protected void btnLogin_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString);

            con.Open();

            //create new customer
            String     query = "Select CustomerID from customer where email = @email";
            SqlCommand cmd   = new SqlCommand(query, con);

            cmd.Parameters.AddWithValue("@email", HttpUtility.HtmlEncode(txtEmail.Text));;
            SqlDataReader myReader3 = cmd.ExecuteReader();

            if (myReader3.HasRows)
            {
                while (myReader3.Read())
                {
                    Session["ID"] = Convert.ToString(myReader3[0]);
                }
                myReader3.Close();
            }
            con.Close();


            Session["Email"] = HttpUtility.HtmlEncode(txtEmail.Text);

            try
            {
                System.Data.SqlClient.SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString());
                lblStatus.Text = "Database Connection Successful";

                sc.Open();
                System.Data.SqlClient.SqlCommand findPass = new System.Data.SqlClient.SqlCommand();
                findPass.Connection = sc;
                // SELECT PASSWORD STRING WHERE THE ENTERED USERNAME MATCHES
                findPass.CommandText = "SELECT PasswordHash FROM CustPass WHERE Username = @Username";
                findPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtEmail.Text)));

                SqlDataReader reader = findPass.ExecuteReader();                         // create a reader

                if (reader.HasRows)                                                      // if the username exists, it will continue
                {
                    while (reader.Read())                                                // this will read the single record that matches the entered username
                    {
                        string storedHash = reader["PasswordHash"].ToString();           // store the database password into this variable

                        if (PasswordHash.ValidatePassword(txtPassword.Text, storedHash)) // if the entered password matches what is stored, it will show success
                        {
                            lblStatus.Text = "Success!";
                            Response.Redirect("CustomerServInfo1.aspx");
                        }
                        else
                        {
                            lblStatus.Text = "Password is incorrect.";
                        }
                    }
                }
                else // if the username doesn't exist, it will show failure
                {
                    lblStatus.Text = "Login failed. User Does not Exist";
                }

                sc.Close();
            }
            catch
            {
                lblStatus.Text = "Database Error.";
            }
        }
        protected void loginBtn_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString);

            con.Open();

            String query2 = "Select * from CustomerCredentials where Username = @Username";

            SqlCommand cmd1 = new SqlCommand(query2, con);

            cmd1.Parameters.AddWithValue("@Username", usrnameTxtBox.Text);
            SqlDataReader reader = cmd1.ExecuteReader();


            // Logic to make sure duplicate customer names cannot be added
            if (reader.HasRows)
            {
                System.Windows.Forms.MessageBox.Show("This customer already exists.");
            }
            else
            {
                reader.Close();

                // Connection and Insertion statements
                String DBConn;

                DBConn = WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString;


                using (SqlConnection myConnection = new SqlConnection(DBConn))
                {
                    SqlCommand MyCommand = new SqlCommand("INSERT INTO CustomerCredentials (Username) Values (@Username)", myConnection);

                    MyCommand.Parameters.Add(new SqlParameter("@Username", usrnameTxtBox.Text));


                    myConnection.Open();
                    MyCommand.ExecuteNonQuery();

                    SqlCommand passCommand = new SqlCommand("INSERT INTO Pass VALUES((select max(CustomerCredentialsID) from CustomerCredentials), @Username, @Password)", myConnection);

                    passCommand.Parameters.Add(new SqlParameter("@Username", usrnameTxtBox.Text));
                    passCommand.Parameters.Add(new SqlParameter("@Password", PasswordHash.HashPassword(pswrdTxtBox.Text)));

                    passCommand.ExecuteNonQuery();



                    usrnameTxtBox.Text = HttpUtility.HtmlEncode(usrnameTxtBox.Text);
                    pswrdTxtBox.Text   = HttpUtility.HtmlEncode(pswrdTxtBox.Text);

                    //addCustomerTxtBox.Text = String.Empty;
                    usrnameTxtBox.Text = String.Empty;
                    pswrdTxtBox.Text   = String.Empty;



                    Response.Redirect("CustomerLogin.aspx");
                }
            }
        }
        // Logs the user into the system
        protected void btnLogin_Click(object sender, EventArgs e)
        {
            int count = 0;

            // Checks the simple credentials table for a username and password
            // This is used for so non-teachers can still login to the system
            if (count == 0)
            {
                SqlConnection sqlConnection = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString.ToString());

                SqlCommand sqlCommand = new SqlCommand();
                sqlCommand.Connection  = sqlConnection;
                sqlCommand.CommandType = CommandType.StoredProcedure;
                sqlCommand.CommandText = "JeremyEzellLab3";
                sqlCommand.Parameters.AddWithValue("@Username", txtUsername.Text.ToString());
                sqlCommand.Parameters.AddWithValue("@Password", txtPassword.Text.ToString());
                sqlConnection.Open();

                SqlDataReader loginResults = sqlCommand.ExecuteReader();
                if (loginResults.Read())
                {
                    count++;
                }
                sqlConnection.Close();
            }

            // If non non-teacher account is found checks the AUTH database for a teacher login
            if (count == 0)
            {
                // connect to database to retrieve stored password string
                try
                {
                    SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString());

                    sc.Open();
                    System.Data.SqlClient.SqlCommand findPass = new System.Data.SqlClient.SqlCommand();
                    findPass.Connection = sc;
                    // SELECT PASSWORD STRING WHERE THE ENTERED USERNAME MATCHES
                    findPass.CommandText = "select PasswordHash from Pass where Username = @Username";
                    findPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtUsername.Text)));

                    SqlDataReader reader = findPass.ExecuteReader();                         // create a reader

                    if (reader.HasRows)                                                      // if the username exists, it will continue
                    {
                        while (reader.Read())                                                // this will read the single record that matches the entered username
                        {
                            string storedHash = reader["PasswordHash"].ToString();           // store the database password into this variable

                            if (PasswordHash.ValidatePassword(txtPassword.Text, storedHash)) // if the entered password matches what is stored, it will show success
                            {
                                count               = 1;
                                btnLogin.Enabled    = false;
                                txtUsername.Enabled = false;
                                txtPassword.Enabled = false;
                            }
                        }
                    }

                    sc.Close();
                }
                catch
                {
                    lblLoginFeedback.Text = "Database Error.";
                }
            }

            // Checks to make sure the username and password are valid
            if (count == 1)
            {
                Session["Username"]  = txtUsername.Text;
                login.Visible        = false;
                logout.Visible       = true;
                lblLoggedInUser.Text = "Current User: "******"Username"].ToString();
            }
            else
            {
                lblLoginFeedback.Text = "Incorrect Username and/or Password! Please try again!";
            }
        }
Beispiel #4
0
        protected void btnCreateNewEmp_Click(object sender, EventArgs e)
        {
            String sqlquery = "Insert Into Employee (EmpID, EmpName, EmpPosition, EmpCellNumber,EmpEmail) Values (@ID, @Name, @Position, @Cell, @Email);";

            SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString);
            SqlCommand    cmd = new SqlCommand(sqlquery, con);

            string fullname = txtFirstName.Text + ' ' + txtLastName.Text;

            cmd.Parameters.AddWithValue("@ID", HttpUtility.HtmlEncode(txtUsername.Text));
            cmd.Parameters.AddWithValue("@name", fullname);
            cmd.Parameters.AddWithValue("@Position", HttpUtility.HtmlEncode(txtPosition.Text));
            cmd.Parameters.AddWithValue("@Cell", HttpUtility.HtmlEncode(txtCell.Text));
            cmd.Parameters.AddWithValue("@Email", HttpUtility.HtmlEncode(txtEmail.Text));


            con.Open();

            cmd.ExecuteNonQuery();

            con.Close();

            if (HttpUtility.HtmlEncode(txtFirstName.Text) != "" && HttpUtility.HtmlEncode(txtLastName.Text) != "" && HttpUtility.HtmlEncode(txtPassword.Text) != "" && HttpUtility.HtmlEncode(txtUsername.Text) != "") // all fields must be filled out
            {
                // COMMIT VALUES
                try
                {
                    System.Data.SqlClient.SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString());
                    lblStatus.Text = "Database Connection Successful";

                    sc.Open();

                    System.Data.SqlClient.SqlCommand createUser = new System.Data.SqlClient.SqlCommand();
                    createUser.Connection = sc;
                    // INSERT USER RECORD
                    createUser.CommandText = "INSERT INTO EmpPerson (FirstName, LastName, Username) VALUES (@FName, @LName, @Username)";
                    createUser.Parameters.Add(new SqlParameter("@FName", HttpUtility.HtmlEncode(txtFirstName.Text)));
                    createUser.Parameters.Add(new SqlParameter("@LName", HttpUtility.HtmlEncode(txtLastName.Text)));
                    createUser.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtUsername.Text)));
                    createUser.ExecuteNonQuery();

                    System.Data.SqlClient.SqlCommand setPass = new System.Data.SqlClient.SqlCommand();
                    setPass.Connection = sc;
                    // INSERT PASSWORD RECORD AND CONNECT TO USER
                    setPass.CommandText = "INSERT INTO EmpPass (Username, PasswordHash) VALUES (@Username, @Password)";
                    setPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtUsername.Text)));
                    setPass.Parameters.Add(new SqlParameter("@Password", HttpUtility.HtmlEncode(PasswordHash.HashPassword(txtPassword.Text)))); // hash entered password
                    setPass.ExecuteNonQuery();

                    sc.Close();

                    lblStatus.Text = "Employee Created!";
                }
                catch
                {
                    lblStatus.Text = "Database Error - User not committed.";
                }
            }
            else
            {
                lblStatus.Text = "Fill all fields.";
            }

            Session["Email"] = HttpUtility.HtmlEncode(txtUsername.Text);
            Response.Redirect("LoginPage.aspx");
        }