// Populates the grid view of all the employers for Admin Secion
public List<Employer> GetListOfEmployersAdmin()
{
List<Employer> ListOfEmployersAdmin = new List<Employer>();
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using (SqlCommand Cmd = new SqlCommand("spGetEmployersAdmin", Cxn))
{
Cxn.Open();
dr = Cmd.ExecuteReader();
while (dr.Read())
{
Employer AdminEmployer = new Employer();
int empID = Convert.ToInt32(dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpID)));
string empUsername = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpUsername)).ToString();
string empEmail = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpEmail)).ToString();
string empPhone = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpPhone)).ToString();
AdminEmployer.EmployerID = empID;
AdminEmployer.EmployerUsername = empUsername;
AdminEmployer.EmployerEmail = empEmail;
AdminEmployer.EmployerPhone = empPhone;
ListOfEmployersAdmin.Add(AdminEmployer);
}
Cxn.Close();
dr.Close();
}
}
}
catch (SqlException ex)
{
throw;
}
return ListOfEmployersAdmin;
}
// activate employer profile
public bool ActivateEmpProfile(Employer employer)
{
try
{
DALRecruiterWebsiteManager DALMngr = new DALRecruiterWebsiteManager();
bool result = DALMngr.UpdateEmpProfile(employer);
return result;
}
catch (Exception ex)
{
throw;
}
}
// create employer profile
public bool CreateEmployerProfile(Employer Emp)
{
bool result = false;
// 'using DAL; namespace allows for the created of an instance of the public class DALRecruiterWebsiteManager()
DALRecruiterWebsiteManager DALRWebMngr = new DALRecruiterWebsiteManager();
try
{
result = DALRWebMngr.CreateEmpProfile(Emp);
}
catch (Exception ex)
{
throw;
}
return result;
}
private void CreateNewEmpProfile()
{
// creates strings from name, email, phone textboxes
string empUName = txtEmpSUUsername.Text.ToString();
string empEmail = txtEmpSUEmail.Text.ToString();
string empPhone = txtEmpSUPhone.Text.ToString();
string empPassword = txtEmpSUPassword.Text.ToString();
bool runValidation = RunValidation(empUName, empEmail, empPhone, empPassword);
if (runValidation)
{
string empActivationCode = Guid.NewGuid().ToString();
bool empAccActive = false;
// if passwords user entered match, do the following
if (txtEmpSUPassword.Text == txtEmpSUPasswordConfirm.Text)
{
// creates a string for salted and hashed password
// password is salted and hashed using the method CreateHash()
// from the PassordHash class the source code of which comes from
// https://github.com/defuse/password-hashing/blob/master/compatible/PasswordHash.cs
// we learned how to implement the PasswordHash class from
// https://www.youtube.com/watch?v=AR7_SHnptZc
string saltHashReturned = PasswordHash.CreateHash(txtEmpSUPassword.Text);
// from the first colon to the second is the 'salt'
// from the second colon to the end is the 'hash'
saltHashReturned = PasswordHash.CreateHash(txtEmpSUPassword.Text);
int commaIndex = saltHashReturned.IndexOf(":");
string extractedString = saltHashReturned.Substring(0, commaIndex);
commaIndex = saltHashReturned.IndexOf(":");
extractedString = saltHashReturned.Substring(commaIndex + 1);
commaIndex = extractedString.IndexOf(":");
string salt = extractedString.Substring(0, commaIndex);
commaIndex = extractedString.IndexOf(":");
extractedString = extractedString.Substring(commaIndex + 1);
string hash = extractedString;
Employer emp = new Employer(empUName, empEmail, empPhone, salt, saltHashReturned, empActivationCode, empAccActive);
// 'using BLL;' namespace creates new instance of that class
// string parameters are passed in
BLLRecruiterWebsiteManager BLLRWebMngr = new BLLRecruiterWebsiteManager();
try
{
bool result = BLLRWebMngr.CreateEmployerProfile(emp);
if (result)
{
Session["EmployerID"] = emp.EmployerID;
SendActivationMail(empEmail, empUName, empActivationCode);
Page.ClientScript.RegisterStartupScript(this.GetType(), "message", "confirm('Activation Email Sent')", true);
Response.Redirect("~/EmployerActivation.aspx");
}
else
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "message", "alert('Error: try again)", true);
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
throw;
}
}
else
{
// error in the code here - neither message displaying
//txtEmpSUPassword.Text = "Passwords do not match!";
txtEmpSUPassword.Text = "Passwords don't match!";
}
}
}
protected void Page_Load(object sender, EventArgs e){
Employer Emp = new Employer();
string Sesh = string.Empty;
if (Session["EmployerID"] == null)
{
Response.Redirect("~/EmployerLogin.aspx");
}
else
{
Sesh = Session["EmployerID"].ToString();
int SessionEmployerID = int.Parse(Sesh);
List<JobApplication> Application = new List<JobApplication>();
BLL.BLLRecruiterWebsiteManager RequestJobApplicant = new BLL.BLLRecruiterWebsiteManager();
Application = RequestJobApplicant.GetApplicationsFormDatabase(SessionEmployerID);
GridView1.DataSource = from t in Application
select new
{
// CHANGED
t.JobIdApplied,
t.EmpidApplied,
t.FullName,
t.ContactNumber,
t.Email,
t.CoverLetter,
t.UploadCvPath
};
GridView1.DataBind();
List<Job> JobList = new List<Job>();
BLL.BLLRecruiterWebsiteManager RequestJobList = new BLL.BLLRecruiterWebsiteManager();
JobList = RequestJobList.ListJobs(SessionEmployerID);
/*
DataSet ds = new DataSet();
DataTable dt = new DataTable("myTable");
dt.Columns.Add("JobID", typeof(int));
dt.Columns.Add("EmpID", typeof(int));
dt.Columns.Add("Category",typeof(string));
dt.Columns.Add("Title", typeof(string));
dt.Columns.Add("Location",typeof(string));
dt.Columns.Add("Requirements",typeof(string));
dt.Columns.Add("Salary",typeof(decimal));
foreach (var item in JobList)
{
DataRow dr = dt.NewRow();
dr["JobID"] = item.JobID;
dr["EmpID"] = item.EmpID;
dr["Category"] = item.Category;
dr["Title"] = item.Title;
dr["Location"] = item.Location;
dr["Requirements"] = item.Requirements;
dr["Salary"] = item.Salary;
dt.Rows.Add(dr);
}
ds.Tables.Add(dt);
*
* */
GridView2.DataSource = from x in JobList
orderby x.DateCreated ascending
select new
{
x.JobID,
x.EmpID,
x.Category,
x.Title,
x.Company,
x.Location,
x.Description,
x.Type,
x.Terms,
x.Salary,
x.DateCreated
};
GridView2.DataBind();
}
}
// activation emp profile
public bool UpdateEmpProfile(Employer Emp)
{
bool result = false;
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using (SqlCommand Cmd = new SqlCommand("spActiveEmpProfile", Cxn))
{
// declares sql command as stored procedure
Cmd.CommandType = CommandType.StoredProcedure;
// declares parameters of stored procedure
SqlParameter UpdateUserNameParam = new SqlParameter("@EmpUsername", SqlDbType.NVarChar, 20);
SqlParameter UpdateAccountActive = new SqlParameter("@EmpAccountActive", SqlDbType.Bit);
// sets stored procedure parameters to the parameters of this method
UpdateUserNameParam.Value = Emp.EmployerUsername;
UpdateAccountActive.Value = Emp.EmployerAccountActive;
// adds parameters to the command
Cmd.Parameters.Add(UpdateUserNameParam);
Cmd.Parameters.Add(UpdateAccountActive);
// opens up sql db connection, executes sql command and closes the connection
Cxn.Open();
int i = Cmd.ExecuteNonQuery();
if (i > 0)
{
result = true;
}
Cxn.Close();
}
}
}
catch (SqlException ex)
{
// only throws the sql connection as ex.Message
// cannot be displayed to screen from this data layer class
throw;
}
return result;
}
// returns list of employers
public List<Employer> GetListOfEmployers()
{
// declares variable string to be returned by method
List<Employer> EmpList = new List<Employer>();
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using (SqlCommand Cmd = new SqlCommand("spGetAllEmp", Cxn))
{
// declares sql command as stored procedure
Cmd.CommandType = CommandType.StoredProcedure;
// open connection to
Cxn.Open();
// creates DataReader for reading data from database
dr = Cmd.ExecuteReader();
// while loop to start reading data
while (dr.Read())
{
int empID = Convert.ToInt32(dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpID)));
string empUsername = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpUsername)).ToString();
string empEmail = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpEmail)).ToString();
string empPhone = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpPhone)).ToString();
string empSalt = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpSalt)).ToString();
string empSaltPwd = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpSaltPwd)).ToString();
string empAccKey = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpActivationKey)).ToString();
bool empAccActive = (dr.GetBoolean(Convert.ToInt32(Emp_GetObject.SP_GetAccountActive)));
Employer Emp = new Employer(empUsername, empEmail, empPhone, empSalt, empSaltPwd, empAccKey, empAccActive);
Emp.EmployerID = empID;
EmpList.Add(Emp);
}
// close both data reader and database connection
dr.Close();
Cxn.Close();
}
}
return EmpList;
}
catch (Exception ex)
{
throw;
}
}
// log in for emloyers
public Employer GetEmpLogin(string empUName, string empSHPwd)
{
// declares variable string to be returned by method
Employer Emp = null;
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using (SqlCommand Cmd = new SqlCommand("spGetEmpLogin", Cxn))
{
// declares sql command as stored procedure
Cmd.CommandType = CommandType.StoredProcedure;
// declares parameters of stored procedure
SqlParameter InsertUserNameParam = new SqlParameter("@EmpUsername", SqlDbType.NVarChar, 20);
// sets stored procedure parameter to the parameter of this method
InsertUserNameParam.Value = empUName;
// adds parameters to the command
Cmd.Parameters.Add(InsertUserNameParam);
// open connection to
Cxn.Open();
// creates DataReader for reading data from database
dr = Cmd.ExecuteReader();
// while loop to start reading data
while (dr.Read())
{
int empID = Convert.ToInt32(dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpID)));
string empUsername = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpID)).ToString();
string empEmail = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpEmail)).ToString();
string empPhone = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpPhone)).ToString();
string empSalt = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpSalt)).ToString();
string empSaltPwd = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpSaltPwd)).ToString();
string empAccKey = dr.GetValue(Convert.ToInt32(Emp_GetObject.SP_GetEmpActivationKey)).ToString();
bool empAccActive = (dr.GetBoolean(Convert.ToInt32(Emp_GetObject.SP_GetAccountActive)));
Emp = new Employer(empUsername, empEmail, empPhone, empSalt, empSaltPwd, empAccKey, empAccActive);
Emp.EmployerID = empID;
}
// close both data reader and database connection
dr.Close();
Cxn.Close();
}
}
return Emp;
}
catch (Exception ex)
{
throw;
}
}
// creates an employer profile.
public bool CreateEmpProfile(Employer Emp)
{
bool result = false;
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using(SqlCommand Cmd = new SqlCommand("spCreateEmpProfile",Cxn))
{
// declares sql command as stored procedure
Cmd.CommandType = CommandType.StoredProcedure;
// declares parameters of stored procedure
SqlParameter InsertUserNameParam = new SqlParameter("@EmpUsername", SqlDbType.NVarChar, 20);
SqlParameter InsertEmailParam = new SqlParameter("@EmpEmail", SqlDbType.NVarChar, 100);
SqlParameter InsertPhoneParam = new SqlParameter("@EmpPhone", SqlDbType.NVarChar, 20);
SqlParameter InsertSaltParam = new SqlParameter("@EmpSalt", SqlDbType.NVarChar, 100);
SqlParameter InsertSlowHashSalt = new SqlParameter("@EmpSlowHashSalt", SqlDbType.NVarChar, 256);
SqlParameter InsertActivationKey = new SqlParameter("@EmpActivationKey", SqlDbType.NVarChar, 256);
SqlParameter InsertAccountActive = new SqlParameter("@EmpAccountActive", SqlDbType.Bit);
SqlParameter InsertEmpIDParam = new SqlParameter("@empid", SqlDbType.Int);
// sets stored procedure parameters to the parameters of this method
InsertUserNameParam.Value = Emp.EmployerUsername;
InsertEmailParam.Value = Emp.EmployerEmail;
InsertPhoneParam.Value = Emp.EmployerPhone;
InsertSaltParam.Value = Emp.EmployerSalt;
InsertSlowHashSalt.Value = Emp.EmployerSaltHashPwd;
InsertActivationKey.Value = Emp.EmployerActivationKey;
InsertAccountActive.Value = Emp.EmployerAccountActive;
InsertEmpIDParam.Direction = ParameterDirection.Output;
// adds parameters to the command
Cmd.Parameters.Add(InsertUserNameParam);
Cmd.Parameters.Add(InsertEmailParam);
Cmd.Parameters.Add(InsertPhoneParam);
Cmd.Parameters.Add(InsertSaltParam);
Cmd.Parameters.Add(InsertSlowHashSalt);
Cmd.Parameters.Add(InsertActivationKey);
Cmd.Parameters.Add(InsertAccountActive);
Cmd.Parameters.Add(InsertEmpIDParam);
// opens up sql db connection, executes sql command and closes the connection
Cxn.Open();
int i = Cmd.ExecuteNonQuery();
if(i > 0)
{
// returns employer ID from database via sql output
Emp.EmployerID = Convert.ToInt32(InsertEmpIDParam.Value);
result = true;
}
Cxn.Close();
}
}
}
catch (SqlException ex)
{
// only throws the sql connection as ex.Message
// cannot be displayed to screen from this data layer class
throw;
}
return result;
}
