protected void butLogin_Click(object sender, EventArgs e)
    {
        string connectionString = ConfigurationManager.AppSettings.Get("connString");
        //Response.Redirect("Links.aspx");
        AuthTable user = new AuthTable();
        user.Username = txtUsername.Text;
        if (txtUsername.Text!="Admin")
        {
            user.Password = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1");
        }
        else
        {
            user.Password = txtPassword.Text;
        }
        BusinessLayer businessLayerObj = new BusinessLayer();
        bool isRegistered = businessLayerObj.IsRegisteredUser(user, connectionString);

        if (isRegistered)
        {
            Session["Username"] = user.Username;
            Session["SignedIn"] = true;
            user.Role = businessLayerObj.GetUser(user, connectionString).Role;
            Session["Role"] = user.Role;
            FormsAuthentication.RedirectFromLoginPage(user.Username, false);
            //Response.Redirect("index.aspx");
            //if (Session["Role"].ToString() == "0")
            //{
            //    Response.Redirect("UserHome.aspx");
            //}
            //else if (Session["Role"].ToString() == "1")
            //{
            //    Response.Redirect("DoctorHome.aspx");
            //}
            //else if (Session["Role"].ToString() == "2")
            //{
            //    Response.Redirect("AdminHome.aspx");
            //}
        }
    }
Beispiel #2
0
        private bool IsUsernamePresent(AuthTable authUser, string connString)
        {
            SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
            SqlParameter pResult = new SqlParameter("@Result", SqlDbType.Bit);

            pResult.Direction = ParameterDirection.Output;
            pUsername.Value = authUser.Username;

            SqlCommand cmdSQL = new SqlCommand();
            cmdSQL.CommandType = CommandType.StoredProcedure;
            cmdSQL.CommandText = "usp_IsUsernamePresent";

            cmdSQL.Parameters.Add(pUsername);
            cmdSQL.Parameters.Add(pResult);

            DataLayer dataLayerObj = new DataLayer();
            cmdSQL = dataLayerObj.Select(cmdSQL, connString);

            bool numUser = bool.Parse(pResult.Value.ToString());
            return numUser;
        }
Beispiel #3
0
 private bool IsValidUserData(Users user, AuthTable authUser, out string message)
 {
     bool isValidUser = true;
     string errorMessage = string.Empty;
     if (string.IsNullOrEmpty(user.Username.Trim()))
     {
         isValidUser = false;
         errorMessage += "Please enter Username." + "<br />";
     }
     else if (user.Username.Length > 50)
     {
         isValidUser = false;
         errorMessage += "Username can be upto 50 characters." + "<br />";
     }
     if (string.IsNullOrEmpty(user.UserFullName.Trim()))
     {
         isValidUser = false;
         errorMessage += "Please enter valid Full Name." + "<br />";
     }
     else if (user.UserFullName.Length > 100)
     {
         isValidUser = false;
         errorMessage += "Full name can be upto 100 characters." + "<br />";
     }
     DateTime date;
     bool isValidDate = DateTime.TryParse(user.UserDOB.ToString(), out date);
     if (!isValidDate)
     {
         isValidUser = false;
         errorMessage += "Please enter valid Date of Birth." + "<br />";
     }
     else if (date.CompareTo(DateTime.Now) >= 0)
     {
         isValidUser = false;
         errorMessage += "Please enter valid Date of Birth." + "<br />";
     }
     string emailRegex = @"^(?("")("".+?""@)|(([0-9a-zA-Z]((\.(?!\.))|[-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*)(?<=[0-9a-zA-Z])@))(?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])|(([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,6}))$";
     if(!Regex.IsMatch(user.UserEmailId,emailRegex))
     {
         isValidUser = false;
         errorMessage += "Please enter valid email-id ([email protected])" + "<br />";
     }
     if (string.IsNullOrEmpty(authUser.Password))
     {
         isValidUser = false;
         errorMessage += "Please enter valid Password." + "<br />";
     }
     message = errorMessage;
     return isValidUser;
 }
Beispiel #4
0
        private DataSet GetUserData(AuthTable user, string connString)
        {
            SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
            pUsername.Value = user.Username;

            SqlCommand cmdSQL = new SqlCommand();
            cmdSQL.CommandType = CommandType.StoredProcedure;
            cmdSQL.CommandText = "usp_SelectUserByUsername";
            cmdSQL.Parameters.Add(pUsername);

            DataLayer dataLayerObj = new DataLayer();
            DataSet ds = dataLayerObj.GetQuery(cmdSQL, connString);
            return ds;
        }
Beispiel #5
0
        public bool IsRegisteredUser(AuthTable user, string connString)
        {
            SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
            SqlParameter pPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
            SqlParameter pResult = new SqlParameter("@Result", SqlDbType.Bit);

            pUsername.Value = user.Username;
            pPassword.Value = user.Password;
            pResult.Direction = ParameterDirection.Output;

            SqlCommand cmdSQL = new SqlCommand();
            cmdSQL.CommandType = CommandType.StoredProcedure;
            cmdSQL.CommandText = "usp_ValidateUserPassword";
            cmdSQL.Parameters.Add(pUsername);
            cmdSQL.Parameters.Add(pPassword);
            cmdSQL.Parameters.Add(pResult);

            DataLayer dataLayerObj = new DataLayer();
            cmdSQL = dataLayerObj.Select(cmdSQL, connString);
            return bool.Parse(pResult.Value.ToString());
        }
Beispiel #6
0
        public Users InsertUsers(Users user, AuthTable authUser, string connString)
        {
            string errorMessage = string.Empty;
            if (IsValidUserData(user, authUser, out errorMessage))
            {

                SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
                SqlParameter pUserFullName = new SqlParameter("@UserFullName", SqlDbType.NVarChar, 100);
                SqlParameter pUserEmailId = new SqlParameter("@UserEmailId", SqlDbType.NVarChar, 100);
                SqlParameter pUserGender = new SqlParameter("@UserGender", SqlDbType.Bit);
                SqlParameter pUserDOB = new SqlParameter("@UserDOB", SqlDbType.SmallDateTime);
                SqlParameter pUserAreaOfInterest = new SqlParameter("@UserAreaOfInterest", SqlDbType.NVarChar, 100);

                SqlParameter pUsernameAuth = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
                SqlParameter pPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
                SqlParameter pRole = new SqlParameter("@Role", SqlDbType.Int);

                pUsername.Value = user.Username;
                pUserFullName.Value = user.UserFullName;
                pUserEmailId.Value = user.UserEmailId;
                pUserGender.Value = user.UserGender;
                pUserDOB.Value = user.UserDOB;
                pUserAreaOfInterest.Value = user.UserAreaOfInterest;

                pUsernameAuth.Value = user.Username;
                pPassword.Value = authUser.Password;
                pRole.Value = authUser.Role;

                SqlCommand cmdSQL = new SqlCommand();
                cmdSQL.CommandType = CommandType.StoredProcedure;
                cmdSQL.CommandText = "usp_InsertAuthTable";
                cmdSQL.Parameters.Add(pUsernameAuth);
                cmdSQL.Parameters.Add(pPassword);
                cmdSQL.Parameters.Add(pRole);

                bool isUsernamePresent = IsUsernamePresent(authUser, connString);
                DataLayer dataLayerObj = new DataLayer();
                if (!isUsernamePresent)
                {
                    cmdSQL = dataLayerObj.Insert(cmdSQL, connString);
                }
                else
                {
                    errorMessage = "Username already Present." + "<br/>" + errorMessage;
                }

                cmdSQL = new SqlCommand();
                cmdSQL.CommandType = CommandType.StoredProcedure;
                cmdSQL.CommandText = "usp_InsertUser";
                cmdSQL.Parameters.Add(pUsername);
                cmdSQL.Parameters.Add(pUserFullName);
                cmdSQL.Parameters.Add(pUserEmailId);
                cmdSQL.Parameters.Add(pUserGender);
                cmdSQL.Parameters.Add(pUserDOB);
                cmdSQL.Parameters.Add(pUserAreaOfInterest);

                if (!isUsernamePresent)
                {
                    cmdSQL = dataLayerObj.Insert(cmdSQL, connString);
                }
                else
                {
                    throw new Exception(errorMessage); ;

                }
            }
            else
            {
                throw new Exception(errorMessage);
            }
            return user;
        }
Beispiel #7
0
 public AuthTable GetUser(AuthTable user, string connString)
 {
     DataSet dsUser = GetUserData(user, connString);
     user.Role = int.Parse(dsUser.Tables[0].Rows[0][0].ToString());
     user.UserId = int.Parse(dsUser.Tables[0].Rows[0][1].ToString());
     return user;
 }
    protected void butSubmit_Click(object sender, EventArgs e)
    {
        string connString = ConfigurationManager.AppSettings.Get("connString");
        BusinessLayer bussinessLayerObj = new BusinessLayer();
        AuthTable authUser = new AuthTable();

        if (txtPassword.Text.Trim() != string.Empty)
        {
            authUser.Password = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1");
        }
        else
        {
            authUser.Password = txtPassword.Text.Trim();
        }

        if (cblIsDoctor.SelectedValue!="true")
        {
            authUser.Role = (int)Role.User;
            Users user = new Users();
            user.Username = txtUsername.Text.Trim();
            authUser.Username = txtUsername.Text.Trim();
            user.UserFullName = txtUserFullName.Text.Trim();
            DateTime dob;
            user.UserDOB = !DateTime.TryParse(txtDoB.Value, out dob) ? null : (DateTime?)DateTime.Parse(txtDoB.Value);
            user.UserGender = bool.Parse(rblGender.SelectedValue);
            user.UserEmailId = txtEmailId.Text.Trim();
            user.UserAreaOfInterest = ddlInterestList.SelectedValue;
            try
            {
                bussinessLayerObj.InsertUsers(user, authUser, connString);
                Response.Redirect("Login.aspx");
            }
            catch (Exception ex)
            {
                lblErrors.Text = ex.Message;
            }
        }
        else
        {
            authUser.Role = (int)Role.Doctor;
            Doctor doctor = new Doctor();
            doctor.DocName = txtUserFullName.Text.Trim();
            doctor.Username = txtUsername.Text.Trim();
            authUser.Username = txtUsername.Text.Trim();
            DateTime dob;
            doctor.DocDateOfBirth = !DateTime.TryParse(txtDoB.Value, out dob) ? null : (DateTime?)DateTime.Parse(txtDoB.Value);
            doctor.DocGender = bool.Parse(rblGender.SelectedValue);
            doctor.DocEmailId = txtEmailId.Text.Trim();
            doctor.DocAreaOfInterest = ddlInterestList.SelectedValue;
            doctor.DocIsApproved = false;
            doctor.DocLicenseNo = int.Parse(txtLicNo.Text.Trim());
            try
            {
                bussinessLayerObj.InsertDoctor(doctor, authUser, connString);
                Response.Redirect("Login.aspx");
            }
            catch (Exception ex)
            {
                lblErrors.Text = ex.Message;
            }
        }
    }