how to display the data of diferent user loged in

Urnow · February 26th, 2014, 02:52 PM

i am doing a project(website) in asp.net c#. I am using visual studio 2005 and SQL server 2005.What I need to know is when a student logs in using their username and password they should have their specific information displayed from the database (like name,dob,class,department, contactno from the SQL) on to a different web page. i am able to display the data for only one user.So how can i display different users data when different user logs in with his username and password.
I am using two pages one for login and other studentinf which displays the information of current user login.
[/I]
code for login page:

public partial class _Default : System.Web.UI.Page

{

SqlConnection con;

SqlCommand cmd;

SqlDataReader dr;

SqlDataAdapter da;

protected void Page_Load(object sender, EventArgs e)
{
con = new SqlConnection("Data Source=localhost;Initial Catalog=knm;Integrated Security=SSPI");
con.Open();
}
protected void Button1_Click(object sender, EventArgs e)
{
bool temp = false;
String qry=" Select * from user_login where username='" + TextBox1.Text+"' and password='" +TextBox2.Text+"'";
cmd=new SqlCommand(qry,con);
dr=cmd.ExecuteReader();
if(dr.Read())
{
Label3.Text="Logged in successfull";
Response.Redirect("studenthome.aspx");
}

else
Label3.Text="invalid user";
dr.Close();
}

}

code for studentinf page:

public partial class _Default:System .Web .UI. Page
{

SqlConnection con;

SqlCommand cmd;

SqlDataReader dr;

SqlDataAdapter da;

protected void Page_Load(object sender, EventArgs e)
{

bool temp = false;
con = new SqlConnection("Data Source=localhost;Initial Catalog=knm;Integrated Security=SSPI");
String std = "SELECT* FROM user_login";
con.Open();
cmd = new SqlCommand("select * from studentinf ", con);
da = new SqlDataAdapter("select * from studentinf ", con);
DataSet ds = new DataSet();
da.Fill(ds, "studentinf");
TextBox1.Text = ds.Tables["studentinf"].Rows[0]["name"].ToString();
TextBox2.Text = ds.Tables["studentinf"].Rows[0]["dob"].ToString();
TextBox3.Text = ds.Tables["studentinf"].Rows[0]["class"].ToString();
TextBox4.Text = ds.Tables["studentinf"].Rows[0]["department"].ToString();
TextBox5.Text = ds.Tables["studentinf"].Rows[0]["contact"].ToString();
}
}

mmorgan30 · March 13th, 2014, 08:42 PM

So if you trying to display information about a student on a page after login, your student info UI page is going to need to know who is logged in for the current asp.net session that is executing. The are few ways to do this such as forms authentication, and it depends on what mechanism you are using to track logged in sessions. Looking at your code it does not appear that you are using anything to track user and session logons, so I will focus on what you are asking and that is display the student info on a page after login.

below is pure example and should not be used in a production env

Code:

public partial class Login : System.Web.UI.Page
{
        private string m_ConnectionString = "some sql con string";
        private string m_AuthenticateCmd = "Select count(*) from user_login where username = :p_UserId and password = :p_Password";

        protected void Page_Load(object sender, EventArgs e)
        {

        }
        protected void Login_Click(object sender, EventArgs e)
        {
            if (IsValid)
            {
                if (Authenticated(TextBox1.Text, TextBox2.Text))
                {
                    // passing userid to student home via session variable
                    // could have dont any number of ways but i chose this for simplicty
                    Session["User"] = TextBox1.Text;
                    Response.Redirect("StudentHome.aspx");
                }

            }
        }

        /// <summary>
        /// Authenticates a user id and password combination
        /// </summary>
        /// <param name="userid"></param>
        /// <param name="pwd"></param>
        /// <returns></returns>
        private bool Authenticated(string userid, string pwd)
        {
            var rVal = false;

            using (var con = new SqlConnection(m_ConnectionString))
            {
                using (var cmd = new SqlCommand(m_AuthenticateCmd, con))
                {
                    // use commnad parameters to gaurd against sql injection
                    cmd.Parameters.Add("p_userId", System.Data.SqlDbType.VarChar).Value = userid;
                    cmd.Parameters.Add("p_Password", System.Data.SqlDbType.VarChar).Value = pwd;

                    rVal = ((int)cmd.ExecuteScalar()) == 1;

                }
            }

            return rVal;
        }
 }


 public partial class StudentHome : System.Web.UI.Page
 {

        private string m_ConnectionString = "some sql con string";
        private string m_SelectUserCmd = "Select * from user_login where username = :p_UserId";

        protected void Page_Load(object sender, EventArgs e)
        {
            var userId = Session["User"] as string;

            if (String.IsNullOrEmpty(userId))
            {
                if (!IsPostBack)
                {
                    using (var con = new SqlConnection(m_ConnectionString))
                    {
                        using (var cmd = new SqlCommand(m_SelectUserCmd, con))
                        {
                            // use commnad parameters to gaurd against sql injection
                            cmd.Parameters.Add("p_userId", System.Data.SqlDbType.VarChar).Value = userId;

                            using (var reader = cmd.ExecuteReader())
                            {
                                if (reader.Read())
                                {
                                    TextBox1.Text = reader["name"].ToString();
                                    TextBox2.Text = reader["dob"].ToString();
                                    TextBox3.Text = reader["class"].ToString();
                                    TextBox4.Text = reader["department"].ToString();
                                    TextBox5.Text = reader["contact"].ToString(); 
                                }
                            }
                        }
                    }
                }
            }
        }
 }

so from the above we can see that the StudentHome page now has access to who is logged in for the current asp.net session. Of course this purely example and some other mechanism should be used to tie a user to a session. Check out forms authentication.