asked on

How do I code an inline if statement with a response.redirect within a ASP VB.Net repeater?

Hey Guys,

I have a login sub that fills a repeater if the username and password match. If the repeater count is 0, the username and password did not match. If the count is > than 0, then redirect user.

Now, I have to check for user types. I have a field called user_types within the users table that contains either "1" for regular user or "2" for manager.

Basically, I want to do something like this within the repeater on databind:

<itemtemplate>
<%
If Eval("user_type") = 1 Then
Response.Redirect("page1.aspx")
Else
Response.Redirect("page2.aspx")
End If
%>
</itemtemplate>

I get an error when trying to use Eval. Is this code possible within the repeater or is there a way to retrieve the value of eval("user_types") wthin a sub? Maybe a way to pass the eval("user_types") value to a sub on databind, then do the redirect?

-Thanks in advance.

guru_sami

Why are you using repeater ? I don't understand the logic of doing that...
Can't you simply do that in code-behind where you login?
Can you share you login code

Todd Gerbert

I think that I would probably handle that in the code-behind, using a SqlConnection and SqlDataReader for example.
Have you considered using the built-in .Net Authentication/Role manager?

rmartes

ASKER

I'm not sure how to do it within code-behind. Here is the login sub:

Sub Login(sender As Object, e As System.EventArgs)

Dim dbConnection As MySqlConnection
Dim dbCommand As MySqlCommand
Dim dbDataAdapter as MySqlDataAdapter
Dim dbDataSet as New Dataset()

dbConnection = New MySqlConnection("server=localhost; user id=root; password=Just4MySQL; database=intake_db; pooling=false; Allow User Variables=True;")

Dim strSQL As String = "SELECT * FROM tbl_USERS WHERE tbl_USERS.USERNAME = ?USERNAME AND tbl_USERS.PASSWORD = ?PASSWORD;"

dbConnection.Open()
dbCommand = New MySqlCommand(strSQL, dbConnection)

'username and password
dbCommand.Parameters.Add("?USERNAME", Trim(txtUserName.Text).toString())
dbCommand.Parameters.Add("?PASSWORD", Trim(txtPassword.Text).toString())

dbDataAdapter = New MySQLDataAdapter(dbCommand)
dbDataAdapter.Fill(dbDataSet, "tbl_USERS")
rptUser.DataSource = dbCommand.executeReader(System.Data.CommandBehavior.CloseConnection)
rptUser.DataBind()

'user found
If rptUser.items.Count <> 0 Then
Session("User") = UCase(txtuserName.text)
Session("LoggedIn") = true
      Insert_User_TimeIn() 'insert time in into tbl_login_tracking
Else
      lblNoLogin.visible = true
      lblNoLogin.text = "<img src='../../images/icons/error.png' /> Login failed. Invalid Username and Password."
End If

End Sub

Todd Gerbert

Here's a rough idea of how it might work...I don't have MySql so this example uses MS SQL objects, but I'm assuming the methods & syntax are similar enough for you to make sense of it.

Imports System.Data.SqlClient
Partial Class _Default
    Inherits System.Web.UI.Page
	Sub Login(ByVal sender As Object, ByVal e As System.EventArgs)
		Using dbConnection As New SqlConnection("server=localhost; user id=root; password=Just4MySQL; database=intake_db; pooling=false; Allow User Variables=True;")
			dbConnection.Open()
			Using dbCommand As SqlCommand = dbConnection.CreateCommand()
				dbCommand.Parameters.Add("@USERNAME", Trim(txtUserName.Text).toString())
				dbCommand.CommandText = "SELECT * FROM tbl_USERS WHERE Username=@USERNAME"

				Using dbReader As SqlDataReader = dbCommand.ExecuteReader()
					If (Not dbReader.HasRows) Or (dbReader("Password") <> txtPassword.Text.Trim()) Then
						lblNoLogin.visible = True
						lblNoLogin.text = "<img src='../../images/icons/error.png' /> Login failed. Invalid Username and Password."
					Else
						Session("User") = UCase(txtuserName.text)
						Session("LoggedIn") = True
						Insert_User_TimeIn() 'insert time in into tbl_login_tracking

						If dbReader.GetInt32(dbReader.GetOrdinal("user_type")) = 1 Then
							Response.Redirect("~/UserType1.aspx")
						ElseIf dbReader.GetInt32(dbReader.GetOrdinal("user_type")) = 2 Then
							Response.Redirect("~/UserType2.aspx")
						Else
							Response.Redirect("~/UserTypeUnknown.aspx")
						End If
					End If
				End Using
			End Using
			dbConnection.Close()
		End Using
	End Sub
End Class

Open in new window

rmartes

ASKER

Is there a way to check for a username and password match directly from the sql command or data adaptor and retrieve the value from the user_type field without declaring a repeater?

rmartes

ASKER

tgerbert, I'll give that a try....thanks

rmartes

ASKER

tgerbert, I converted your example to use MySQL, but I keep getting an "Invalid attempt to access a field before calling Read()" error on the "If (Not dbReader.HasRows) Or (dbReader("username") <> txtUsername.Text.Trim()) Then" line. Isn't the command being executed (dbCommand.ExecuteReader()) before I call the username field?

ASKER CERTIFIED SOLUTION

Todd Gerbert

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

rmartes

ASKER

Right on the button...

rmartes

ASKER

tgerbert, thank you so much. You hooked me up dude. I've been using repeaters and other client-side objects to retrieve fields values for a while now. I knew there was a way to retrieve code-behind, but never learned how to. Thanks