect("View_Reports.aspx",false);
            }
            else
            {
                Response.Redirect("gallery.aspx",false);
            }

to avoid thread abort exception use the above code.

and Kornfeld Eliyahu Peter is right may be UserType_Id is not an admin

Kornfeld Eliyahu Peter · Answer 2 · 2014-09-29T23:58:00

Solution 1

1. Never ever use string concatenation to create SQL query - learn using parametrized SQL query! (A sample for you - http://www.dreamincode.net/forums/topic/268104-parameterizing-your-sql-queries-the-right-way-to-query-a-database/[^])
2. Change your code to check user type after reading it from database than redirect according to it:

C#

if ( dr.HasRows )
{
	dr.Read( );
	Session[ " UName" ] = dr[ 1 ].ToString( );
	;
	Session[ " UPasword" ] = dr[ 4 ].ToString( );
	Session[ "UserType_ID" ] = dr[ 0 ].ToString( );
	;
	//Session["prenom"] = dr[2].ToString();
	//Session["telephone"] = dr[3].ToString();
}
// !!!
if(Convert.ToString(Session[ "UserType_ID" ]) == "admin" )
{
	Response.Redirect( "View_Reports.aspx" );
}
else
{
	Response.Redirect( "gallery.aspx" );
}

Posted 29-Sep-14 23:58pm

Kornfeld Eliyahu Peter

Updated 30-Sep-14 1:42am

v2

Comments

Diya Ayesa 30-Sep-14 7:10am

THANK your for your reply when i try your code it shows me error :Index was outside the bounds of the array. on this line Session[ " UPasword" ] = dr[ 4 ].ToString( );

Kornfeld Eliyahu Peter 30-Sep-14 7:22am

This is your line! I just copied it to here to make the sample complete...

Diya Ayesa 30-Sep-14 7:12am

and warning error : Warning 20 Possible unintended reference comparison; to get a value comparison, cast the left hand side to type 'string'
on this line if ( Session[ "UserType_ID" ] == "admin" )

Kornfeld Eliyahu Peter 30-Sep-14 7:23am

Change the line to
if(Convert.ToString(Session[ "UserType_ID" ]) == "admin" )

Diya Ayesa 30-Sep-14 7:39am

this is the code which i try but admin always goes to gallery page where as i want admin must go to reports page and it not works

if ( dr.HasRows )
{
dr.Read( );
Session[ " UName" ] = dr[ 0 ].ToString( );

Session[ " UPasword" ] = dr[ 1 ].ToString( );
Session[ "UserType_ID" ] = dr[ 2 ].ToString( );

//Session["prenom"] = dr[2].ToString();
//Session["telephone"] = dr[3].ToString();
}
// !!!
if(Convert.ToString(Session[ "UserType_ID" ]) == "admin" )
{
Response.Redirect( "View_Reports.aspx" );
}
else
{
Response.Redirect( "gallery.aspx" );
}

Kornfeld Eliyahu Peter 30-Sep-14 7:42am

Maybe your UserType_ID is not admin? I just wrote that as a sample value, the actual value is known only for you!!!

Member 13047328 8-Mar-17 22:27pm

i try to redirect adminhome or userhome but it cannot redirect.

Member 13047328 8-Mar-17 22:46pm

Protected Sub btncont_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btncont.Click
Dim conn As New SqlConnection(WebConfigurationManager.ConnectionStrings("con1").ConnectionString)
Dim cmd As New SqlCommand("select * from tbluser where UserName=@unm and Password=@pwd", conn)

cmd.Parameters.Add(New SqlParameter("@unm", txtnm.Text))
cmd.Parameters.Add(New SqlParameter("@pwd", Session("pwd")))
conn.Open()
Dim dr As SqlDataReader
dr = cmd.ExecuteReader()
If dr.Read Then
utype = dr.GetString(7)
If utype = "Admin" Then
Response.Redirect("adminhome.aspx?UserName=" & txtnm.Text)
ElseIf utype = "User" Then
Response.Redirect("userhome.aspx?UserName=" & txtnm.Text)
End If
End If

dr.Close()
conn.Close()

End Sub