private bool ValidateUser(out string emailvalidationstring)
{
emailvalidationstring = "";
string sql = "SELECT * FROM app_user WHERE emailaddress = @email;";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("email", this.txtEmail.Text)
};
DataSet ds = DataServices.DataSetFromSQL(sql, paramList);
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
string newguid = System.Convert.ToString(System.Guid.NewGuid());
string sqlUpdate = "UPDATE app_user SET emailresetstring = @newguid WHERE emailaddress = @email;";
var paramListUpdate = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("email", this.txtEmail.Text),
new KeyValuePair <string, string>("newguid", newguid)
};
DataServices.executeSQLStatement(sqlUpdate, paramListUpdate);
emailvalidationstring = newguid;
return(true);
}
return(false);
}
protected void btnResetPassword_Click(object sender, EventArgs e)
{
string haserr = "form-group has-error";
string noerr = "form-group";
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.fgPassword.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgConfirmPassword.CssClass = noerr;
if (string.IsNullOrEmpty(this.txtRegistrationPassword.Text.ToString()))
{
this.lblError.Text = "Please enter a password";
this.lblError.Visible = true;
this.fgPassword.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtConfirmPassword.Text.ToString()))
{
this.lblError.Text = "Please confirm your password";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
return;
}
if (this.txtRegistrationPassword.Text != this.txtConfirmPassword.Text)
{
this.lblError.Text = "Passwords do not match";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
this.fgPassword.CssClass = haserr;
return;
}
string newguid = System.Convert.ToString(System.Guid.NewGuid());
string sqlUpdate = "UPDATE app_user SET userpassword = crypt(@userpassword, gen_salt('bf', 8)), emailresetstring = @newguid WHERE emailresetstring = @code;";
var paramListUpdate = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("code", this.hdnCode.Value),
new KeyValuePair <string, string>("userpassword", this.txtRegistrationPassword.Text),
new KeyValuePair <string, string>("newguid", newguid)
};
DataServices.executeSQLStatement(sqlUpdate, paramListUpdate);
this.pnlSuccess.Visible = false;
this.pnlResetWorked.Visible = true;
}
protected void btnReject_Click(object sender, EventArgs e)
{
string sql = "UPDATE public.app_user SET isauthorised = false, authorisedtimestamp = null, authorisedby = null, isrejected = true, rejectedtimestamp = NOW(), rejectedby = @currentuser WHERE userid = CAST(@userid AS INT) ";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("@currentuser", this.hdnUserId.Value),
new KeyValuePair <string, string>("@userid", this.hdnSelectedUserID.Value),
};
DataServices.executeSQLStatement(sql, paramList);
buildEmailMessage("rejected");
Response.Redirect("Default.aspx");
}
private void ValidateCode(string code)
{
bool emailconfirmed = false;
string sql = "SELECT * FROM app_user WHERE emailvalidationstring = @code;";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("code", code)
};
DataSet ds = DataServices.DataSetFromSQL(sql, paramList);
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
try { emailconfirmed = System.Convert.ToBoolean(dt.Rows[0]["emailconfirmed"].ToString()); } catch { }
if (emailconfirmed)
{
this.pnlAlreadyConfirmed.Visible = true;
return;
}
else
{
this.pnlSuccess.Visible = true;
string sqlConfirm = "UPDATE app_user SET emailconfirmed = true, emailconfirmedtimestamp = now() WHERE emailvalidationstring = @code;";
DataServices.executeSQLStatement(sqlConfirm, paramList);
return;
}
}
else
{
this.pnlFailed.Visible = true;
return;
}
}
protected void btnSave_Click(object sender, EventArgs e)
{
string haserr = "form-group has-error";
string noerr = "form-group";
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.fgtesttypeid.CssClass = noerr;
this.fgtestnumericresult.CssClass = noerr;
this.fgclinicianmessage.CssClass = noerr;
this.fgnexttestdate.CssClass = noerr;
this.fgclinicianhasapproved.CssClass = noerr;
if (this.ddltesttypeid.SelectedIndex == 0)
{
this.lblError.Text = "Please select an test";
this.lblError.Visible = true;
this.fgtesttypeid.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txttestnumericresult.Text.ToString()))
{
this.lblError.Text = "Please enter the test result";
this.lblError.Visible = true;
this.fgtestnumericresult.CssClass = haserr;
return;
}
else
{
Decimal d;
try
{
d = Convert.ToDecimal(this.txttestnumericresult.Text);
}
catch
{
this.lblError.Text = "Please a numeric value for the test result";
this.lblError.Visible = true;
this.fgtestnumericresult.CssClass = haserr;
return;
}
}
if (string.IsNullOrEmpty(this.txtnexttestdate.Text.ToString()))
{
this.lblError.Text = "Please enter the next test date";
this.lblError.Visible = true;
this.fgnexttestdate.CssClass = haserr;
return;
}
else
{
DateTime DTm;
try
{
DTm = Convert.ToDateTime(this.txtnexttestdate.Text);
}
catch
{
this.lblError.Text = "Please enter your next test date in the format dd/mm/yyyy";
this.lblError.Visible = true;
this.fgnexttestdate.CssClass = haserr;
return;
}
}
if (string.IsNullOrEmpty(this.txtclinicianmessage.Text.ToString()))
{
this.lblError.Text = "Please enter your message to the patient";
this.lblError.Visible = true;
this.fgclinicianmessage.CssClass = haserr;
return;
}
if (!this.chkclinicianhasapproved.Checked)
{
this.lblError.Text = "Please check the box to indicate that you have discussed the results with the patient";
this.lblError.Visible = true;
this.fgclinicianhasapproved.CssClass = haserr;
return;
}
if (!string.IsNullOrEmpty(this.txtlowerreferencerange.Text.ToString()))
{
Decimal d;
try
{
d = Convert.ToDecimal(this.txtlowerreferencerange.Text);
}
catch
{
this.lblError.Text = "Please a numeric value for the lower reference range";
this.lblError.Visible = true;
this.fglowerreferencerange.CssClass = haserr;
return;
}
}
if (!string.IsNullOrEmpty(this.txtupperreferencerange.Text.ToString()))
{
Decimal d;
try
{
d = Convert.ToDecimal(this.txtupperreferencerange.Text);
}
catch
{
this.lblError.Text = "Please a numeric value for the upper reference range";
this.lblError.Visible = true;
this.fgupperreferencerange.CssClass = haserr;
return;
}
}
string sql = "INSERT INTO public.app_test(testtypeid, testnumericresult, lowerreferencerange, upperreferencerange, unitstext, testtextualresult, userid, patientid, clinicianhasapproved, clinianhasapproveddate, clinicianmessage, nexttestdate)";
sql += "VALUES(CAST(@testtypeid AS INT), CAST(CASE WHEN COALESCE(@testnumericresult, '') = '' THEN NULL ELSE @testnumericresult END AS DECIMAL), CAST(CASE WHEN COALESCE(@lowerreferencerange, '') = '' THEN NULL ELSE @lowerreferencerange END AS DECIMAL), CAST(CASE WHEN COALESCE(@upperreferencerange, '') = '' THEN NULL ELSE @upperreferencerange END AS DECIMAL), @unitstext, @testtextualresult, CAST(@userid AS INT), CAST(@patientid AS INT), true, NOW(), @clinicianmessage, CAST(@nexttestdate AS DATE)); ";
var paramListSave = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("testtypeid", this.ddltesttypeid.SelectedValue),
new KeyValuePair <string, string>("testnumericresult", this.txttestnumericresult.Text),
new KeyValuePair <string, string>("lowerreferencerange", this.txtlowerreferencerange.Text),
new KeyValuePair <string, string>("upperreferencerange", this.txtupperreferencerange.Text),
new KeyValuePair <string, string>("unitstext", this.txtunitstext.Text),
new KeyValuePair <string, string>("testtextualresult", this.txttesttextualresult.Text),
new KeyValuePair <string, string>("userid", this.hdnUserId.Value),
new KeyValuePair <string, string>("patientid", this.hdnPatientID.Value),
new KeyValuePair <string, string>("clinicianmessage", this.txtclinicianmessage.Text),
new KeyValuePair <string, string>("nexttestdate", this.txtnexttestdate.Text)
};
DataServices.executeSQLStatement(sql, paramListSave);
Response.Redirect("PatientSummary.aspx?id=" + this.hdnPatientID.Value);
}
protected void btnRegister_Click(object sender, EventArgs e)
{
string haserr = "form-group has-error";
string noerr = "form-group";
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgConfirmPassword.CssClass = noerr;
this.fgMatchedOrganisation.CssClass = noerr;
this.fgMatchedClinician.CssClass = noerr;
this.fgFirstName.CssClass = noerr;
this.fgLastName.CssClass = noerr;
this.fgDOB.CssClass = noerr;
this.fgTnCs.CssClass = noerr;
if (this.ddlMatchedOrganisation.SelectedIndex == 0)
{
this.lblError.Text = "Please select an organisation";
this.lblError.Visible = true;
this.fgMatchedOrganisation.CssClass = haserr;
return;
}
if (this.ddlMatchedClinician.SelectedIndex == 0)
{
this.lblError.Text = "Please select a clinician";
this.lblError.Visible = true;
this.fgMatchedClinician.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtFirstName.Text.ToString()))
{
this.lblError.Text = "Please enter your first name";
this.lblError.Visible = true;
this.fgFirstName.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtLastName.Text.ToString()))
{
this.lblError.Text = "Please enter your last name";
this.lblError.Visible = true;
this.fgLastName.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtDOB.Text.ToString()))
{
this.lblError.Text = "Please enter your date of birth";
this.lblError.Visible = true;
this.fgDOB.CssClass = haserr;
return;
}
else
{
DateTime DTm;
try
{
DTm = Convert.ToDateTime(this.txtDOB.Text);
}
catch
{
this.lblError.Text = "Please enter your date of birth in the format dd/mm/yyyy";
this.lblError.Visible = true;
this.fgDOB.CssClass = haserr;
return;
}
}
if (string.IsNullOrEmpty(this.txtRegistrationEmail.Text.ToString()))
{
this.lblError.Text = "Please enter your email address";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (CheckEmailAddress() == 1)
{
this.lblError.Text = "This email address has already been registered";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtRegistrationPassword.Text.ToString()))
{
this.lblError.Text = "Please enter a password";
this.lblError.Visible = true;
this.fgPassword.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtConfirmPassword.Text.ToString()))
{
this.lblError.Text = "Please confirm your password";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
return;
}
if (this.txtRegistrationPassword.Text != this.txtConfirmPassword.Text)
{
this.lblError.Text = "Passwords do not match";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
this.fgPassword.CssClass = haserr;
return;
}
if (!this.chkAcceptTnCs.Checked)
{
this.lblError.Text = "Please accept the terms and conditions";
this.lblError.Visible = true;
this.fgTnCs.CssClass = haserr;
return;
}
string sql = "INSERT INTO app_user(usertype, userpassword, matchedorganisationid, matchedclinicianid, nhsnumber, emailaddress, firstname, lastname, dateofbirth, acceptedtermsandconditions)";
sql += " VALUES (@usertype, crypt(@userpassword, gen_salt('bf', 8)), CAST(@matchedorganisationid AS INT), CAST(@matchedclinicianid AS INT), @nhsnumber, @emailaddress, @firstname, @lastname, CAST(@dateofbirth AS date), CAST(@acceptedtermsandconditions AS BOOL))";
string acceptedtermsandconditions = "False";
if (this.chkAcceptTnCs.Checked)
{
acceptedtermsandconditions = "True";
}
var paramListSave = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("usertype", this.ddlUserType.SelectedValue),
new KeyValuePair <string, string>("userpassword", this.txtRegistrationPassword.Text),
new KeyValuePair <string, string>("matchedorganisationid", this.ddlMatchedOrganisation.SelectedValue),
new KeyValuePair <string, string>("matchedclinicianid", this.ddlMatchedClinician.SelectedValue),
new KeyValuePair <string, string>("nhsnumber", this.txtNHSNo.Text),
new KeyValuePair <string, string>("emailaddress", this.txtRegistrationEmail.Text),
new KeyValuePair <string, string>("firstname", this.txtFirstName.Text),
new KeyValuePair <string, string>("lastname", this.txtLastName.Text),
new KeyValuePair <string, string>("dateofbirth", this.txtDOB.Text),
new KeyValuePair <string, string>("acceptedtermsandconditions", acceptedtermsandconditions)
};
DataServices.executeSQLStatement(sql, paramListSave);
this.hdnEmail.Value = this.txtRegistrationEmail.Text;
sendConfirmationEmail();
Response.Redirect("RegistrationThankYou.aspx?id=patient");
}
protected void btnLogin_Click(object sender, EventArgs e)
{
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.btnResendValidationEmail.Visible = false;
this.txtEmail.CssClass = this.txtEmail.CssClass.Replace("has-error", "");
this.txtPassword.CssClass = this.txtPassword.CssClass.Replace("has-error", "");
this.fgtxtEmail.CssClass = this.fgtxtEmail.CssClass.Replace("has-error", "");
this.fgtxtPassword.CssClass = this.fgtxtPassword.CssClass.Replace("has-error", "");
if (string.IsNullOrEmpty(this.txtEmail.Text.ToString()))
{
this.lblError.Text = "Please enter your email address";
this.lblError.Visible = true;
this.fgtxtEmail.CssClass = this.fgtxtEmail.CssClass.Replace("form-group", "form-group has-error");
return;
}
if (string.IsNullOrEmpty(this.txtPassword.Text.ToString()))
{
this.lblError.Text = "Please enter your password";
this.lblError.Visible = true;
this.fgtxtPassword.CssClass = this.fgtxtPassword.CssClass.Replace("form-group", "form-group has-error");
return;
}
string IPAddress = "";
try
{
IPAddress = GetIPAddress();
}
catch { }
string sql = "SELECT * FROM app_user WHERE emailaddress = @email AND userpassword = crypt(@password, userpassword);";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("email", this.txtEmail.Text),
new KeyValuePair <string, string>("password", this.txtPassword.Text)
};
DataSet ds = DataServices.DataSetFromSQL(sql, paramList);
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
//Valid User
Session["UserDetailsSxn"] = dt;
//Record Login
string userid = "0";
try
{
userid = dt.Rows[0]["userid"].ToString();
}
catch { }
Session["userID"] = userid;
string emailconfirmed = "False";
try
{
emailconfirmed = dt.Rows[0]["emailconfirmed"].ToString();
}
catch { }
string userFullName = "";
try
{
userFullName = dt.Rows[0]["firstname"].ToString() + " " + dt.Rows[0]["lastname"].ToString();
}
catch { }
Session["userFullName"] = userFullName;
string userType = "";
try
{
userType = dt.Rows[0]["usertype"].ToString();
}
catch
{
//Response.Redirect("Login.aspx");
}
Session["userType"] = userType;
string matchedclinicianid = "";
try
{
matchedclinicianid = dt.Rows[0]["matchedclinicianid"].ToString();
}
catch
{
//Response.Redirect("Login.aspx");
}
Session["matchedclinicianid"] = matchedclinicianid;
this.hdnEmail.Value = this.txtEmail.Text;
if (emailconfirmed == "False")
{
this.lblError.Text = "Your account has been created but you have not confirmed your email address yet.<br /><br />Please check your spam folder for the email containing the link to confirm your account";
this.btnResendValidationEmail.Visible = true;
this.lblError.Visible = true;
return;
}
string isauthorised = "False";
try
{
isauthorised = dt.Rows[0]["isauthorised"].ToString();
}
catch { }
if (isauthorised == "False")
{
this.lblError.Text = "Your account hasnot been authorised yet";
this.lblError.Visible = true;
return;
}
sql = "INSERT INTO loginhistory (userid, emailaddress, ipaddress) VALUES (CAST(@userid AS INT), @emailaddress, @ipaddress);";
var paramListHistory = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("userid", userid),
new KeyValuePair <string, string>("emailaddress", this.txtEmail.Text),
new KeyValuePair <string, string>("ipaddress", IPAddress)
};
DataServices.executeSQLStatement(sql, paramListHistory);
Response.Redirect(this.lblRedirect.Text);
}
else
{
//Invalid User
sql = "INSERT INTO failedlogin(emailaddress, ipaddress) VALUES ( @emailaddress, @ipaddress); ";
var paramListFail = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("emailaddress", this.txtEmail.Text),
new KeyValuePair <string, string>("ipaddress", IPAddress)
};
DataServices.executeSQLStatement(sql, paramListFail);
this.lblError.Text = "Invalid Username or Password";
this.lblError.Visible = true;
}
}
protected void btnRegister_Click(object sender, EventArgs e)
{
string haserr = "form-group has-error";
string noerr = "form-group";
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgConfirmPassword.CssClass = noerr;
this.fgMatchedOrganisation.CssClass = noerr;
this.fgFirstName.CssClass = noerr;
this.fgLastName.CssClass = noerr;
this.fgGMCCode.CssClass = noerr;
//if (this.ddlMatchedOrganisation.SelectedIndex == 0)
//{
// this.lblError.Text = "Please select an organisation";
// this.lblError.Visible = true;
// this.fgMatchedOrganisation.CssClass = haserr;
// return;
//}
if (string.IsNullOrEmpty(this.txtFirstName.Text.ToString()))
{
this.lblError.Text = "Please enter your first name";
this.lblError.Visible = true;
this.fgFirstName.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtLastName.Text.ToString()))
{
this.lblError.Text = "Please enter your last name";
this.lblError.Visible = true;
this.fgLastName.CssClass = haserr;
return;
}
//if (string.IsNullOrEmpty(this.txtGMCCode.Text.ToString()))
//{
// this.lblError.Text = "Please enter your GMC Number";
// this.lblError.Visible = true;
// this.fgGMCCode.CssClass = haserr;
// return;
//}
if (string.IsNullOrEmpty(this.txtRegistrationEmail.Text.ToString()))
{
this.lblError.Text = "Please enter your email address";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (CheckEmailAddress() == 1)
{
this.lblError.Text = "This email address has already been registered";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtRegistrationPassword.Text.ToString()))
{
this.lblError.Text = "Please enter a password";
this.lblError.Visible = true;
this.fgPassword.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtConfirmPassword.Text.ToString()))
{
this.lblError.Text = "Please confirm your password";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
return;
}
if (this.txtRegistrationPassword.Text != this.txtConfirmPassword.Text)
{
this.lblError.Text = "Passwords do not match";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
this.fgPassword.CssClass = haserr;
return;
}
string sql = "INSERT INTO app_user(usertype, userpassword, gmccode, matchedorganisationid, emailaddress, firstname, lastname, organisationid, isclinician, isactive, emailconfirmed, issysadmin, isauthorised)";
sql += " VALUES (@usertype, crypt(@userpassword, gen_salt('bf', 8)), @gmccode, CAST(@matchedorganisationid AS INT), @emailaddress, @firstname, @lastname, CAST(@organisationid AS INT), true, true, true, true, true)";
var paramListSave = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("usertype", this.ddlUserType.SelectedValue),
new KeyValuePair <string, string>("userpassword", this.txtRegistrationPassword.Text),
new KeyValuePair <string, string>("matchedorganisationid", this.ddlMatchedOrganisation.SelectedValue),
new KeyValuePair <string, string>("organisationid", this.ddlMatchedOrganisation.SelectedValue),
new KeyValuePair <string, string>("gmccode", this.txtGMCCode.Text),
new KeyValuePair <string, string>("emailaddress", this.txtRegistrationEmail.Text),
new KeyValuePair <string, string>("firstname", this.txtFirstName.Text),
new KeyValuePair <string, string>("lastname", this.txtLastName.Text)
};
DataServices.executeSQLStatement(sql, paramListSave);
Response.Redirect("RegistrationThankYou.aspx?id=patient");
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
string id = "";
try
{
id = Request.QueryString["id"].ToString();
}
catch
{
Response.Redirect("Default.aspx");
return;
}
this.hdnTestId.Value = id;
GetTestData(id);
//this.lblError.Visible = false;
switch (Session["userType"].ToString().ToLower())
{
case "patient":
//Response.Redirect("Unauthorised.aspx");
//this.lblSummaryType.Text = "My Summary";
if (this.hdnPatientID.Value != Session["userID"].ToString())
{
Response.Redirect("Unauthorised.aspx");
}
else
{
//Update test to viewed by patient
string sql = "UPDATE app_test SET patienthasviewed = true, patientvieweddate = NOW() WHERE testid = CAST(@testid AS INT) AND COALESCE(patienthasviewed, false) = false;";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("testid", id)
};
DataServices.executeSQLStatement(sql, paramList);
}
break;
case "clinician":
//this.lblSummaryType.Text = "New Result";
if (Session["userID"].ToString() != this.hdnMatchedclinicianid.Value)
{
Response.Redirect("Unauthorised.aspx");
}
break;
case "super user":
Response.Redirect("Unauthorised.aspx");
break;
}
this.hdnUserId.Value = Session["userID"].ToString();
}
}