2

The code verifies username and password and then compare the inserted data with stored data in database if they are same then redirect user to profile, but could not figure out why the code here does not do that as expected! 

com.CommandText = "select [id], [username],[password], [type] FROM [users] WHERE [username] =@username AND [password]= @pass";
com.Parameters.AddWithValue("@username", UserName.Text);
com.Parameters.AddWithValue("@pass", Password.Text);
//  conn.Open();
SqlDataReader rd = com.ExecuteReader();
if (rd.Read())
    {

 var _id = rd["id"].ToString();
 var _type = rd["type"].ToString();
 var _username = rd["username"].ToString();
 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(

           1,
           _id,
           DateTime.Now,
           DateTime.Now.AddMonths(1),
           true,
           _type + "." + _username,
           FormsAuthentication.FormsCookiePath);
        string hashed_ticket = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashed_ticket);

        if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

        Response.Cookies.Add(cookie);

        // Response.Redirect("~/Admin/Profile.aspx");

        if (_type == "admin")
        {
            Response.Redirect("~/UserProfile.aspx");

        }

    }

    else
    {
        lb.Text = "invalid  username or password!";

    }
    rd.Close();
    conn.Close();
}
CharithJ
  • 46,289
  • 20
  • 116
  • 131
Saif AL-Qiari
  • 469
  • 5
  • 20

0 Answers0