Click here to Skip to main content
15,918,624 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have two tables in the database:
C#
Login (LID, UName, UPasword, UserType_ID)
UserType(UserType_ID, UserType)

I need to validate username and usertype and create a session variable for UserName(UName).
below code is works like when admin and user login they redirect to gallery.aspx page but i want when admin login then they redirect to "View_Reports.aspx" page and when public user login they redirect to gallery.aspx page

code
C#
protected void Button1_Click1 ( object sender, EventArgs e )
{
	name = TextBox1.Text;
	pwd = TextBox1.Text;
	conn.Open( );
	MySqlCommand cmd = new MySqlCommand( " select * from login  where UName =  '" + name + "'  and  UPasword =  '" + pwd + "' " );
	cmd.Connection = conn;
	// cmd.Connection = conn;
	MySqlDataReader dr = cmd.ExecuteReader( );

	if ( dr.HasRows )
	{
		dr.Read( );
		Session[ " UName" ] = dr[ 1 ].ToString( );
		;
		Session[ " UPasword" ] = dr[ 4 ].ToString( );
		Session[ "UserType_ID" ] = dr[ 0 ].ToString( );
		;
		//Session["prenom"] = dr[2].ToString();
		//Session["telephone"] = dr[3].ToString();

		Response.Redirect( "View_Reports.aspx" );
	}
	else
	{
		Response.Redirect( "gallery.aspx" );
	}

	dr.Close( );
	conn.Close( );
}
Posted
Updated 8-Mar-17 16:25pm
v2

C#
if (Convert.ToString(Session["UserType_ID"]).Equals("admin"))
            {
                Response.Redirect("View_Reports.aspx",false);
            }
            else
            {
                Response.Redirect("gallery.aspx",false);
            }


to avoid thread abort exception use the above code.

and Kornfeld Eliyahu Peter is right may be UserType_Id is not an admin
 
Share this answer
 
1. Never ever use string concatenation to create SQL query - learn using parametrized SQL query! (A sample for you - http://www.dreamincode.net/forums/topic/268104-parameterizing-your-sql-queries-the-right-way-to-query-a-database/[^])
2. Change your code to check user type after reading it from database than redirect according to it:
C#
if ( dr.HasRows )
{
	dr.Read( );
	Session[ " UName" ] = dr[ 1 ].ToString( );
	;
	Session[ " UPasword" ] = dr[ 4 ].ToString( );
	Session[ "UserType_ID" ] = dr[ 0 ].ToString( );
	;
	//Session["prenom"] = dr[2].ToString();
	//Session["telephone"] = dr[3].ToString();
}
// !!!
if(Convert.ToString(Session[ "UserType_ID" ]) == "admin" )
{
	Response.Redirect( "View_Reports.aspx" );
}
else
{
	Response.Redirect( "gallery.aspx" );
}
 
Share this answer
 
v2
Comments
Diya Ayesa 30-Sep-14 7:10am    
THANK your for your reply when i try your code it shows me error :Index was outside the bounds of the array. on this line Session[ " UPasword" ] = dr[ 4 ].ToString( );
Kornfeld Eliyahu Peter 30-Sep-14 7:22am    
This is your line! I just copied it to here to make the sample complete...
Diya Ayesa 30-Sep-14 7:12am    
and warning error : Warning 20 Possible unintended reference comparison; to get a value comparison, cast the left hand side to type 'string'
on this line if ( Session[ "UserType_ID" ] == "admin" )
Kornfeld Eliyahu Peter 30-Sep-14 7:23am    
Change the line to
if(Convert.ToString(Session[ "UserType_ID" ]) == "admin" )
Diya Ayesa 30-Sep-14 7:39am    
this is the code which i try but admin always goes to gallery page where as i want admin must go to reports page and it not works

if ( dr.HasRows )
{
dr.Read( );
Session[ " UName" ] = dr[ 0 ].ToString( );

Session[ " UPasword" ] = dr[ 1 ].ToString( );
Session[ "UserType_ID" ] = dr[ 2 ].ToString( );

//Session["prenom"] = dr[2].ToString();
//Session["telephone"] = dr[3].ToString();
}
// !!!
if(Convert.ToString(Session[ "UserType_ID" ]) == "admin" )
{
Response.Redirect( "View_Reports.aspx" );
}
else
{
Response.Redirect( "gallery.aspx" );
}

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900