protected void btnModifica_Click(object sender, EventArgs e)
{
if (txtPassword.Text == "" || txtPasswordR.Text == "")
{
lblErrore.Text = "Password non valida";
}
else if (txtPasswordR.Text != txtPassword.Text)
{
lblErrore.Text = "Password non corrispondenti";
}
else
{
// Controllo campi di Input
if (txtPassword.Text.Contains("'") || txtPassword.Text.Contains("\"") ||
txtPasswordR.Text.Contains("'") || txtPasswordR.Text.Contains("\""))
{
lblErrore.Text = "Caratteri non validi.";
return;
}
string value = Request.QueryString["url"];
if (value != null)
{
adoNet ado = new adoNet();
string sql = "SELECT idPersonale FROM LinkPasswordPersonale WHERE url = '" + value + "' AND DATEDIFF(hour, dataRichiesta, GETDATE()) <= 24";
string res = ado.eseguiScalar(sql, System.Data.CommandType.Text);
if (res != "")
{
sql = "UPDATE Personale SET pwd = '" + SHA.GenerateSHA512String(txtPassword.Text) + "' WHERE id = " + res;
ado.eseguiNonQuery(sql, System.Data.CommandType.Text);
sql = "UPDATE LinkPasswordPersonale SET modifica = 1 WHERE idPersonale = " + res + " AND url = '" + value + "'";
ado.eseguiNonQuery(sql, System.Data.CommandType.Text);
Response.Redirect("./Login.aspx");
}
else
{
sql = "SELECT idGenitore FROM LinkPasswordGenitori WHERE url = '" + value + "' AND DATEDIFF(hour, dataRichiesta, GETDATE()) <= 24";
res = ado.eseguiScalar(sql, System.Data.CommandType.Text);
if (res != "")
{
sql = "UPDATE Genitori SET pwd = '" + SHA.GenerateSHA512String(txtPassword.Text) + "' WHERE id = " + res;
ado.eseguiNonQuery(sql, System.Data.CommandType.Text);
sql = "UPDATE LinkPasswordGenitori SET modifica = 1 WHERE idGenitore = " + res + " AND url = '" + value + "'";
ado.eseguiNonQuery(sql, System.Data.CommandType.Text);
Response.Redirect("./Login.aspx");
}
else
{
Response.Redirect("./Login.aspx");
}
}
}
else
{
Response.Redirect("./Login.aspx");
}
}
}
protected void btnRecupera_Click(object sender, EventArgs e)
{
adoNet.impostaConnessione();
adoNet ado = new adoNet();
string sql = "SELECT id FROM Personale WHERE email = '" + txtEmailUser.Text + "'";
string codice = ado.eseguiScalar(sql, System.Data.CommandType.Text);
if (codice != "")
{
string rand = "";
bool newURL = false;
do
{
rand = RandomString(49);
sql = "SELECT COUNT(*) FROM LinkPasswordPersonale WHERE url = '" + rand + "'";
if (Convert.ToInt32(ado.eseguiScalar(sql, System.Data.CommandType.Text)) == 0)
{
newURL = true;
}
} while (!newURL);
sql = "INSERT INTO LinkPasswordPersonale (idPersonale, url) VALUES(" + codice + ", '" + rand + "')";
ado.eseguiNonQuery(sql, System.Data.CommandType.Text);
inviaEmail(txtEmailUser.Text, rand);
divSucc.Visible = true;
divForg.Visible = false;
}
else
{
sql = "SELECT id FROM Genitori WHERE email = '" + txtEmailUser.Text + "'";
codice = ado.eseguiScalar(sql, System.Data.CommandType.Text);
if (codice != "")
{
string rand = "";
bool newURL = false;
do
{
rand = RandomString(49);
sql = "SELECT COUNT(*) FROM LinkPasswordGenitori WHERE url = '" + rand + "'";
if (Convert.ToInt32(ado.eseguiScalar(sql, System.Data.CommandType.Text)) == 0)
{
newURL = true;
}
} while (!newURL);
sql = "INSERT INTO LinkPasswordGenitori (idGenitore, url) VALUES(" + codice + ", '" + rand + "')";
ado.eseguiNonQuery(sql, System.Data.CommandType.Text);
inviaEmail(txtEmailUser.Text, rand);
divSucc.Visible = true;
divForg.Visible = false;
}
else
{
lblErrore.Text = "Email non trovata";
lblErrore.Visible = true;
}
}
}
protected void salvaAnimatore_Click(object sender, EventArgs e)
{
adoNet ado = new adoNet();
string sql = "";
SqlCommand command = new SqlCommand();
switch (((Button)sender).Text)
{
case "Aggiungi":
sql = "INSERT INTO Personale(nome, cognome, sesso, dataNascita, natoA, nazionalita, indirizzo, numeroCivico, idCitta, numeroTelefono, email) " +
"OUTPUT Inserted.id " +
"VALUES " +
"(@nome, @cognome, @sesso, @dataNascita, @natoA, @nazionalita, @indirizzo, @numeroCivico, @idCitta, @numeroTelefono, @email)";
command.CommandText = sql;
command.CommandType = CommandType.Text;
command.Parameters.AddWithValue("@nome", nomeAnimatore.Text);
command.Parameters.AddWithValue("@cognome", cognomeAnimatore.Text);
command.Parameters.AddWithValue("@sesso", sessoAnimatore.SelectedValue);
command.Parameters.AddWithValue("@dataNascita", dataNascitaAnimatore.Text);
command.Parameters.AddWithValue("@natoA", cittaNascitaAnimatore.SelectedValue);
command.Parameters.AddWithValue("@nazionalita", nazionalitaAnimatore.SelectedValue);
command.Parameters.AddWithValue("@indirizzo", indirizzoAnimatore.Text);
command.Parameters.AddWithValue("@numeroCivico", numeroCivicoAnimatore.Text);
command.Parameters.AddWithValue("@idCitta", cittaAnimatore.SelectedValue);
command.Parameters.AddWithValue("@numeroTelefono", cellulareAnimatore.Text);
command.Parameters.AddWithValue("@email", emailAnimatore.Text);
string idAnimatore = ado.eseguiScalar(command);
sql = "INSERT INTO Genitori(nome, cognome, numeroTelefono) " +
"OUTPUT Inserted.id " +
"VALUES " +
"(@nome, @cognome, @numeroTelefono)";
command = new SqlCommand();
command.CommandText = sql;
command.CommandType = CommandType.Text;
command.Parameters.AddWithValue("@nome", nomeAnimatore.Text);
command.Parameters.AddWithValue("@cognome", cognomeAnimatore.Text);
command.Parameters.AddWithValue("@numeroTelefono", cellulareAnimatore.Text);
string idGenitore = ado.eseguiScalar(command);
sql = "INSERT INTO ParenteleAnimatori(idAnimatore, idGenitore) VALUES(" + idAnimatore + ", " + idGenitore + ")";
ado.eseguiNonQuery(sql, CommandType.Text);
Response.Redirect("./Visualizzazione.aspx");
break;
case "Modifica":
break;
case "Chiudi":
break;
}
}