Beispiel #1
0
 protected void btnReg_Click(object sender, EventArgs e)
 {
     if (checkInputs())
     {
         string         strInsert   = "INSERT INTO Assets (TenantID, AssetType, ModelName, BrandName,SerialNo, Amount) VALUES (@tid, @type, @model, @brand, @serial, @amount)";
         SqlParameter[] insertParam =
         {
             new SqlParameter("@tid",    AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
             new SqlParameter("@type",   AntiXSSMethods.CleanString(ddlType.SelectedValue)),
             new SqlParameter("@model",  AntiXSSMethods.CleanString(txtModel.Text)),
             new SqlParameter("@brand",  AntiXSSMethods.CleanString(txtBrand.Text)),
             new SqlParameter("@serial", AntiXSSMethods.CleanString(txtSerial.Text)),
             new SqlParameter("@amount", StringCustomizers.CheckMoney(Convert.ToDouble(AntiXSSMethods.CleanString(txtAmount.Text))))
         };
         DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
         AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Asset", EmployeeID);
         Response.Redirect("~/Admin/ManageAssets.aspx");
     }
     else
     {
         lblAlert.Text = "Please check your input fields for invalid entries";
     }
 }
Beispiel #2
0
    protected void btnResetPass_Click(object sender, EventArgs e)
    {
        string TableName = "";


        string Username = AntiXSSMethods.CleanString(txtUsername.Text);

        if (Username != "")
        {
            bool IsExisting = General.CheckIfExisting(Username);
            if (IsExisting)
            {
                //role = 1 Employee, 2 Tenant, 3 Guardian, 4 - error that will most likely not happen! :)
                int role = General.CheckRole(Username);
                //Response.Write(role.ToString());

                string newpass          = StringCustomizers.RandomStr();
                string encryptednewpass = Encryption.GenerateBCryptHash(newpass);

                if (role == 1)
                {
                    TableName = "Employees";
                }
                else if (role == 2)
                {
                    TableName = "Tenants";
                }
                else if (role == 3)
                {
                    TableName = "Guardians";
                }

                string UpdatePWD = "UPDATE " + TableName + " SET Pwd=@pwd WHERE UN=@UN";

                SqlParameter[] Params =
                {
                    new SqlParameter("@UN",  Username),
                    new SqlParameter("@pwd", encryptednewpass)
                };
                DataAccess.DataProcessExecuteNonQuery(UpdatePWD, Params, ConnString);

                //sends email
                SqlParameter[] UN         = { new SqlParameter("@UN", Username) };
                string         email      = DataAccess.ReturnData("SELECT Email FROM " + TableName + " WHERE UN=@UN", UN, ConnString, "Email");
                bool           mailIsSent = sendmail(email, newpass);

                if (mailIsSent)
                {
                    lblAlert.Text = "Your password has been successfully reset. Please check your registered email's inbox for your new password. Don't forget to check your junk mailbox.";
                }
                else
                {
                    lblAlert.Text = "Email is not sent. You may ask an administrator to reset your password for you.";
                }
            }
            else
            {
                lblAlert.Text = "Username doesn't exist!";
            }
        }
        else
        {
            lblAlert.Text = "No username entered!";
        }
    }