SqlConnection conn = new SqlConnection();
conn.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["leave"].ConnectionString;
conn.Open();
string uname = TextBox1.Text;
string pswd = Textbox2.Text;
SqlCommand cmd = new SqlCommand("Select uname, pswd from emp_details where uname =@uname and pswd =@pswd", conn);
cmd.Parameters.Add(new SqlParameter("@uname",uname));
cmd.Parameters.Add(new SqlParameter("@pswd",pswd));
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
string str = dr.GetString(0).ToString();
dr.Close();
SqlCommand cmd2 = new SqlCommand("select role from users where uname=@str",conn);
cmd.Parameters.Add(new SqlParameter("@str",str));
SqlDataReader dr2 = cmd2.ExecuteReader();
if (dr2.Read())
{
string role1= dr2.GetString(0).ToString();
dr2.Close();
if (role1== "user")
Response.Redirect("user.aspx");
if (role1== "CEO")
Response.Redirect("ceo.aspx");
}
}
else
{
Response.Write("<script type='text/javascript'>");
Response.Write("alert('Username does not exists.');");
Response.Write("document.location.href='SignUp.aspx';");
Response.Write("</script>");
}