if-else condition in asp.net while creating login page is not working properly?

F

Faisal

New member
Dear all, there are two users in database Administrator and HRmanager i am making session when user input username and password but the problem is that only if i am using administrator this can access the administrator page but if i give HRmanager username and password it is not opening the page. code is here

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

namespace e_management
{
public partial class _Default : System.Web.UI.Page
{
String pageref;
protected void Page_Load(object sender, EventArgs e)
{
pageref = Request.Params["flag"];
}

protected void login(object sender, EventArgs e)
{
if ((UserName.Text.ToString() == "") || (Password.Text.ToString() == ""))
{
Error.Text = "Fields Empty! All Fields are required";
}
else
{
try
{
SqlConnection connection = new SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\emg-db.mdf;Integrated Security=True;User Instance=True");
SqlCommand command = new SqlCommand("SELECT * FROM login WHERE userName=@User AND password=@Password", connection);

SqlParameter param1 = new SqlParameter();
param1.ParameterName = "@User";
param1.Value = UserName.Text.ToString();

SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@Password";
param2.Value = Password.Text.ToString();

command.Parameters.Add(param1);
command.Parameters.Add(param2);

connection.Open();

SqlDataReader dataReader = command.ExecuteReader();

if (dataReader.HasRows)
{
dataReader.Read();
Session["Role"] = dataReader["role"].ToString();
String eRole = Session["Role"].ToString();

if (pageref != null)
{
pageref += ".aspx";
Response.Redirect(pageref);
}
else { }

if (eRole == "Administrator")
{
Response.Redirect("Administrator.aspx");
}
else if (eRole=="Hrmanager")
{
Response.Redirect("Test.aspx");
}
}
else
{
Error.Text = "Invalid Login";
}
connection.Close();
}
catch (Exception ex)
{
Error.Text = ex.ToString();

}
}
}
}
}
 
Back
Top