anyone can help me? my login doesnt work smoothly.

i want to login based on Username, Password & Category. So that, if the user is Admin all data can be access, while if user is Staff, only few data can be access.

Public Sub DoLogin()
        Dim strsql As String
        Dim con As New OleDbConnection(My.Settings.KK3DB)

        strsql = "SELECT * FROM Staff WHERE [Staff_Id] = '" & txtUser.Text & "' AND [Staff_Username] = '" & _
                            txtPass.Text & "' AND [Staff_Position] = '" & cmbCat.Text & "'"
        Dim cmd As OleDbCommand = New OleDbCommand(strsql, con)

        con.Open()
        Dim sdr As OleDbDataReader = cmd.ExecuteReader()
        ' If the record can be queried, it means passing verification, then open another form.   
        If (sdr.Read() = True) Then
            MessageBox.Show("The user is valid! Welcome to KK3 Students Mailing System.", "Valid User", MessageBoxButtons.OK, MessageBoxIcon.Asterisk)

            Form1.Label6.Text = txtUser.Text
            Form1.Label15.Text = txtPass.Text
            Form1.Show()
            Me.Hide()

        ElseIf (sdr.Read() = True) And cmbCat.Text = "STAFF" Then
            Form1.Show()
            Me.Hide()
            Form1.Label6.Text = txtUser.Text
            Form1.linkView.Visible = False

        Else
            MessageBox.Show("Invalid Username or Password.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error)
            text_field()
        End If
    End Sub

You should consider a bit differently. 1st check only the login data (if username exists in database, and if password matched to this users).
Next comes to check the status of the users.

Login check:

Dim category As String          
'class variable so you can then set things based on it

    Private Sub buttonLogin_Click(ByVal sender As Object, ByVal e As EventArgs)
        category = Nothing
        Dim login As String = Me.textBoxUsername.Text
        Dim password As String = Me.textBoxPswd.Text
        Dim u As String = ("SELECT UserName,Password, Category FROM Students WHERE UserName ='"  _
                    + (login + "'"))
        Dim sql_conn As SqlConnection = New SqlConnection("connString")
        Dim cmd As SqlCommand = New SqlCommand(u, sql_conn)
        Dim rd As SqlDataReader
        Dim valid As Boolean = false
        Try 
            Sql_conn.Open
            rd = cmd.ExecuteReader

            While rd.Read
                If (password = rd("Password").ToString) Then
                    valid = true
                    category = rd("Category")
                    Exit While
                End If

            End While
            Exception
            ex
            'show an error if needed
            rd.Close
            Sql_conn.Close
        End Try
        Dim SettingStuff As System.Void
        If (caregory Is Nothing) Then
            MessageBox.Show("Please login before using form.")
        ElseIf (category = "Admin") Then
            'set for admin
        ElseIf (category = "Stuff") Then
            'set for stuff
        End If
    End Sub

i have an error in this code

 Dim SettingStuff As System.Void

it shows that : System.void can only be used in GetType expression

This article has been dead for over six months. Start a new discussion instead.