I have a login code that redirects users upon login - admin is redirected to admin pages inside Admin folder after login, while other users are redirected to pages in the root directory. This has been working well for quite some time; today it gave me an error when I tried to login as an Admin. Login as user is okay, it redirects me to user pages in the root directory, except when I try to login as Admin then I get this error as shown below
I have cleared my cache and browsing data, and still, it is doing the same thing. I also reset my CDN but no improvement. Here is my Login code.
protected void ValidateUser(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text))
{
string connectionString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand("SELECT Uid, RoleId FROM Users WHERE email = @email AND pass = @pass", con))
{
con.Open();
cmd.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
cmd.Parameters.AddWithValue("@pass", Encrypt(txtPassword.Text.Trim()));
//string Id = Convert.ToString(cmd.ExecuteScalar());
SqlDataReader sdr = cmd.ExecuteReader();
string Id = string.Empty, RoleId = string.Empty;
if (sdr.Read())
{
Id = Convert.ToString(sdr["Uid"]);
RoleId = Convert.ToString(sdr["RoleId"]);
}
con.Close();
if (!string.IsNullOrEmpty(Id))
{
string users = "";
using (SqlCommand cmd1 = new SqlCommand("SELECT Uid FROM UserActivation WHERE Uid = @Uid"))
{
cmd1.CommandType = CommandType.Text;
cmd1.Parameters.AddWithValue("@Uid", Id);
cmd1.Connection = con;
con.Open();
users = Convert.ToString(cmd1.ExecuteScalar());
con.Close();
}
if (string.IsNullOrEmpty(users))
{
int user = 0;
using (SqlCommand cmd2 = new SqlCommand("SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass"))
{
cmd2.CommandType = CommandType.Text;
cmd2.Parameters.AddWithValue("@email", txtUsername.Text.Trim());
cmd2.Parameters.AddWithValue("@pass", Encrypt(txtPassword.Text.Trim()));
cmd2.Connection = con;
con.Open();
user = Convert.ToInt32(cmd2.ExecuteScalar());
con.Close();
}
if (user > 0)
{
Session["user"] = Id;
con.Open();
string query = "SELECT Suspend from Users WHERE Uid = @Uid";
using (SqlCommand cmd3 = new SqlCommand(query, con))
{
cmd3.Parameters.AddWithValue("@Uid", Session["user"]);
DataTable dtb = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd3);
da.Fill(dtb);
string suspend = dtb.Rows[0]["Suspend"].ToString().Trim().ToLower();
if (suspend == "0")
{
string UpdateLog = @"UPDATE Users SET LastLogin=@dateandtime, IsActive=@IsActive WHERE Uid = @Uid";
using (SqlCommand cmd4 = new SqlCommand(UpdateLog, con))
{
cmd4.Parameters.AddWithValue("@dateandtime", DateTime.UtcNow);
cmd4.Parameters.AddWithValue("@IsActive", "1");
cmd4.Parameters.AddWithValue("@Uid", Session["user"]);
cmd4.ExecuteNonQuery();
con.Close();
}
SqlCommand cmd5 = new SqlCommand("SELECT RoleName From [RoleTable] WHERE RoleId = @RoleId", con);
con.Open();
cmd5.Parameters.AddWithValue("@RoleId", RoleId);
DataTable dt = new DataTable();
SqlDataAdapter sda = new SqlDataAdapter(cmd5);
sda.Fill(dt);
if (dt.Rows.Count > 0)
{
string roles = dt.Rows[0]["RoleName"].ToString().Trim().ToLower();
if (roles == "superadmin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/Admin/admindashboard.aspx");
}
else if (roles == "admin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/Admin/admindashboard.aspx");
}
else if (roles == "superuser")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("Overview.aspx");
}
else if (roles == "user")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("Overview.aspx");
}
else
{
Response.Redirect("Login.aspx");
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has been Temporary Suspended";
}
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has not been activated";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Login Details";
txtPassword.Text = "";
txtPassword.Focus();
}
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}
