TechEthical CEHP

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Xml.Linq;
using System.Data.SqlClient;
using System.Web.UI.WebControls.WebParts;
using System.Web.Security;
using System.Data;
using System.Configuration;

namespace Bathuasoft.admin
{
    public partial class changepassword : System.Web.UI.Page
	{
        string strConnString = ConfigurationManager.ConnectionStrings["conn_ConnectionString"].ConnectionString;
        string str = null;
        SqlCommand com;
        byte up;  

		protected void Page_Load(object sender, EventArgs e)
		{

		}

        protected void btSubmit_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(strConnString);
            con.Open();
            str = "select * from login ";
            com = new SqlCommand(str, con);
            SqlDataReader reader = com.ExecuteReader();
            while (reader.Read())
            {
                if (txt_cpassword.Text == reader["Password"].ToString())
                {
                    up = 1;
                }
            }
            reader.Close();
            con.Close();
            if (up == 1)
            {
                con.Open();
                str = "update Login set Password=@Password where NAME='" + Session["UserID"].ToString() + "'";
                com = new SqlCommand(str, con);
                com.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
                com.Parameters["@Password"].Value = txt_npassword.Text;
                com.ExecuteNonQuery();
                con.Close();
                lbl_msg.Text = "Password changed Successfully";
            }
            else
            {
                lbl_msg.Text = "Please enter correct Current password";
            }  
        }
	}
}