I have this login code which I use to login any user based on their roles. An admin is redirected to the pages in the Admin folder, while other users are redirected to pages in the root directory. This was working fine for a very long time. Suddenly, it decided to give me error when I tried to login as an admin. However, when I login as normal user, the redirection is okay; it redirects normal user to the user pages in the root directory.
Here is my login code
protected void ValidateUser(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text))
{
string connectionString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand("SELECT Uid, RoleId FROM Users WHERE email = @email AND pass = @pass", con))
{
con.Open();
cmd.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
cmd.Parameters.AddWithValue("@pass", Encrypt(txtPassword.Text.Trim()));
//string Id = Convert.ToString(cmd.ExecuteScalar());
SqlDataReader sdr = cmd.ExecuteReader();
string Id = string.Empty, RoleId = string.Empty;
if (sdr.Read())
{
Id = Convert.ToString(sdr["Uid"]);
RoleId = Convert.ToString(sdr["RoleId"]);
}
con.Close();
if (!string.IsNullOrEmpty(Id))
{
string users = "";
using (SqlCommand cmd1 = new SqlCommand("SELECT Uid FROM UserActivation WHERE Uid = @Uid"))
{
cmd1.CommandType = CommandType.Text;
cmd1.Parameters.AddWithValue("@Uid", Id);
cmd1.Connection = con;
con.Open();
users = Convert.ToString(cmd1.ExecuteScalar());
con.Close();
}
if (string.IsNullOrEmpty(users))
{
int user = 0;
using (SqlCommand cmd2 = new SqlCommand("SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass"))
{
cmd2.CommandType = CommandType.Text;
cmd2.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
cmd2.Parameters.AddWithValue("@pass", Encrypt(txtPassword.Text.Trim()));
cmd2.Connection = con;
con.Open();
user = Convert.ToInt32(cmd2.ExecuteScalar());
con.Close();
}
if (user > 0)
{
Session["user"] = Id;
con.Open();
string query = "SELECT Suspend from Users WHERE Uid = @Uid";
using (SqlCommand cmd3 = new SqlCommand(query, con))
{
cmd3.Parameters.AddWithValue("@Uid", Session["user"]);
DataTable dtb = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd3);
da.Fill(dtb);
string suspend = dtb.Rows[0]["Suspend"].ToString().Trim().ToLower();
if (suspend == "0")
{
string UpdateLog = @"UPDATE Users SET LastLogin=@dateandtime, IsActive=@IsActive WHERE Uid = @Uid";
using (SqlCommand cmd4 = new SqlCommand(UpdateLog, con))
{
cmd4.Parameters.AddWithValue("@dateandtime", DateTime.UtcNow);
cmd4.Parameters.AddWithValue("@IsActive", "1");
cmd4.Parameters.AddWithValue("@Uid", Session["user"]);
cmd4.ExecuteNonQuery();
con.Close();
}
SqlCommand cmd5 = new SqlCommand("SELECT RoleName From [RoleTable] WHERE RoleId = @RoleId", con);
con.Open();
cmd5.Parameters.AddWithValue("@RoleId", RoleId);
DataTable dt = new DataTable();
SqlDataAdapter sda = new SqlDataAdapter(cmd5);
sda.Fill(dt);
if (dt.Rows.Count > 0)
{
string roles = dt.Rows[0]["RoleName"].ToString().Trim().ToLower();
if (roles == "superadmin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/Admin/admindashboard.aspx");
}
else if (roles == "admin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/Admin/admindashboard.aspx");
}
else if (roles == "superuser")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("Overview.aspx");
}
else if (roles == "user")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("Overview.aspx");
}
else
{
Response.Redirect("Login.aspx");
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has been Temporary Suspended";
}
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has not been activated";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Login Details";
txtPassword.Text = "";
txtPassword.Focus();
}
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}