I have been able to create new user ID as auto-generated numbers and save in database table. How can I pass the user ID from database as QueryString when user logs in? I know to pass QueryString is:
object ClientID = cmd.ExecuteScalar();
con.Close();
Session["user"] = ClientID;
Response.Redirect("Page2.aspx?Id=" + ClientID);
But I don’t know how to pass it when user logs in. I want it that after successful login the user ID will be shown as QueryString on the address tab.
Here is my Login code
protected void Button1_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text))
{
SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Dataregister.mdf;Integrated Security = True");
string check = "SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass";
SqlCommand com = new SqlCommand(check, con);
con.Open();
com.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
com.Parameters.AddWithValue("@pass", txtPassword.Text.Trim());
string Uid = Convert.ToString(com.ExecuteScalar());
con.Close();
if (!string.IsNullOrEmpty(Uid))
{
string users = "";
using (SqlCommand cmd = new SqlCommand("SELECT Uid FROM UserActivation WHERE Uid = @Uid"))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@Uid", Uid);
cmd.Connection = con;
con.Open();
users = Convert.ToString(cmd.ExecuteScalar());
con.Close();
}
if (string.IsNullOrEmpty(users))
{
int user = 0;
using (SqlCommand cmd = new SqlCommand("SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass"))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
cmd.Parameters.AddWithValue("@pass", txtPassword.Text.Trim());
cmd.Connection = con;
con.Open();
user = Convert.ToInt32(cmd.ExecuteScalar());
con.Close();
}
if (user > 0)
{
Session["user"] = user;
con.Open();
string query = "SELECT LastLogin, IsActive from Users WHERE Uid = @Uid";
using (SqlCommand cmd = new SqlCommand(query, con))
{
cmd.Parameters.AddWithValue("@Uid", Session["user"]);
Session["LastLogin"] = Convert.ToDateTime(cmd.ExecuteScalar());
}
string UpdateLog = @"UPDATE Users SET LastLogin=@dateandtime, IsActive=@IsActive WHERE Uid = @Uid";
using (SqlCommand cmd = new SqlCommand(UpdateLog, con))
{
cmd.Parameters.AddWithValue("@dateandtime", DateTime.Now);
cmd.Parameters.AddWithValue("@IsActive", "1");
cmd.Parameters.AddWithValue("@Uid", Session["user"]);
cmd.ExecuteNonQuery();
}
con.Close();
}
Response.Redirect("Page2.aspx");
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has not been activated";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Login Details";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}