using System;
using System.Configuration;
using System.Data.SqlClient;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void LoginButton_Click(object sender, EventArgs e)
{
String cs = ConfigurationManager.ConnectionStrings["csString"].ConnectionString;
String strUserName = UserName.Text;
String strPassword = Password.Text;
String strUserId = “”;
String strMemberId = “”;
String strRoleId = “”;
DateTime dtLogDate = DateTime.Now;
String strQuery = “SELECT ” +
“user_id, ” +
“member_id, ” +
“role_id ” +
“FROM ” +
“application_users ” +
“WHERE ” +
“username = ‘” + strUserName + “‘ ” +
“AND ” +
“password = ‘” + strPassword + “‘”;
SqlConnection cn = new SqlConnection(cs);
SqlCommand cmd = new SqlCommand(strQuery, cn);
cn.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (!dr.HasRows)
{
Response.Redirect(“Failure.aspx”);
}
while (dr.Read())
{
strUserId = dr["user_id"].ToString();
strMemberId = dr["member_id"].ToString();
strRoleId = dr["role_id"].ToString();
}
Session["snLog"] = dr;
String strSession = Session.SessionID.ToString();
cn.Close();
String strInsert = “INSERT INTO ” +
“application_logs ” +
“(user_id, ” +
“log_datetime, ” +
“log_session) ” +
“VALUES (” +
@strUserId + “, ‘” +
@dtLogDate + “‘, ” +
“‘” + @strSession + “‘)”;
SqlConnection cnInsert = new SqlConnection(cs);
SqlCommand cmdInsert = new SqlCommand(strInsert, cnInsert);
//Add SqlParameters to the SqlCommand
cmdInsert.Parameters.AddWithValue(“@strUserId”, strUserId);
cmdInsert.Parameters.AddWithValue(“@dtLogDate”, dtLogDate);
cmdInsert.Parameters.AddWithValue(“@strSession”, strSession);
cnInsert.Open();
cmdInsert.ExecuteNonQuery();
cnInsert.Close();
Response.Redirect(“Success.aspx”);
}
}
