Torna al Thread
using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data.Odbc;
using System.Web.Security;
public partial class login : System.Web.UI.Page
{
String connectionString = ConfigurationManager.ConnectionStrings["ConnStr"].ConnectionString;
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
}
}
public bool CheckEmail(string Email)
{
using (OdbcConnection conn = new OdbcConnection(connectionString))
{
conn.Open();
OdbcCommand checkEmail = new OdbcCommand("SELECT COUNT(*) FROM users WHERE Email=?", conn);
checkEmail.Parameters.AddWithValue("?", Email);
int rows = Convert.ToInt32(checkEmail.ExecuteScalar());
return (rows > 0);
}
}
public bool CheckPassword(string Password)
{
using (OdbcConnection conn = new OdbcConnection(connectionString))
{
conn.Open();
OdbcCommand checkPassword = new OdbcCommand("SELECT COUNT(*) FROM users WHERE _Password=?", conn);
checkPassword.Parameters.AddWithValue("?", Password);
int rows = Convert.ToInt32(checkPassword.ExecuteScalar());
return (rows > 0);
}
}
protected void BtnLogin_Click(object sender, EventArgs e)
{
using (OdbcConnection conn = new OdbcConnection(connectionString))
{
string Email = txtEmail.Text;
string Password = txtPass.Text;
if (CheckEmail(Email) == false)
{
error.Text = "Non esiste Email";
}
else if (CheckPassword(Password) == false)
{
error.Text = "Non Esiste Password";
}
else
{
conn.Open();
string SQL = "SELECT * FROM users WHERE Email=? and _Password=?";
OdbcCommand reader_command = new OdbcCommand(SQL, conn);
reader_command.Parameters.AddWithValue("?", txtEmail.Text);
reader_command.Parameters.AddWithValue("?", txtPass.Text);
OdbcDataReader reader_exec = reader_command.ExecuteReader();
if (reader_exec.Read())
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
txtEmail.Text, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie
reader_exec["Ruolo"].ToString(), // User-data, in this case the roles
FormsAuthentication.FormsCookiePath);// Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
Session["userlogin"] = true;
Session["ID"] = reader_exec["UserID"].ToString();
Session["UserName"] = reader_exec["Username"].ToString();
Session["Email"] = reader_exec["Email"].ToString();
Session["Livello"] = reader_exec["Livello"].ToString();
Session["Ruolo"] = reader_exec["Ruolo"].ToString();
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "/";
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
else
{
// Never tell the user if just the username is password is incorrect.
// That just gives them a place to start, once they've found one or
// the other is correct!
ErrorLabel.Text = "Username / password incorrect. Please try again.";
ErrorLabel.Visible = true;
}
reader_exec.Close();
}
}
}
}