Server Error in '/' Application
System.IndexOutOfRangeException: RoleId
protected void ValidateUser(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textUser.Text) & !string.IsNullOrEmpty(txtPassword.Text))
{
string connectionString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
using (SqlConnection con = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand("SELECT Id FROM Users WHERE email = @email AND pass = @pass", con))
{
con.Open();
cmd.Parameters.AddWithValue("@email", textUser.Text.Trim());
cmd.Parameters.AddWithValue("@pass", txtPassword.Text.Trim());
string Id = Convert.ToString(cmd.ExecuteScalar());
con.Close();
if (!string.IsNullOrEmpty(Id))
{
string users = "";
using (SqlCommand cmd1 = new SqlCommand("SELECT Id FROM UserActivation WHERE Id = @Id"))
{
cmd1.CommandType = CommandType.Text;
cmd1.Parameters.AddWithValue("@Id", Id);
cmd1.Connection = con;
con.Open();
users = Convert.ToString(cmd1.ExecuteScalar());
con.Close();
}
if (string.IsNullOrEmpty(users))
{
int user = 0;
string roles = string.Empty;
using (SqlCommand cmd2 = new SqlCommand("SELECT Id, RoleId FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass"))
{
cmd2.CommandType = CommandType.Text;
cmd2.Parameters.AddWithValue("@email", textUser.Text.Trim());
cmd2.Parameters.AddWithValue("@pass", Encrypt(txtPassword.Text.Trim()));
cmd2.Connection = con;
con.Open();
// user = Convert.ToInt32(cmd2.ExecuteScalar());
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.Read())
{
user = Convert.ToInt32(sdr["Id"]);
roles = Convert.ToString(sdr["RoleId"]);
}
con.Close();
}
if (user > 0)
{
Session["user"] = Id;
con.Open();
string query = "SELECT LastLogin, IsActive from Users WHERE Id = @Id";
using (SqlCommand cmd3 = new SqlCommand(query, con))
{
cmd3.Parameters.AddWithValue("@Id", Session["user"]);
Session["LastLogin"] = Convert.ToDateTime(cmd3.ExecuteScalar());
}
string UpdateLog = @"UPDATE Users SET LastLogin=@dateandtime, IsActive=@IsActive WHERE Id = @Id";
using (SqlCommand cmd4 = new SqlCommand(UpdateLog, con))
{
cmd4.Parameters.AddWithValue("@dateandtime", DateTime.UtcNow);
cmd4.Parameters.AddWithValue("@IsActive", "1");
cmd4.Parameters.AddWithValue("@Id", Session["user"]);
cmd4.ExecuteNonQuery();
}
con.Close();
}
SqlCommand cmd5 = new SqlCommand("SELECT RoleName From [RoleTable] WHERE RoleId = @RoleId", con);
cmd5.Parameters.AddWithValue("@RoleId", roles);
DataTable dt = new DataTable();
SqlDataAdapter sda = new SqlDataAdapter(cmd5);
sda.Fill(dt);
if (dt.Rows.Count > 0)
{
// string roles = dt.Rows[0]["RoleName"].ToString().Trim().ToLower();
if (roles == "SuperAdmin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/AdminFolder/AdminPage.aspx");
}
else if (roles == "Admin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/AdminFolder/AdminPage.aspx");
}
else if (roles == "SuperUser")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/UserPage.aspx");
}
else if (roles == "user")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/UserPage.aspx");
}
else
{
Response.Redirect("~/Login.aspx");
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has not been activated";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Login Details";
txtPassword.Text = "";
txtPassword.Focus();
}
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}
in below line
roles = Convert.ToString(sdr["RoleId"]);
