protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
StatusDiv.Visible = true;
StatusLabel.Visible = true;
bool buttonChk;
if (DocRadioButton.Checked)
{
buttonChk = DocRoleList.SelectedIndex != 0;
}
else if (StfRadioButton.Checked)
{
buttonChk = StfRoleList.SelectedIndex != 0;
}
else
{
buttonChk = true;
}
string existQuery = DataProvider.RegistrationPage.ExistQuery(EmailBox.Text.ToUpper().Trim());
DataTable dt = HospitalClass.getDataTable(existQuery);
bool checkName = HospitalClass.sqlProtect(FirstNameBox.Text);
bool checkPassword = HospitalClass.sqlProtect(PasswordBox.Text);
if (buttonChk && GenderList.SelectedIndex != 0 && dt.Rows.Count == 0 && checkName && checkPassword) //validate selection of drop down list values
{
if (DocRadioButton.Checked == true)
{
role = DocRoleList.SelectedItem.Value;
updateCode = "DOC_REG";
}
else if (StfRadioButton.Checked == true)
{
role = StfRoleList.SelectedItem.Value;
updateCode = "STF_REG";
}
else
{
role = "PAT";
updateCode = "PAT_REG";;
}
string month,
year;
if (DateTime.Now.Month < 10)
{
month = "0" + DateTime.Now.Month;
}
else
{
month = DateTime.Now.Month.ToString();
}
year = (DateTime.Now.Year.ToString()).Remove(0, 2);
string lastIdQuery = DataProvider.RegistrationPage.LastIdQuery(role.Remove(2));
DataTable lastDt = HospitalClass.getDataTable(lastIdQuery);
if (lastDt.Rows.Count == 0) //first role user registration
{
if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
{
userId = role + month + year + "0001";
}
else
{
userId = role + month + year + "001";
}
}
else //generate new id for patient, doctor or staff
{
string lastId = (string)lastDt.Rows[0][0];
string editId;
if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
{
editId = lastId.Remove(0, lastId.Length - 4);
}
else
{
editId = lastId.Remove(0, lastId.Length - 3);
}
int newIdInt = int.Parse(editId) + 1;
string newId;
if (newIdInt < 10)
{
newId = editId.Remove(editId.Length - 1) + newIdInt.ToString();
}
else if (newIdInt < 100)
{
newId = editId.Remove(editId.Length - 2) + newIdInt.ToString();
}
else if (newIdInt < 1000)
{
newId = editId.Remove(editId.Length - 3) + newIdInt.ToString();
}
else
{
newId = newIdInt.ToString();
}
userId = role + month + year + newId;
}
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = userId;
}
List <string> values = new List <string>();
values.Add(EmailBox.Text.Trim());
values.Add(FirstNameBox.Text.Trim());
values.Add(GenderList.SelectedItem.Text);
values.Add(LastnameBox.Text.Trim());
values.Add(OtherNameBox.Text.Trim());
values.Add(HospitalClass.Encrypt(PasswordBox.Text));
values.Add(PhoneBox.Text);
values.Add(updateCode);
values.Add(updaterId);
values.Add(userId);
values.Add(HospitalClass.getTransactionId());
int status = DataConsumer.executeProcedure("initial_reg", values);
StatusLabel.CssClass = "success big";
StatusLabel.Text = "You have been successfully registered.<br/>Your ID is: " + userId + ".<br/>";
goToLogin.Visible = true;
InfoDiv.Visible = false;
RegLabel.Visible = false;
CheckBoxDiv.Visible = false;
}
else
{
if (!checkName)
{
StatusLabel.Text = "Unsecure name entry. Please remove all ' and -- symbols";
}
else if (!checkPassword)
{
StatusLabel.Text = "Unsecure password choice. Please remove all ' and -- symbols";
}
else if (GenderList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your sex";
}
else if (dt.Rows.Count > 0)
{
StatusLabel.Text = "This email address has already been registered";
}
else
{
StatusLabel.Text = "Please choose a classification/role";
}
}
}
catch (Exception ex)
{
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
bool checkId = HospitalClass.sqlProtect(UserIdBox.Text); //security for user id input against sqlInjection
bool checkPwd = HospitalClass.sqlProtect(PasswordBox.Text); //security for password input against sqlInjection
if (UserIdBox.Text.Length != 0 && checkId && checkPwd)
{
string passwordQuery = DataProvider.LoginPage.PasswordQuery(UserIdBox.Text.ToUpper().Trim());
DataTable dt = HospitalClass.getDataTable(passwordQuery);
if (dt.Rows.Count > 0)
{
string encryptPassword = HospitalClass.Encrypt(PasswordBox.Text);
int checkPassword = 0;
string userIdPass = "";
foreach (DataRow row in dt.Rows)
{
if (encryptPassword == row[0].ToString()) //check if password correlate
{
checkPassword = 1;
userIdPass = row[1].ToString(); //check first name repetition
}
userId = row[1].ToString();
if (userIdPass.Length > 0)
{
userId = userIdPass;
}
}
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = userId;
}
bool rights;
if (userId.StartsWith("ADM") || userId.StartsWith("SUP"))
{
rights = false;
}
else
{
rights = true;
}
//for either a basic user or a privileged user
if ((Session["SuperUser"] != null || Session["Admin"] != null || (checkPassword == 1 && rights)) || (!rights && checkPassword == 1))
{
bool auditTrailValidator = false;
string oldUser = ""; //to check the access of an administrator or a superuser
if (Session["SuperUser"] != null)
{
oldUser = Session["SuperUser"].ToString();
}
else if (Session["Admin"] != null)
{
oldUser = Session["Admin"].ToString();
}
Session["User"] = userId;
//using linq to datasets to query the datatable (to guard against two users with the same first name)
Session["FirstName"] = (from FirstName in dt.AsEnumerable()
where FirstName.Field <string>("USER_ID") == userId
select FirstName.Field <string>("FIRST_NAME")).First().ToString();
Session["RegStatus"] = (from Status in dt.AsEnumerable()
where Status.Field <string>("USER_ID") == userId
select Status.Field <string>("STATUS")).First().ToString();
//login for users
if ((Session["SuperUser"] != null || Session["Admin"] != null || checkPassword == 1) && rights)
{
if (userId.StartsWith("PAT"))
{
updateCode = "PAT_LGN";
}
else if (userId.StartsWith("DC"))
{
updateCode = "DOC_LGN";
}
else
{
updateCode = "STF_LGN";
};
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
//login for admin and superuser
else if (!rights && checkPassword == 1)
{
if (userId.StartsWith("SUP"))
{
Session["SuperUser"] = userId;
updateCode = "SUP_LGN";
}
else
{
Session["Admin"] = userId;
updateCode = "ADM_LGN";
}
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
//extraneous login for superuser and administrator
else
{
//to catch unauthorized access to another privileged user's account
if ((Session["SuperUser"] != null && !userId.StartsWith("SUP")) || oldUser == userId) //for privileged user relogin
{
Session["User"] = userId;
if (oldUser == userId)
{
Session["Info"] = "Welcome Back";
}
if (userId.ToUpper().StartsWith("ADM"))
{
updateCode = "ADM_LGN";
}
else
{
updateCode = "SUP_LGN";
}
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
else
{
StatusLabel.Text = "You do not have access to this profile";
if (oldUser.StartsWith("SUP"))
{
Session["User"] = Session["SuperUser"].ToString();
}
else
{
Session["User"] = Session["Admin"].ToString();
}
auditTrailValidator = false;
}
}
if (auditTrailValidator)
{
object[] values = new object[4];
values[0] = (HospitalClass.getTransactionId());
values[1] = (updateCode);
values[2] = (updaterId);
values[3] = (userId);
int status = DataConsumer.executeProc("audit_trail_proc", values);
}
}
else
{
if (PasswordBox.Text.Length == 0)
{
StatusLabel.Text = "Please enter your password";
}
else
{
StatusLabel.Text = "Wrong user Id/password combination.<br/>Note: Password is case-sensitive.";
}
}
}
else
{
StatusLabel.Text = "You are not a user on our database. Please register.";
}
}
else
{
if (UserIdBox.Text.Length == 0)
{
StatusLabel.Text = "Please enter your user id, first name or email address";
}
else if (!checkId)
{
StatusLabel.Text = "Unsecure user Id";
}
else
{
StatusLabel.Text = "Unsecure password";
}
}
}
catch (Exception ex)
{
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
//ex.Logger();
}
}
