protected void CheckOrder(object sender, EventArgs e) { //clear error formError.Visible = false; formError.InnerHtml = ""; //database connection SqlConnection conn = new SqlConnection( ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString); conn.Open(); SqlCommand cmd = conn.CreateCommand(); //If we selected a saved card if (Session["userId"] != null & !savedCards.SelectedValue.Equals("None")) { //we don't need to check it (we did when we retrieved it from the db) cardn.Value = savedCards.SelectedValue; } else { //check credit card CreditCardValidator c = new CreditCardValidator(); string expDate = ""; //if the field has been set if (exp.Value.Length > 6) { //convert it into the form mmyy expDate = exp.Value.Substring(5) + exp.Value.Substring(2, 2); } //check the credit card validity int check = c.ValidCard(cardn.Value, expDate); if (check != 0) { //if it's not valid, show an error formError.InnerHtml = "<p>Error " + check + "! Please check your Credit Card data.</p>"; formError.Visible = true; return; } //regex for the CVV code (3 digits) Regex code_valid = new Regex(@"^\d{3}$", RegexOptions.IgnoreCase); if (!code_valid.Match(code.Value).Success) { formError.InnerHtml = "Please insert a valid 3-digits code.<br />"; formError.Visible = true; return; } //if it has not been inserted an owner name, show an error if (owner.Value.Equals("")) { formError.InnerHtml = "Please insert an owner.<br />"; formError.Visible = true; return; } //if the user wants to save the card if (saveCard.Checked && Session["userId"] != null) { //create the command SqlCommand comm = conn.CreateCommand(); //set the query comm.CommandText = @"INSERT INTO CreditCards (UserId, CreditCardN, ExpirationDate, Owner, SecCode) VALUES(@userId, @card, @exp, @own, @code)"; //set the parameters comm.Parameters.Add("@userId", SqlDbType.Int); comm.Parameters.Add("@card", SqlDbType.Char); comm.Parameters.Add("@exp", SqlDbType.Char); comm.Parameters.Add("@own", SqlDbType.VarChar); comm.Parameters.Add("@code", SqlDbType.Char); comm.Parameters["@userId"].Value = Session["userId"]; comm.Parameters["@card"].Value = cardn.Value; comm.Parameters["@exp"].Value = expDate; comm.Parameters["@own"].Value = owner.Value; comm.Parameters["@code"].Value = code.Value; //execute the query to insert the credit card comm.ExecuteNonQuery(); } } cmd.CommandText = "SELECT MAX(ReservationId) FROM Reservations"; string resId = cmd.ExecuteScalar().ToString(); resId = ComputeNextID(resId); //insert into database the reservation (connected to the userId, if it's logged in) string query = @"INSERT INTO Reservations (ReservationId, SeatN, ShowId, CreditCardN"; if (Session["userId"] != null) { query += ", UserId"; } query += ") VALUES(@resId, @seat, @showId, @card"; if (Session["userId"] != null) { query += ", @userId"; } query += ");"; //set the query and the parameters cmd.CommandText = query; cmd.Parameters.Add("@resId", SqlDbType.Char); cmd.Parameters.Add("@seat", SqlDbType.VarChar); cmd.Parameters.Add("@showId", SqlDbType.Int); cmd.Parameters.Add("@card", SqlDbType.Char); cmd.Parameters["@resId"].Value = resId; cmd.Parameters["@showId"].Value = showId; cmd.Parameters["@card"].Value = cardn.Value; if (Session["userId"] != null) { cmd.Parameters.Add("@userId", SqlDbType.Int); cmd.Parameters["@userId"].Value = (int)Session["userId"]; } //execute the queries changing the seat number foreach (var seat in seats) { cmd.Parameters["@seat"].Value = seat; cmd.ExecuteNonQuery(); } //reset the session variables Session["seats"] = null; Session["showId"] = null; Session["price"] = null; Session["title"] = null; Session["room"] = null; Session["date"] = null; //redirect to the ThankYou page Response.Redirect("ThankYou.aspx?id=" + resId); }
protected void Page_Load(object sender, EventArgs e) { //hide the error div formError.Visible = false; //if it's not logged in, hide the dropdown list and the checkbox if (Session["userId"] == null) { saveCardWrapper.Visible = false; savedCardsWrapper.InnerHtml = "<p style=\"font-size: 12px\"><a href=\"Account/LogIn.aspx?redirect=../Payment.aspx\"" + "class=\"btn btn-primary\">Log In</a><br />to see your saved cards and to save the booking into your account</p>"; } //take the seats chosen and the showId seats = (List <string>)Session["seats"]; showId = (string)Session["showId"]; //if something is null (we arrived here without passing through the booking page) //redirect to the main page if (seats == null || showId == null || Session["price"] == null) { Response.Redirect("index.aspx"); } //set link back.NavigateUrl = "ChooseSeats.aspx?showId=" + showId; //save the tot price totPrice = (float)Session["price"]; totPrice *= seats.Count; //setting the summary of the purchase string summ = "<p><b>Movie:</b> " + Session["title"] + "<br />"; summ += "<b>Room:</b> " + Session["room"] + "<br />"; summ += "<b>Date and Time:</b> " + Session["date"] + "<br />"; summ += "<b>Chosen seats:</b> "; foreach (string seat in seats) { summ += seat + " "; } summ += "<br /><b>Total price:</b> €" + totPrice + "</p>"; summary.Text = summ; //put the first item into the drop down list for the saved cards ListItem li = new ListItem(); li.Value = "None"; li.Text = "Select one of your saved cards"; savedCards.Items.Add(li); //if the user is not logged in if (Session["userId"] == null) { //add a "message" at the end of the drop down text savedCards.Items[0].Text += " (you must be logged in)"; //and disable it savedCards.Enabled = false; } //if it's logged in if (Session["userId"] != null) { //connect to the db SqlConnection conn = new SqlConnection( ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString); conn.Open(); //create the command variable SqlCommand cmd = conn.CreateCommand(); //set the query to retrieve all saved credit cards cmd.CommandText = @"SELECT CreditCardN, ExpirationDate, Owner FROM CreditCards WHERE UserId=@userId"; //set the parameters cmd.Parameters.Add("@userId", SqlDbType.Int); cmd.Parameters["@userId"].Value = Convert.ToInt32(Session["userId"]); //read the results using (var rd = cmd.ExecuteReader(System.Data.CommandBehavior.SequentialAccess)) { while (rd.Read()) { //take the credit card number and the expiration date string cardN = rd["CreditCardN"].ToString(); string expDate = rd["ExpirationDate"].ToString(); string owner = rd["Owner"].ToString(); //check if they're still valid CreditCardValidator c = new CreditCardValidator(); int check = c.ValidCard(cardN, expDate); //if they are not, skip it if (check != 0) { continue; } //else, put the card inside the drop down list ListItem l = new ListItem(); l.Value = cardN; l.Text = "****-****-****-" + cardN.Substring(12) + " " + expDate.Substring(0, 2) + "/" + expDate.Substring(2) + " " + owner; savedCards.Items.Add(l); } } } }
protected void AddCard(object sender, EventArgs e) { //hide error div newCardError.Visible = false; //check credit card CreditCardValidator c = new CreditCardValidator(); string expDate = ""; //if the field has been set if (exp.Value.Length > 6) { //convert it into the form mmyy expDate = exp.Value.Substring(5) + exp.Value.Substring(2, 2); } //check the credit card validity int check = c.ValidCard(cardn.Value, expDate); if (check != 0) { //if it's not valid, show an error newCardError.InnerHtml = "<p>Error " + check + "! Please check your Credit Card data.</p>"; newCardError.Visible = true; return; } //regex for the CVV code (3 digits) Regex code_valid = new Regex(@"^\d{3}$", RegexOptions.IgnoreCase); if (!code_valid.Match(code.Value).Success) { newCardError.InnerHtml = "Please insert a valid 3-digits code.<br />"; newCardError.Visible = true; return; } //if it has not been inserted an owner name, show an error if (owner.Value.Equals("")) { newCardError.InnerHtml = "Please insert an owner.<br />"; newCardError.Visible = true; return; } //db connection SqlConnection conn = new SqlConnection( ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString); conn.Open(); //create the command SqlCommand comm = conn.CreateCommand(); //set the query comm.CommandText = @"INSERT INTO CreditCards (UserId, CreditCardN, ExpirationDate, Owner, SecCode) VALUES(@userId, @card, @exp, @own, @code)"; //set the parameters comm.Parameters.Add("@userId", SqlDbType.Int); comm.Parameters.Add("@card", SqlDbType.Char); comm.Parameters.Add("@exp", SqlDbType.Char); comm.Parameters.Add("@own", SqlDbType.VarChar); comm.Parameters.Add("@code", SqlDbType.Char); comm.Parameters["@userId"].Value = Session["userId"]; comm.Parameters["@card"].Value = cardn.Value; comm.Parameters["@exp"].Value = expDate; comm.Parameters["@own"].Value = owner.Value; comm.Parameters["@code"].Value = code.Value; //execute the query to insert the credit card comm.ExecuteNonQuery(); //close connection conn.Close(); //refresh the page Response.Redirect(Request.RawUrl); }