Click here to Skip to main content
15,889,595 members
Search within:


How do I find out which user is logged in
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
SQL
I have a Login page. There is a table named user_privilege and column named user_type. There is two values in it Staff and Admin now i want to find out which user had logged in so we can let them in their respective areas. I am having hard time figuring out how

What I have tried:

protected void btnLogin_Click(object sender, EventArgs e)
        {
            using (SqlConnection con = new SqlConnection(@"Data Source =DESKTOP- 
            RVF1OET\SQLEXPRESS; Initial Catalog = ClothStockManagement; Integrated 
            Security = True;"))
            {
                con.Open();
                string query = "select count(1) from user_privilege where 
                user_id=@username and password=@password";

                string userType= "select user_type from user_privilege";

                SqlCommand cmd = new SqlCommand(query, con);
                cmd.Parameters.AddWithValue("@username", userNameBox.Text.Trim());
                cmd.Parameters.AddWithValue("@password", passwordBox.Text.Trim());
                int count = Convert.ToInt32(cmd.ExecuteScalar());
                if (count == 1)
                {
                 if (userType == "Staff")
                    {

                        messageBox.Text = "Staff";
                        Response.Redirect("test.aspx");
                        
                    }
                    else
                    {
                        Session["admin"] = userNameBox.Text;
                        Response.Redirect("AdminDashboard.aspx");
                        messageBox.Text = "Ad";
                    }
                }

                else
                {
                    messageBox.Text = "Failed";
                }
            }
        }
Posted
Updated 20-Apr-18 23:45pm
Add a Solution

1 solution

First of all, never store the passwords as plain text. Have a look at Password Storage: How to do it.[^]

About the question itself, instead of counting the records, select the actual data. In other words something like
C#
string query = "select user_type from user_privilege where 
                user_id=@username and password=@password";


You can then use SqlCommand.ExecuteReader Method (System.Data.SqlClient)[^] to run the query and investigate the data returned.

ADDITION

As a samll example of using a reader, consider the following. Note this doesn't fix the password problem.
C#
...
con.Open();
string query = "select user_type from user_privilege where user_id=@username and password=@password";

SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@username", userNameBox.Text.Trim());
cmd.Parameters.AddWithValue("@password", passwordBox.Text.Trim());

SqlDataReader reader = command.ExecuteReader();
if  !(reader.Read()) {
   messageBox.Text = "User not found";
   Response.Redirect("test.aspx");
} else  if (reader[0].ToString() == "Staff") {
   messageBox.Text = "Staff";
   Response.Redirect("test.aspx");
} else  {
   Session["admin"] = userNameBox.Text;
   Response.Redirect("AdminDashboard.aspx");
   messageBox.Text = "Ad";
}

else
{
    messageBox.Text = "Failed";
}
...
 
Share this answer
 
Posted
Updated 21-Apr-18 0:53am
v4
Comments
Subit Timalsina 21-Apr-18 6:03am    
Thanks a lot bro for the suggestion i will try performing hashing but this is my first time working with these kind of things can u provide it here if possible
Wendelius 21-Apr-18 6:09am    
Not sure what you mean, the tip has some code almost ready to use.

Or are you referring to something else?
Subit Timalsina 21-Apr-18 6:15am    
I tried it but it is not working
U meant this right
string userType = "select user_type from user_privilege where user_id =@username and password =@password";
SqlCommand cmd = new SqlCommand(userType, con);
cmd.Parameters.AddWithValue("@username", userNameBox.Text.Trim());
cmd.Parameters.AddWithValue("@password", passwordBox.Text.Trim());
int count = Convert.ToInt32(cmd.ExecuteScalar());
Wendelius 21-Apr-18 6:21am    
The command looks better now. I would suggest trying to make it work first without worrying about the password. When you get the relevant data then concentrate on the password issue.

The problem with the password is not corrected only by making changes to the SELECT statement, you also need to modify inserting the data into the user_privilege table. This is why it's going to take some more effort to make it work.
Wendelius 21-Apr-18 6:23am    
Oh, another thing, you're not getting the count anymore so don't try to use the return value like that. Take a look at the example in the MS docs I linked to the answer. It describes how to use Read method to read the rows.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How do i...get logged user email with identity server 4
C# export logs to 2 txt files
How I do resolve log in form in vue
How do I find which editor is using these symbols?
Users logged in time and logged out time
Finding the event logs message template and reading it
Is there a way to find which COM pointers are not released?
How to find IP Address of logged in user
to find log report of user
trigger an jQuery UI Dialog if user not logged in.

Advertise
Privacy
Cookies
Terms of Use
Last Updated 21 Apr 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900