This is my code.
Imports System.Data.SqlClient
Imports System.Data
Imports System
Imports System.Web.Security
Imports System.Data.SqlClient.SqlDataAdapter
Partial Class Home
Inherits System.Web.UI.Page
Dim conn As New SqlConnection
Dim comm As SqlCommand
Protected Sub Register_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Register.Click
Response.Redirect("RegisterUsers.aspx")
End Sub
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
conn = New SqlConnection("Data Source=NJOROGE-PC\SQLEXPRESS;Initial Catalog=HotelPortal;User ID=Njoroge;Password=leonard")
Dim Type As String
Type = UserType.SelectedItem.Value
'conn = New SqlConnection()
Dim Cmd As SqlCommand = New SqlCommand("Authenticate", conn)
Cmd.CommandType = CommandType.StoredProcedure
Dim Convert As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1")
Dim ParamUsername As SqlParameter = New SqlParameter("@UserId", SqlDbType.NVarChar, 50)
ParamUsername.Value = txtUsername.Text
Cmd.Parameters.Add(ParamUsername)
Dim ParamPassword As SqlParameter = New SqlParameter("@Password", SqlDbType.NVarChar, 50)
ParamPassword.Value = Convert
Cmd.Parameters.Add(ParamPassword)
Dim ParamType As SqlParameter = New SqlParameter("@Type", SqlDbType.Char, 10)
ParamType.Value = UserType.SelectedItem.Value
Cmd.Parameters.Add(ParamType)
'Dim ParamOutres As SqlParameter = New SqlParameter("@OutRes", SqlDbType.Int, 4)
'Cmd.Parameters.Add(ParamOutres)
'Cmd.Parameters("@OutRes").Direction = ParameterDirection.Output
Try
conn.Open()
'Dim ReturnCode As Integer = (Cmd.Parameters("@OutRes").Value)
Dim ReturnCode As Integer = CInt(Cmd.ExecuteScalar())
If ReturnCode = 1 Then
'FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)
If Type = "Admin" Then
Response.Redirect("AdminHome.aspx")
ElseIf Type = "Visitor" Then
Response.Redirect("UserHome.aspx")
Else
PopUp.Text = "Wrong UserName, UserType Or Password!"
End If
Else
PopUp.Text = "Wrong UserName, UserType Or Password!"
End If
Catch ex As Exception
PopUp.Text = ex.ToString
conn.Close()
End Try
End Sub
End Class
And this is the stored Procedure.
create procedure [dbo].[Authenticate]
@UserId nvarchar (50),
@Password nvarchar (50),
@Type char (10)
as
begin
declare @Count int
select @Count = count(UserId) from Users
where [UserId] = @UserId And [Password] = @Password And [Type] = @Type
if (@Count=1)
begin
select 1 as ReturnCode
end
else
begin
select -1 as ReturnCode
end
end
Njoroge, if this helps please login to Mark As Answer. | Alert Moderator