protected bool checkDetails(string email, string password)
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
//SqlConnection connection = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\werl\Documents\Visual Studio 2013\Projects\WebApplication2\WebApplication2\App_Data\Database.mdf;Integrated Security=True");
SqlDataReader reader;
bool valid = false;
String[] parseID = email.Split('@');
String sql = "SELECT * FROM Customer WHERE EmailAddress = @email AND Password = @password";
connection.Open();
SqlCommand cmd = new SqlCommand(sql, connection);
cmd.Parameters.Add("@email", SqlDbType.VarChar);
cmd.Parameters["@email"].Value = email;
cmd.Parameters.Add("@password", SqlDbType.VarChar);
cmd.Parameters["@password"].Value = password;
reader = cmd.ExecuteReader();
if (reader.HasRows)
{
valid = true;
while (reader.Read())
{
newCust = Customer.getInstance(Convert.ToInt32(reader["CustomerID"]), reader["Name"].ToString(), reader["Address"].ToString(),
Convert.ToInt32(reader["PhoneNumber"]),reader["Notes"].ToString(),reader["EmailAddress"].ToString(),reader["Password"].ToString());
}
}
connection.Close();
return valid;
}
public static string DeleteCustomer(Customer cust)
{
string connectionString = ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
SqlConnection connection = new SqlConnection(connectionString);
String sql = "DELETE FROM [Customer] WHERE [CustomerID] = @CustomerID";
try
{
connection.Open();
SqlCommand command = new SqlCommand(sql, connection);
command.Parameters.Add("@OrderID", SqlDbType.Int);
command.Parameters["@OrderID"].Value = cust.CustomerID;
command.ExecuteNonQuery();
connection.Close();
return "Complete";
}
catch (SqlException sqlEx)
{
return (sqlEx.Message);
}
finally
{
connection.Close();
}
}
public static string AddCustomer(Customer cust)
{
string connectionString = ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
SqlConnection connection = new SqlConnection(connectionString);
String sql = "INSERT INTO [Customer] VALUES(@CustomerID, @Name, @Address, @PhoneNumber, @Notes, @Username, @Password)";
try
{
connection.Open();
SqlCommand command = new SqlCommand(sql, connection);
command.Parameters.Add("@CustomerID", SqlDbType.Int).Value = cust.CustomerID;
command.Parameters.Add("@Name", SqlDbType.NVarChar).Value = cust.Name;
command.Parameters.Add("@Address", SqlDbType.NVarChar).Value = cust.Address;
command.Parameters.Add("@PhoneNumber", SqlDbType.NVarChar).Value = cust.PhoneNum;
command.Parameters.Add("@Notes", SqlDbType.NVarChar).Value = cust.Notes;
command.Parameters.Add("@Username", SqlDbType.NVarChar).Value = cust.Username;
command.Parameters.Add("@Password", SqlDbType.NVarChar).Value = cust.Password;
command.ExecuteNonQuery();
connection.Close();
return "Complete";
}
catch (SqlException sqlEx)
{
return(sqlEx.Message);
}
finally
{
connection.Close();
}
}
public static Customer getInstance(int customerID, String name, String address, int phoneNum,
String notes, String username,String password)
{
if (instance == null)
{
instance = new Customer(customerID, name, address, phoneNum, notes, username, password);
}
return instance;
}
protected void btnOrder_Click(object sender, EventArgs e)
{
if (IsValid)
{//Convert.ToInt32(lstProducts.SelectedValue), Convert.ToInt32(txtPrice.Text), 1)
sessionCust = (Customer)Session["CustObj"];
newProduct = new StandardProduct(Convert.ToInt32(lstProducts.SelectedValue), Convert.ToDouble(txtPrice.Text), lstProducts.SelectedItem.Text, 1);
ProductDiscount pd = new ProductDiscount(newProduct);
if (sessionCust != null)
{
Response.Write("Calculating Individual Product DIscount - " + pd.applyDiscount() + "/" + newProduct.Price + " Pid = " + newProduct.ProductID + "\n");
newOrder = new Order(
sessionCust.CustomerID,
newProduct,
1,
txtAddress.Text,
pd.applyDiscount() * Convert.ToInt32(txtQuantity.Text),
DateTime.Now);
newOrder.CreateOrder();
Response.Write("Order processed!!\n\n\n\n");
btnOrder.Enabled = false;
btnAddOrder.Enabled = true;
btnViewOrder.Enabled = true;
Response.Write("Calculating Customer Discount - " + newOrder.Amount +
"/" + (Convert.ToDouble(txtPrice.Text) * Convert.ToInt32(txtQuantity.Text)) + "\n");
Session["OrderObj"] = newOrder;
}
else
Response.Write("No customer is in session, please log in");
}
}
public static string EditCustomer(Customer cust)
{
string connectionString = ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
SqlConnection connection = new SqlConnection(connectionString);
String sql = "UPDATE [Customer] SET CustomerID = @CustomerID, Name = @Name, Address = @Address, " +
" PhoneNumber = @PhoneNumber, Notes = @Notes, Username = @Username, Password = @Password";
try
{
connection.Open();
SqlCommand command = new SqlCommand(sql, connection);
command.Parameters.Add("@CustomerID", SqlDbType.Int).Value = cust.CustomerID;
command.Parameters.Add("@Name", SqlDbType.NVarChar).Value = cust.Name;
command.Parameters.Add("@Address", SqlDbType.NVarChar).Value = cust.Address;
command.Parameters.Add("@PhoneNumber", SqlDbType.NVarChar).Value = cust.PhoneNum;
command.Parameters.Add("@Notes", SqlDbType.NVarChar).Value = cust.Notes;
command.Parameters.Add("@Username", SqlDbType.NVarChar).Value = cust.Username;
command.Parameters.Add("@Password", SqlDbType.NVarChar).Value = cust.Password;
command.ExecuteNonQuery();
connection.Close();
return "Complete";
}
catch (SqlException sqlEx)
{
return (sqlEx.Message);
}
finally
{
connection.Close();
}
}
public static string getCustomerID(Customer cust)
{
int customerID = 0;
String sql = "SELECT MAX(CustomerID) as MAX FROM [Customer]";
string connectionString = ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
SqlConnection connection = new SqlConnection(connectionString);
SqlCommand command = new SqlCommand(sql, connection);
SqlDataReader reader;
command = new SqlCommand(sql, connection);
try
{
connection.Open();
reader = command.ExecuteReader();
while (reader.Read())
{
customerID = reader.GetInt32(reader.GetOrdinal("MAX"));
}
customerID++;
cust.CustomerID = customerID;
reader.Close();
}
catch (SqlException sqlEx)
{
return sqlEx.Message;
}
finally
{
connection.Close();
}
return "Complete";
}
protected void Page_Load(object sender, EventArgs e)
{
sessionCust = (Customer)Session["CustOBJ"];
}
