I have different events that will occur on the click of login button.
- It will check whether the account exists
- It will check whether the password contains uppercase, lowercase, numbers and special characters
- It will check whether the account has been activated in the “Activation Table”
- It will select and update “LastLogin” (Date and Time) and “IsActive” columns
If everything is not according to the existing record, it will show different error messages. But when everything is good, it will login and navigate to dashboard
It works fine.
However, when I added additional statement to check if the account has been suspended, by checking the “suspend” column to see whether suspend == “suspend”, it doesn’t not work again.
When I try to login with an existing record, even if the account has not been suspended it will show an error that the account has been suspended.
I have tried everything and it seems not to works.
I just don’t know where to place the suspend statement to check the suspend column to see whether the account has been suspended and display the error message
CODE
protected void Button1_Click(object sender, EventArgs e)
{
dvMessage.Visible = false;
lblMessage.Visible = false;
SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Dataregister.mdf;Integrated Security=True");
string suspend = "";
using (SqlCommand cmd = new SqlCommand("SELECT suspend FROM Users WHERE Uid = @Uid", con))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@Uid", Uid);
cmd.Connection = con;
cmd.ExecuteReader();
con.Close();
}
if (suspend == "suspend")
{
if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text))
{
string check = "SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass";
SqlCommand com = new SqlCommand(check, con);
con.Open();
com.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
com.Parameters.AddWithValue("@pass", txtPassword.Text.Trim());
string Uid = Convert.ToString(com.ExecuteScalar());
con.Close();
if (!string.IsNullOrEmpty(Uid))
{
string users = "";
using (SqlCommand cmd = new SqlCommand("SELECT Uid FROM UserActivation WHERE Uid = @Uid"))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@Uid", Uid);
cmd.Connection = con;
con.Open();
users = Convert.ToString(cmd.ExecuteScalar());
con.Close();
}
if (string.IsNullOrEmpty(users))
{
int user = 0;
using (SqlCommand cmd = new SqlCommand("SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass"))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
cmd.Parameters.AddWithValue("@pass", txtPassword.Text.Trim());
cmd.Connection = con;
con.Open();
user = Convert.ToInt32(cmd.ExecuteScalar());
con.Close();
}
if (user > 0)
{
Session["user"] = user;
con.Open();
string query = "SELECT LastLogin, IsActive from Users WHERE Uid = @Uid";
using (SqlCommand cmd = new SqlCommand(query, con))
{
cmd.Parameters.AddWithValue("@Uid", Session["user"]);
Session["LastLogin"] = Convert.ToDateTime(cmd.ExecuteScalar());
}
string UpdateLog = @"UPDATE Users SET LastLogin=@dateandtime, IsActive=@IsActive WHERE Uid = @Uid";
using (SqlCommand cmd = new SqlCommand(UpdateLog, con))
{
cmd.Parameters.AddWithValue("@dateandtime", DateTime.Now);
cmd.Parameters.AddWithValue("@IsActive", "1");
cmd.Parameters.AddWithValue("@Uid", Session["user"]);
cmd.ExecuteNonQuery();
}
con.Close();
}
Response.Redirect("DashBoard.aspx");
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has not been activated";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Login Details";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has been Temporary Suspended";
}
}