protected void btnChangePass_Click(object sender, EventArgs e)
{
if (CheckInputs())
{
try
{
string strUpdateQuery = "UPDATE Employees SET PWD=@PWD WHERE EmployeeID=@EID";
SqlParameter[] UpdateParams =
{
//new SqlParameter("@PWD", Encryption.MD5(newpass)),
new SqlParameter("@PWD", newpass),
new SqlParameter("@EID", EmployeeID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdateQuery, UpdateParams, ConnString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Password change", EmployeeID);
//Session.Add("KEY", Encryption.MD5(newpass));
Session.Add("KEY", newpass);
lblAlert.Text = "Change password succeeded!";
}
catch
{
lblAlert.Text = "Change password failed!";
}
}
else
{
lblAlert.Text = "Please check your inputs.";
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
bool UsernameExists = UserManagement.General.CheckIfExisting(textUname.Text);
if (UsernameExists != true)
{
string strInsert = "INSERT INTO Guardians (FName, MName, LName, Gender, BDate, ContactNo, Email, Address, UN, Pwd) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @address, @un, @pwd)";
SqlParameter[] insertParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(textFname.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(textMname.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(textLname.Text)),
new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)),
new SqlParameter("@bdate", Convert.ToDateTime(textBirthday.Text)),
new SqlParameter("@contact", AntiXSSMethods.CleanString(textContactNo.Text)),
new SqlParameter("@email", AntiXSSMethods.CleanString(textEmail.Text)),
new SqlParameter("@address", AntiXSSMethods.CleanString(textSaddress.Text)),
new SqlParameter("@un", AntiXSSMethods.CleanString(textUname.Text)),
new SqlParameter("@pwd", Encryption.GenerateBCryptHash(textPassword.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Guardian", EmployeeID);
Response.Redirect("TGLink.aspx");
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strImageFile = UploadPhoto();
Response.Write(UploadPhoto());
if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid"))
{
if (strImageFile == "nofile")
{
strImageFile = "";
}
if (checkInputs())
{
bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text);
if (UsernameExists != true)
{
string strInsert = "INSERT INTO Employees (FName, MName, LName, Gender, BDate, ContactNo, Email, AdminLevel, UN, PWD, DateOfEmployment, PhotoFile) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @adminlevel, @un, @pwd, @doe, @photofile)";
SqlParameter[] insrtParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", ddlGender.SelectedValue),
new SqlParameter("@bdate", Convert.ToDateTime(txtBDay.Text)),
new SqlParameter("@contact", AntiXSSMethods.CleanString((txtContact.Text))),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)),
new SqlParameter("@adminlevel", ddlAdminLevel.SelectedValue),
new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)),
//new SqlParameter("@pwd", Encryption.MD5(AntiXSSMethods.CleanString((txtPwd2.Text)))),
new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)),
new SqlParameter("@doe", Convert.ToDateTime(txtDateEmployeed.Text)),
new SqlParameter("@photofile", strImageFile)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insrtParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Employee", EmployeeID);
Response.Redirect("ManageEmployees.aspx");
}
else
{
lblAlert.Text = "Username already taken!";
}
}
else
{
lblAlert.Text = "Invalid or Blank Inputs!";
}
}
else if (strImageFile == "large")
{
lblAlert.Text = "Photo File exceeds 1MB!";
}
else if (strImageFile == "invalid")
{
lblAlert.Text = "Photo File is not valid!";
}
}
protected void btnDelete_Click(object sender, EventArgs e)
{
string strDelete = "DELETE FROM Assets WHERE AssetID=@AID";
SqlParameter[] delParam = { new SqlParameter("@AID", AssetID) };
DataAccess.DataProcessExecuteNonQuery(strDelete, delParam, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Deleted asset!", EmployeeID);
Response.Redirect("ManageAssets.aspx");
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
string strUpdate = "UPDATE Complaints SET Status=@status WHERE ComplaintID=@CID";
SqlParameter[] updateParam =
{
new SqlParameter("@status", ddlStatus.SelectedValue),
new SqlParameter("@CID", ComplaintID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated complaint status", EmployeeID);
lblAlert.Text = "Complaint status updated";
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Rooms (RoomNo, UnitTypeID) VALUES (@roomNo, @unitType)";
SqlParameter[] insertParam =
{
new SqlParameter("@roomNo", txtRoomNo.Text),
new SqlParameter("@unitType", ddlUnitType.SelectedValue)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Room", EmployeeID);
Response.Redirect("~/Admin/RoomMgt.aspx");
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO BedSpaces (RoomID, BedSide) VALUES (@roomID, @side)";
SqlParameter[] insertParam =
{
new SqlParameter("@roomID", ddlRoomNo.SelectedValue),
new SqlParameter("@side", ddlSide.SelectedValue)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Bedspace", EmployeeID);
Response.Redirect("~/Admin/RoomMgt.aspx");
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO TGLink (TenantID, GuardianID, Relation) VALUES (@TID, @GID, @relation)";
SqlParameter[] insertParam =
{
new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@GID", AntiXSSMethods.CleanString(ddlGuardian.SelectedValue)),
new SqlParameter("@relation", AntiXSSMethods.CleanString(txtRelation.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant link to Guardian", EmployeeID);
Response.Redirect("GuardianMgt.aspx");
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
string strUpdate = "UPDATE Assets SET Amount=@amount WHERE AssetID=@AID";
SqlParameter[] updateParam =
{
new SqlParameter("@AID", AssetID),
new SqlParameter("@amount", Convert.ToDouble(txtAmount.Text))
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated assets amount", EmployeeID);
loaddata(AssetID);
lblAlert.Text = "Successfully Updated!";
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Violations (TenantID, EmployeeID, Title, Description, Fine) VALUES (@tid, @eid, @title, @desc, @fine)";
SqlParameter[] insertParam =
{
new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@eid", EmployeeID),
new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)),
new SqlParameter("@desc", AntiXSSMethods.CleanString(txtDesc.Text)),
new SqlParameter("@fine", AntiXSSMethods.CleanString(txtFine.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Violation", EmployeeID);
Response.Redirect("~/Admin/ViolationMgt.aspx");
}
protected void Button1_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Messages (EmployeeID, TenantID, Subject, Message) VALUES (@EID, @TID, @subject, @message)";
SqlParameter[] insertParam =
{
new SqlParameter("@EID", EmployeeID),
new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@message", AntiXSSMethods.CleanString(txtMsg.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Sent a message", EmployeeID);
//Response.Write("<script>alert('Message sent!');</script>");
Response.Redirect("~/Admin/MessageMgt.aspx");
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO ServiceRequest (TenantID, Title, Details, Remarks, Priority) VALUES (@TID, @title, @details, @remarks, @priority)";
SqlParameter[] insertParam =
{
new SqlParameter("@TID", TenantID),
new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)),
new SqlParameter("@details", AntiXSSMethods.CleanString(txtDetails.Text)),
new SqlParameter("@remarks", remarks),
new SqlParameter("@priority", priority)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateTenantAuditTrail("Added new service request", TenantID);
//Response.Write("<script>alert('Success!');</script>");
Response.Redirect("~/Tenant/ServiceRequestMgt.aspx");
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Announcement (Subject, Message, EmployeeID) VALUES (@subject, @message, @eid)";
SqlParameter[] insertParam =
{
new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@message", Server.HtmlEncode(txtMsg.Text.Trim())),
new SqlParameter("@eid", EmployeeID)
};
int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Announcement", EmployeeID);
//DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
//Response.Write("<script>alert('Success!');</script>");
Response.Redirect("ViewAnnouncement.aspx?ID=" + newID.ToString());
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
int fpid;
try
{
fpid = int.Parse(AntiXSSMethods.CleanString(txtFPID.Text));
}
catch
{
fpid = 0;
}
try
{
string strUpdate = "UPDATE Tenants SET PhotoFile=@photofile, FingerprintID=@fpid, FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, MobileNo=@mobno, Email=@email, Street=@street, City=@city, Region=@region, Country=@country WHERE TenantID=@TID";
photofile = UploadPhoto();
SqlParameter[] UpdateParams =
{
new SqlParameter("@fpid", fpid),
new SqlParameter("@photofile", photofile),
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)),
new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtDOB.Text)),
new SqlParameter("@mobno", AntiXSSMethods.CleanString(txtContactNo.Text)),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmailAdd.Text)),
new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)),
new SqlParameter("@city", AntiXSSMethods.CleanString(txtCityProvince.Text)),
new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)),
new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)),
new SqlParameter("@TID", TenantID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated tenants details", EmployeeID);
loaddata(TenantID);
lblAlert.Text = "Tenant information saved.";
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
try
{
if (ddlRemarks.SelectedValue == "Completed")
{
txtDateCompleted.Visible = true;
string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority, DateCompleted=@dateCompleted WHERE ServiceRequestID=@SRID";
SqlParameter[] updateParam =
{
new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)),
new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)),
new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)),
new SqlParameter("@dateCompleted", AntiXSSMethods.CleanString(txtDateCompleted.Text)),
new SqlParameter("@SRID", ServiceRequestID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID);
loaddata(ServiceRequestID);
lblAlert.Text = "Update saved!";
}
else
{
string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority WHERE ServiceRequestID=@SRID";
SqlParameter[] updateParam =
{
new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)),
new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)),
new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)),
new SqlParameter("@SRID", ServiceRequestID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID);
loaddata(ServiceRequestID);
lblAlert.Text = "Update saved!";
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
if (CheckInputs())
{
string strUpdate = "UPDATE Announcement SET Message=@message, Subject=@subject WHERE AnnouncementID=@AID";
SqlParameter[] UpdateParams =
{
new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@message", Server.HtmlEncode(AntiXSSMethods.CleanString(txtMsg.Text))),
new SqlParameter("@AID", AnnouncementID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated announcement", EmployeeID);
lblAlert.Text = "Announcement updated!";
}
else
{
lblAlert.Text = "Update failed. Some fields are blank.";
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
int SelectedGuardian = int.Parse(grdGuardian.SelectedDataKey["GuardianID"].ToString());
string strUpdate = "UPDATE Guardians SET FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, ContactNo=@contactNo, Email=@email, Address=@address WHERE GuardianID=@GID";
SqlParameter[] updateParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)),
new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)),
new SqlParameter("@contactNo", AntiXSSMethods.CleanString(txtContact.Text)),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)),
new SqlParameter("@address", AntiXSSMethods.CleanString(txtAddress.Text)),
new SqlParameter("@GID", SelectedGuardian)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated guardians details", EmployeeID);
lblAlert.Text = "Successfully Updated!";
grdGuardian.DataBind();
loaddata(SelectedGuardian);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Complaints (TenantID, Subject, Details, Status) VALUES (@TID, @subj, @details, @status)";
SqlParameter[] insertParam =
{
new SqlParameter("@TID", TenantID),
new SqlParameter("@subj", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@details", AntiXSSMethods.CleanString(txtMsg.Text)),
new SqlParameter("@status", status)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateTenantAuditTrail("Added new complaints", TenantID);
//Response.Write("<script>alert('Success!');</script>");
Response.Redirect("AddComplaint.aspx");
lblAlert.Text = "Complaint submitted!";
if (IsPostBack)
{
txtSubject.Text = "";
txtMsg.Text = "";
}
}
protected void btnReg_Click(object sender, EventArgs e)
{
if (checkInputs())
{
string strInsert = "INSERT INTO Assets (TenantID, AssetType, ModelName, BrandName,SerialNo, Amount) VALUES (@tid, @type, @model, @brand, @serial, @amount)";
SqlParameter[] insertParam =
{
new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@type", AntiXSSMethods.CleanString(ddlType.SelectedValue)),
new SqlParameter("@model", AntiXSSMethods.CleanString(txtModel.Text)),
new SqlParameter("@brand", AntiXSSMethods.CleanString(txtBrand.Text)),
new SqlParameter("@serial", AntiXSSMethods.CleanString(txtSerial.Text)),
new SqlParameter("@amount", StringCustomizers.CheckMoney(Convert.ToDouble(AntiXSSMethods.CleanString(txtAmount.Text))))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Asset", EmployeeID);
Response.Redirect("~/Admin/ManageAssets.aspx");
}
else
{
lblAlert.Text = "Please check your input fields for invalid entries";
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string curfewTime;
if (cbkDisableCurfew.Checked)
{
curfewTime = "";
}
else
{
curfewTime = DDLHR.SelectedValue + ":" + DDLMIN.SelectedValue;
}
string strImageFile = UploadPhoto();
if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid"))
{
if (strImageFile == "nofile")
{
strImageFile = "";
}
if (checkInputs())
{
bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text);
if (UsernameExists != true)
{
string strInsert = "INSERT INTO Tenants (FName, MName, LName, Gender, Email, BDate, Street, City, Region, Country, MobileNo, UN, Pwd, CurfewTime) VALUES (@fname, @mname, @lname, @gender, @email, @bdate, @street, @city, @region, @country, @mobileNo, @un, @pwd, @curfewtime)";
SqlParameter[] insertParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", ddlGender.SelectedValue),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)),
new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)),
new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)),
new SqlParameter("@city", AntiXSSMethods.CleanString(txtCity.Text)),
new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)),
new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)),
new SqlParameter("@mobileNo", AntiXSSMethods.CleanString(txtContact.Text)),
new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)),
new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)),
new SqlParameter("@curfewtime", curfewTime)
};
int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant", EmployeeID);
Response.Redirect("Contract.aspx?ID=" + newID.ToString());
}
else
{
lblAlert.Text = "Username already taken!";
}
}
else
{
lblAlert.Text = "Birth date is invalid!";
}
}
else if (strImageFile == "large")
{
lblAlert.Text = "Photo File exceeds 1MB!";
}
else if (strImageFile == "invalid")
{
lblAlert.Text = "Photo File is not valid!";
}
}
