protected void login_onclick(object sender, EventArgs e)
        {
            string Email = unTB.Text;

            User           userObj  = new User();
            User           userObj1 = new User();
            UserManagement uDao     = new UserManagement();

            userObj1 = uDao.checkEmail(Email);

            int EmailMatch = 0;


            if (userObj1 != null)
            {
                EmailMatch = 1;
            }

            if (EmailMatch == 1)
            {
                userObj = uDao.getUserByEmail(Email);
                int pswdMatch = 1;

                //noted,CheEe(002):comment this to bypass the login!!!

                string pswdHash = userObj.PasswordHash;

                // convert into bytes
                byte[] hashbytes = Convert.FromBase64String(pswdHash);

                // take the salt out of the string
                byte[] salt = new byte[16];
                Array.Copy(hashbytes, 0, salt, 0, 16);

                // hash the entered password
                var pbkdf2 = new Rfc2898DeriveBytes(pwTB.Text, salt, 10000);

                byte[] hash = pbkdf2.GetBytes(20);

                for (int i = 0; i < 20; i++)
                {
                    if (hashbytes[i + 16] != hash[i])
                    {
                        pswdMatch = 0;
                    }
                }



                if (pswdMatch == 1)
                {
                    Session["userID"] = userObj.UserID;
                    //System.Diagnostics.Debug.Write(Session["userID"]);
                    Session["userType"] = userObj.Type;

                    if ((string)Session["userType"] == Reference.USR_ADM || (string)Session["userType"] == Reference.USR_MEM)
                    {
                        Response.Redirect("ProfileInfo.aspx");
                    }
                }
                else
                {
                    string script = "alert('Password is incorrect. Please re-enter the correct password.');";
                    ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
                }
            }
            else
            {
                string script = "alert('Email not registered. Please re-enter a correct email.');";
                ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
            }
        }
        protected void fp_onclick(object sender, EventArgs e)
        {
            string Email     = fpEmail.Text;
            string Pswd      = CreatePassword(8);
            string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt");

            //string lastUpdBy = Session["userID"].ToString();
            //string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt");

            User           userObj  = new User();
            User           userObj1 = new User();
            UserManagement uDao     = new UserManagement();

            userObj1 = uDao.checkEmail(Email);

            int EmailMatch = 0;

            if (userObj1 != null)
            {
                EmailMatch = 1;
            }

            if (EmailMatch == 1)                      // if email matches
            {
                userObj = uDao.getUserByEmail(Email); // get email from sql

                // Password codes below
                // make a new byte array
                byte[] salt;

                // generate salt
                new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);

                // hash and salt using PBKDF2
                var pbkdf2 = new Rfc2898DeriveBytes(Pswd, salt, 10000);

                // place string in byte array
                byte[] hash = pbkdf2.GetBytes(20);

                // make new byte array to store hashed password + salt
                // 36 --> 16(salt) + 20(hash)

                byte[] hashbytes = new byte[36];
                Array.Copy(salt, 0, hashbytes, 0, 16);
                Array.Copy(hash, 0, hashbytes, 16, 20);

                string PasswordHash = Convert.ToBase64String(hashbytes);
                string PasswordSalt = Convert.ToBase64String(salt);

                // Database codes insert below
                Boolean insCnt = uDao.updateUserPassword(Email, PasswordHash, PasswordSalt, lastUpdOn);

                // Email codes below
                string body    = "Dear User, " + Environment.NewLine + Environment.NewLine + "Your Password Is Successfully Reset! " + Environment.NewLine + "This Is Your Current Login Password: "******". Please Proceed To Change Your Password Upon Your Login. Thank you. " + Environment.NewLine + Environment.NewLine + Environment.NewLine + "Regards, " + Environment.NewLine + "Targeted Marketing Admin Team";
                string subject = "Password Successfully Reset!";
                string toEmail = Email;
                sendMail(subject, body, toEmail);

                string script = "alert('Password successfully reset! Please check your new password at your email!');";
                ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
            }
            else
            {
                string script = "alert('Email not registered. Please re-enter a correct email.');";
                ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
            }
        }
        protected void btnCreate_User(object sender, EventArgs e)
        {
            // if((tbName.Text == "" || tbConNo.Text == "" || ddlUserType.SelectedValue==""|| tbEmail.Text==""))
            // {
            //  alertWarning.Visible = true;
            // msgWarning.Text = "Please ensure you have filled in all required fields";
            // }

            string Name          = tbName.Text;
            string Type          = ddlUserType.SelectedItem.Value;
            string Email         = tbEmail.Text;
            string ContactNumber = tbConNo.Text;
            string Pswd          = CreatePassword(8);
            int    Status        = 1;
            int    CreatedBy     = Convert.ToInt32(Session["userID"]);
            string CreatedOn     = DateTime.Now.ToString("MM/dd/yyyy h:mm tt");
            int    CompanyID     = Convert.ToInt32(ddlCompany.SelectedValue);

            if (Type == "NULL")
            {
                alertWarning.Visible = true;
                msgWarning.Text      = "Please Select User Type!";
            }
            else
            {
                if (Type == Reference.USR_MEM && CompanyID == 0)
                {
                    alertWarning.Visible = true;
                    msgWarning.Text      = "Please Select Company!";
                }
                else
                {
                    // make a new byte array
                    byte[] salt;

                    // generate salt
                    new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);

                    // hash and salt using PBKDF2
                    var pbkdf2 = new Rfc2898DeriveBytes(Pswd, salt, 10000);

                    // place string in byte array
                    byte[] hash = pbkdf2.GetBytes(20);

                    // make new byte array to store hashed password + salt
                    // 36 --> 16(salt) + 20(hash)

                    byte[] hashbytes = new byte[36];
                    Array.Copy(salt, 0, hashbytes, 0, 16);
                    Array.Copy(hash, 0, hashbytes, 16, 20);

                    string PasswordHash = Convert.ToBase64String(hashbytes);
                    string PasswordSalt = Convert.ToBase64String(salt);

                    UserManagement uDao = new UserManagement();
                    User           uObj = new User();

                    uObj = uDao.checkEmail(Email);

                    int EmailExist = 1;

                    if (uObj == null)
                    {
                        EmailExist = 0;
                    }

                    if (EmailExist == 0)
                    {
                        if (Type == Reference.USR_ADM)
                        {
                            Boolean insCnt = uDao.createAdmin(Name, Email, ContactNumber, Type, PasswordHash, PasswordSalt, Status, CreatedBy, CreatedOn);
                            System.Diagnostics.Debug.WriteLine("Working");
                        }
                        else
                        {
                            Boolean insCnt = uDao.createUser(Name, Email, ContactNumber, Type, PasswordHash, PasswordSalt, Status, CompanyID, CreatedBy, CreatedOn);
                        }

                        string body    = "Dear " + Name + ", " + Environment.NewLine + Environment.NewLine + "Your Account Has Been Successfully Created! " + Environment.NewLine + "This Is Your First-Time Login Password: "******". Please Proceed To Change Your Password Upon Your First Login. Thank you. " + Environment.NewLine + Environment.NewLine + Environment.NewLine + "Regards, " + Environment.NewLine + "Targeted Marketing Admin Team";
                        string subject = "Account Successfully Created!";
                        string toEmail = Email;
                        sendMail(subject, body, toEmail);     // This is the line where the email is sent

                        //VIC: after successful creation, the fields should be cleared to min the risk of user clicking on the submit button again
                        ddlUserType.SelectedIndex = 0;
                        ddlCompany.SelectedIndex  = 0;
                        tbName.Text  = String.Empty;
                        tbEmail.Text = String.Empty;
                        tbConNo.Text = String.Empty;

                        alertSuccess.Visible = true;
                        alertWarning.Visible = false;
                        msgSuccess.Text      = Name + " Has Been Created Successfully!";

                        Session["CreateUser"] = 2;
                        Response.Redirect("UserList.aspx");
                    }
                    //VIC: do not need to check if contact already exist
                    else if (EmailExist > 0)
                    {
                        tbEmail.Text = String.Empty;

                        alertWarning.Visible = true;
                        alertSuccess.Visible = false;
                        msgWarning.Text      = "Email Already In-Use. Please Try Again!";
                    }
                }
                //Session["CreateUser"] = 2;
                //Response.Redirect("UserList.aspx");
            }
        }