Hi George616,
Using the table structure from below article i have created the example.
Check this example. Now please take its reference and correct your code.
HTML
<div>
User Name: <asp:TextBox runat="server" ID="txtUsername" /><br />
Password: <asp:TextBox runat="server" ID="txtPassword" /><br />
<asp:Button Text="Login" runat="server" OnClick="Button1_Click" /><br />
<div id="dvMessage" runat="server">
<asp:Label ID="lblMessage" runat="server" />
</div>
</div>
Namespaces
C#
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
VB.Net
Imports System.Configuration
Imports System.Data
Imports System.Data.SqlClient
Code
C#
protected void Button1_Click(object sender, EventArgs e)
{
dvMessage.Visible = false;
lblMessage.Visible = false;
if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text))
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["constr"].ConnectionString);
string check = "SELECT UserId FROM Users WHERE Username = @Username AND Password = @Password";
SqlCommand com = new SqlCommand(check, con);
con.Open();
com.Parameters.AddWithValue("@Username", txtUsername.Text.Trim());
com.Parameters.AddWithValue("@Password", txtPassword.Text.Trim());
string userId = Convert.ToString(com.ExecuteScalar());
con.Close();
if (!string.IsNullOrEmpty(userId))
{
string user = "";
using (SqlCommand cmd = new SqlCommand("SELECT UserId FROM UserActivation WHERE UserId = @UserId"))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@UserId", userId);
cmd.Connection = con;
con.Open();
user = Convert.ToString(cmd.ExecuteScalar());
con.Close();
}
if (string.IsNullOrEmpty(user))
{
Session["user"] = Convert.ToInt32(user);
Response.Redirect("Index.aspx");
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "User not activated";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Login Details";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}
VB.Net
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs)
dvMessage.Visible = False
lblMessage.Visible = False
If Not String.IsNullOrEmpty(txtUsername.Text) And Not String.IsNullOrEmpty(txtPassword.Text) Then
Dim con As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("constr").ConnectionString)
Dim check As String = "SELECT UserId FROM Users WHERE Username = @Username AND Password = @Password"
Dim com As SqlCommand = New SqlCommand(check, con)
con.Open()
com.Parameters.AddWithValue("@Username", txtUsername.Text.Trim())
com.Parameters.AddWithValue("@Password", txtPassword.Text.Trim())
Dim userId As String = Convert.ToString(com.ExecuteScalar())
con.Close()
If Not String.IsNullOrEmpty(userId) Then
Dim user As String = ""
Using cmd As SqlCommand = New SqlCommand("SELECT UserId FROM UserActivation WHERE UserId = @UserId")
cmd.CommandType = CommandType.Text
cmd.Parameters.AddWithValue("@UserId", userId)
cmd.Connection = con
con.Open()
user = Convert.ToString(cmd.ExecuteScalar())
con.Close()
End Using
If String.IsNullOrEmpty(user) Then
Session("user") = Convert.ToInt32(user)
Response.Redirect("Index.aspx")
Else
dvMessage.Visible = True
lblMessage.Visible = True
lblMessage.ForeColor = System.Drawing.Color.Red
lblMessage.Text = "User not activated"
txtPassword.Text = ""
txtPassword.Focus()
End If
Else
dvMessage.Visible = True
lblMessage.Visible = True
lblMessage.ForeColor = System.Drawing.Color.Red
lblMessage.Text = "Invalid Login Details"
txtPassword.Text = ""
txtPassword.Focus()
End If
Else
dvMessage.Visible = True
lblMessage.Visible = True
lblMessage.ForeColor = System.Drawing.Color.Red
lblMessage.Text = "All Fields are Required"
End If
End Sub