protected void CreateUser_Click(object sender, EventArgs e)
{
// Scrub user data
//SqlConnection con = null;
try
{
con.Open();
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = con;
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO [user](name,password,email,address,mobile,dob,created_at,update_at,user_type) Values (@name,@pass,@email,@add,@mob,@dob,@create,@update,@user)";
cmd.Parameters.AddWithValue("@name", Name.Text);
cmd.Parameters.AddWithValue("@pass", Security.HashSHA1(Password.Text));
cmd.Parameters.AddWithValue("@email", Email.Text);
cmd.Parameters.AddWithValue("@add", Address.Text);
cmd.Parameters.AddWithValue("@mob", Mobile.Text);
cmd.Parameters.AddWithValue("@dob", DOB.Text);
cmd.Parameters.AddWithValue("@create", DateTime.Today);
cmd.Parameters.AddWithValue("@update", DateTime.Today);
cmd.Parameters.AddWithValue("@user", UserType.SelectedItem.Text);
int rowsAffected = cmd.ExecuteNonQuery();
if (rowsAffected == 1)
{
//Success notification
AddUserMessage.Visible = true;
AddUserMessage.CssClass = "alert alert-success";
AddUserMessage.Text = "New User added sucessfully";
}
else
{
//Error notification
AddUserMessage.Visible = true;
AddUserMessage.CssClass = "alert alert-danger";
AddUserMessage.Text = "Sorry! Couldn't add user";
}
}
}
catch (SqlException ex)
{
//log error
//display friendly error to user
AddUserMessage.Visible = true;
AddUserMessage.CssClass = "alert alert-danger";
AddUserMessage.Text = ex.Message;
// Response.Write(ex.Message);
}
finally
{
if (con != null)
{
//cleanup connection i.e close
con.Close();
}
}
}
protected void BtnlogIn_Click(object sender, EventArgs e)
{
con.Open();
string checkuser = "******" + txtUname.Text + "' ";
SqlCommand cmd = new SqlCommand(checkuser, con);
string results = cmd.ExecuteScalar().ToString();
int val = Convert.ToInt16(results);
con.Close();
if (val == 1)
{
con.Open();
string checkpass = "******" + txtUname.Text + "'";
SqlCommand cmdd = new SqlCommand(checkpass, con);
string password = cmdd.ExecuteScalar().ToString().Replace(" ", "");
con.Close();
if (password == Security.HashSHA1(txtPassword.Text))
{
con.Open();
string user_type = "Select user_type from [user] where name ='" + txtUname.Text + "' ";
SqlCommand cmd1 = new SqlCommand(user_type, con);
string userType = cmd1.ExecuteScalar().ToString().Replace(" ", "");
string userName = "******" + txtUname.Text + "' ";
SqlCommand cmd2 = new SqlCommand(userName, con);
string user = cmd2.ExecuteScalar().ToString().Replace(" ", "");
Session["userType"] = userType;
Session["user"] = user;
Response.Redirect("Default.aspx");
txtUname.Text = "";
txtPassword.Text = "";
con.Close();
}
else
{
lblwarning.Visible = true;
lblwarning.Text = "User doesnot exist";
txtUname.Text = "";
txtPassword.Text = "";
}
}
con.Close();
}
protected void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
int userid = Convert.ToInt32(GridView1.DataKeys[e.RowIndex].Value.ToString());
GridViewRow row = (GridViewRow)GridView1.Rows[e.RowIndex];
Label lblID = (Label)row.FindControl("lblID");
TextBox txtName = (TextBox)row.Cells[0].FindControl("lblname");
TextBox txtPassword = (TextBox)row.Cells[1].FindControl("lblPassword");
GridView1.EditIndex = -1;
con.Open();
//SqlCommand cmd = new SqlCommand("SELECT * FROM detail", conn);
//SqlCommand cmd = new SqlCommand("update detail set name='" + textName.Text + "',address='" + textadd.Text + "',country='" + textc.Text + "'where id='" + userid + "'", conn);
SqlCommand cmd = new SqlCommand("UPDATE user SET id ='" + lblID.Text + "',name ='" + txtName.Text + "',password ='******' WHERE id='" + userid + "'");
cmd.ExecuteNonQuery();
GvBindProfile();
con.Close();
}