Last post Nov 04, 2013 04:00 AM by hans_v
Nov 01, 2013 05:35 PM|pbuddy|LINK
I'm fairly new to ASP.NET so go easy on me!
I've set-up a table within a database which contains the following columns "StudentID", "StudentPassword" and "Type" (type refering to the type of user eg admin, student, lecturer). I'm going to change the column names from "StudentID" to "ID" and "StudentPassword"
to just "password" eventually and just put all user credentials in the same table regardless of their types.
I've got it set-up so that the values in the database are checked against the credentials entered into the textboxes. If both values are correct in the database, then the user will be redirected to the test.aspx page. However I now want it set-up so that
if an admin member were to login, then they'd be directed to an admin page rather than having the three types of members go to the same page. The same would happen for a student and lecturer EG If a student were to login, then they'd be directed to a student
Obviously I know to utilise the "Type" column but I have no idea what code I'm supposed to enter. I received most of my code from tutorials, but I don't fully understand them yet. Here's the code I have in the behind file for the login page. The name
of the table is "Student" but again the name will probably be changed, as the table will eventually hold all user credentials regardless of type.
public partial class Login : System.Web.UI.Page
protected void Page_Load(object sender, EventArgs e)
protected void Button1_Click(object sender, EventArgs e)
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["LogConnectionString"].ConnectionString);
string cmdStr="Select count(*) from Student where StudentID='" + TextBox1.Text + "'";
SqlCommand Checkuser=new SqlCommand(cmdStr,con);
string cmdStr2="Select StudentPassword from Student where StudentID='" + TextBox1.Text + "'";
SqlCommand pass = new SqlCommand (cmdStr2, con);
string StudentPassword = pass.ExecuteScalar().ToString();
if (StudentPassword == TextBox2.Text)
Session["New"] = TextBox1.Text;
Label1.Visible = true;
Label1.Text="Invalid username or password";
Label1.Visible = true;
Label1.Text = "Invalid username or password";
Nov 04, 2013 03:18 AM|Michelle Ge - MSFT|LINK
According to the code, they go to check the user information by two parts.
First, it will get the all the information via the StudentId as the query condition.
Second, is the StudentID is exist in the DataTable, it will go to get the Password by the StudentID as the query condition. If the Password is same with the user gave, it will redirect to the test page.
Hope you can understanding my descrition.
If we want to redirect to different pages with the different types, please refer to the suggestion below:
First we should check the StudentID and Password are exist in the DataTable.
Second, if the StudentID and the Password are exits in the DataBase, we should get the type of the StudentID via the StudentID query condition.
Hope it’s useful for you.
Nov 04, 2013 04:00 AM|hans_v|LINK
First of all, start reading about the risks of SQL injections, and how to prevent them:
Then start reading about forms authentication