protected void cmdSubmit_Click(object sender, EventArgs e)
{
try
{
if (txtNewPassword.Text.Equals(txtConfirm.Text))
{
securityAgent = new CryptoProvider();
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamLoginID", securityAgent.decryptText(Request.QueryString["UID"].Replace(" ", "+")));
DBAgent.AddParameter("@ParamNewPassword", securityAgent.EncryptText(txtNewPassword.Text));
DBAgent.AddParameter("@ParamIsTempPassword", 0);
DBAgent.ExecuteNonQuery("dbo.spUpdatePassword");
Session["Username"] = securityAgent.decryptText(Request.QueryString["UN"].Replace(" ", "+"));
Session["LoginID"] = securityAgent.decryptText(Request.QueryString["UID"].Replace(" ", "+"));
Response.Redirect("Dashboard.aspx");
}
}
catch (Exception ex)
{
lblErr.Text = "There was a problem processing your request. Please contact IT.";
lblErr.Visible = true;
CommonHelpers.writeLogToFile("cmdSubmit_Click: ResetPassword.aspx.aspx", ex.Message);
}
}
protected void gvAssignedQuestionnaire_DataBinding(object sender, EventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamPatientID", Session["CurrentPatientID"]);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetPatientQuestionnaireList");
if (!String.IsNullOrEmpty(data))
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
gvAssignedQuestionnaire.DataSource = ds.Tables[0];
}
else
{
}
GetQuestionnaireList();
}
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("gvAssignedQuestionnaire_DataBinding: PatientList.aspx", ex.Message);
}
}
protected void UserGridView_RowDeleting(object sender, DevExpress.Web.Data.ASPxDataDeletingEventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamLoginID", e.Keys[0]);
DBAgent.AddParameter("@ParamUpdatedBy", Session["LoginID"]);
DBAgent.ExecuteNonQuery("dbo.spDeleteUser");
e.Cancel = true;
UserGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("UserGridView_RowDeleting: UserManagement.aspx", ex.Message);
}
}
protected void PatientDetailsPanel_Callback(object sender, CallbackEventArgsBase e)
{
try
{
gvAssignedQuestionnaire.Enabled = true;
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamPatientID", e.Parameter);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetPatientDetails");
if (!String.IsNullOrEmpty(data))
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
txtPatientAccount.Text = ds.Tables[0].Rows[0]["PatientAccountNumber"].ToString();
txtPatientName.Text = ds.Tables[0].Rows[0]["PatientFullName"].ToString();
Session["CurrentPatientID"] = e.Parameter;
gvAssignedQuestionnaire.DataBind();
gvQuestionnaireHistory.DataBind();
}
}
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("PatientDetailsPanel_Callback: PatientList.aspx", ex.Message);
}
}
protected void gvAssignedQuestionnaire_RowDeleting(object sender, DevExpress.Web.Data.ASPxDataDeletingEventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamPQID", e.Keys["PQID"]);
DBAgent.AddParameter("@ParamLoginID", Session["LoginID"]);
DBAgent.ExecuteNonQuery("dbo.spDeletePatientQuestionnaire");
e.Cancel = true;
gvAssignedQuestionnaire.CancelEdit();
gvAssignedQuestionnaire.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("gvAssignedQuestionnaire_RowDeleting: PatientList.aspx", ex.Message);
}
}
protected void PhysicianGridView_RowInserting(object sender, DevExpress.Web.Data.ASPxDataInsertingEventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamFirstName", e.NewValues["PhysicianFirstName"]);
DBAgent.AddParameter("@ParamLastName", e.NewValues["PhysicianLastName"]);
DBAgent.AddParameter("@ParamModifiedBy", Session["LoginID"]);
DBAgent.ExecuteNonQuery("dbo.spAddPhysician");
e.Cancel = true;
PhysicianGridView.CancelEdit();
PhysicianGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("PhysicianGridView_RowInserting: Physician.aspx", ex.Message);
}
}
protected void QuestionsGridView_RowDeleting(object sender, DevExpress.Web.Data.ASPxDataDeletingEventArgs e)
{
e.Cancel = true;
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamQuestionnaireID", cmbQuestionnaireList.SelectedItem.Value);
DBAgent.AddParameter("@ParamQID", e.Keys[0]);
DBAgent.AddParameter("@ParamLoginID", Session["LoginID"]);
DBAgent.ExecuteNonQuery("dbo.spDeleteQuestionForQuestionnaire");
QuestionsGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("QuestionsGridView_DataBinding: EditQuestionnaire.aspx", ex.Message);
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["LoginID"] != null)
{
DataAccessProvider DBAgent = null;
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamRefID", Session["LoginID"]);
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "LO");
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
Session.Clear();
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
Response.Redirect("Login.aspx");
}
protected void UserGridView_CustomButtonCallback(object sender, DevExpress.Web.ASPxGridViewCustomButtonCallbackEventArgs e)
{
try
{
securityAgent = new CryptoProvider();
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamLoginID", UserGridView.GetRowValues(e.VisibleIndex, "LoginID"));
DBAgent.AddParameter("@ParamNewPassword", securityAgent.GetTemporaryPassword());
DBAgent.AddParameter("@ParamIsTempPassword", 1);
DBAgent.AddParameter("@ParamComment", "Password reset by Admin");
DBAgent.ExecuteNonQuery("dbo.spUpdatePassword");
UserGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("UserGridView_CustomButtonCallback: UserManagement.aspx", ex.Message);
}
}
protected void gvAssignedQuestionnaire_RowInserting(object sender, DevExpress.Web.Data.ASPxDataInsertingEventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamPatientID", Session["CurrentPatientID"]);
DBAgent.AddParameter("@ParamQuestionnaireID", 0);
DBAgent.AddParameter("@ParamNewQuestionnaireID", e.NewValues["QuestionnaireName"]);
DBAgent.AddParameter("@ParamNewAssignedDate", e.NewValues["ScheduledDate"]);
DBAgent.AddParameter("@ParamAssignedBy", Session["LoginID"]);
DBAgent.ExecuteNonQuery("dbo.spAddEditPatientQuestionnaire");
e.Cancel = true;
gvAssignedQuestionnaire.CancelEdit();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("gvAssignedQuestionnaire_RowInserting: PatientList.aspx", ex.Message);
}
}
protected void ConfigGridView_RowUpdating(object sender, DevExpress.Web.Data.ASPxDataUpdatingEventArgs e)
{
try
{
e.Cancel = true;
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamQuestionnaireID", cmbQuestionnaireList.SelectedItem.Value);
DBAgent.AddParameter("@ParamConfigID", e.Keys[0]);
DBAgent.AddParameter("@ParamConfigMinValue", e.NewValues[1]);
DBAgent.AddParameter("@ParamConfigMaxValue", e.NewValues[2]);
DBAgent.ExecuteNonQuery("dbo.spEditQuestionnaireConfig");
ConfigGridView.CancelEdit();
ConfigGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("ConfigGridView_RowUpdating: EditQuestionnaire.aspx", ex.Message);
}
}
protected void cmdSave_Click(object sender, EventArgs e)
{
try
{
CryptoProvider securityAgent = new CryptoProvider();
int QuestionnaireID = 0;
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("ParamQuestionnaireName", txtQuestionnaireName.Value);
object o = DBAgent.ExecuteScalar("spAddEditQuestionnaire", ConfigurationManager.AppSettings["DBName"]);
if (o != null)
{
QuestionnaireID = int.Parse(o.ToString());
}
listDataSource = (BindingList <Record>)Session["ConfigurationValues"];
if (QuestionnaireID > 0)
{
foreach (Record r in listDataSource)
{
DBAgent.AddParameter("ParamQuestionnaireID", QuestionnaireID);
DBAgent.AddParameter("ParamConfigID", r.ConfigID);
DBAgent.AddParameter("ParamMinValue", r.MinValue);
DBAgent.AddParameter("ParamMaxValue", r.MaxValue);
DBAgent.ExecuteNonQuery("spAddQuestionnaireConfig", ConfigurationManager.AppSettings["DBName"]);
}
Session["ConfigurationValues"] = null;
Response.Redirect("EditQuestionnaire.aspx?QID=" + securityAgent.EncryptText(QuestionnaireID.ToString()));
}
}
catch (Exception ex)
{
lblErr.Text = "There was a problem processing your request. Please contact IT.";
lblErr.Visible = true;
CommonHelpers.writeLogToFile("cmdSave_Click: NewQuestionnaire.aspx", ex.Message);
}
}
protected void AnswersGridView_Init(object sender, EventArgs e)
{
ASPxGridView childGrid = sender as ASPxGridView;
object key = childGrid.GetMasterRowKeyValue();
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamQID", key);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetQuestionDetails");
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
childGrid.DataSource = ds.Tables[0];
}
}
protected void QuestionsGridView_DataBinding(object sender, EventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamQuestionnaireID", cmbQuestionnaireList.SelectedItem.Value);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetAllQuestionsForQuestionnaire");
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
QuestionsGridView.DataSource = ds.Tables[0];
}
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("QuestionsGridView_DataBinding: EditQuestionnaire.aspx", ex.Message);
}
}
protected void AnswerListGridView_RowInserting(object sender, DevExpress.Web.Data.ASPxDataInsertingEventArgs e)
{
try
{
e.Cancel = true;
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamAnswerText", e.NewValues[0]);
object o = DBAgent.ExecuteScalar("dbo.spAddAnswer");
if (o != null)
{
ViewState["NewAnswerID"] = o;
}
AnswerListGridView.CancelEdit();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("AnswerListGridView_RowInserting: EditQuestionnaire.aspx", ex.Message);
}
}
private void GetPhysicianList()
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamShowDeleted", 1);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetallPhysicians");
if (!String.IsNullOrEmpty(data))
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
Session["PhysicianDS"] = ds.Tables[0];
}
}
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("GetPhysicianList: PatientList.aspx", ex.Message);
}
}
protected void PatientListGridView_RowInserting(object sender, DevExpress.Web.Data.ASPxDataInsertingEventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamPatientID", 0);
DBAgent.AddParameter("@ParamFirstName", e.NewValues["PatientFirstName"]);
DBAgent.AddParameter("@ParamLastName", e.NewValues["PatientLastName"]);
DBAgent.AddParameter("@ParamAccount", e.NewValues["PatientAccountNumber"]);
DBAgent.AddParameter("@ParamDOB", e.NewValues["PatientDOB"]);
DBAgent.AddParameter("@ParamPrimaryPhysicianID", e.NewValues["PhysicianName"]);
DBAgent.AddParameter("@ParamLoginID", Session["LoginID"]);
DBAgent.ExecuteNonQuery("spAddEditPatient");
e.Cancel = true;
PatientListGridView.CancelEdit();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("PatientListGridView_RowInserting: PatientList.aspx", ex.Message);
}
}
protected void cmdSaveQuestion_Click(object sender, EventArgs e)
{
try
{
int QuestionID = 0;
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamQuestionText", txtQuestion.Text);
object o = DBAgent.ExecuteScalar("dbo.spAddQuestion");
if (o != null)
{
QuestionID = int.Parse(o.ToString());
if (QuestionID > 0)
{
int AnswerSortOrder = 1;
foreach (ListEditItem li in lbSelectedAnswers.Items)
{
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamQuestionID", QuestionID);
DBAgent.AddParameter("@ParamAnswerID", li.Value);
DBAgent.AddParameter("@ParamAnswerSortOrder", AnswerSortOrder);
DBAgent.ExecuteNonQuery("dbo.spAddQuestionAnswerMapping");
AnswerSortOrder++;
}
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamQuestionnaireID", cmbQuestionnaireList.SelectedItem.Value);
DBAgent.AddParameter("@ParamQuestionID", QuestionID);
DBAgent.ExecuteNonQuery("dbo.spAddQuestionnaireQuestionMapping");
QuestionsGridView.DataBind();
RefreshForm();
}
}
QuestionsGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("cmdSaveQuestion_Click: EditQuestionnaire.aspx", ex.Message);
}
}
public IHttpActionResult PostPatientQuestionnaire([FromBody] PatientQuestionnaireRequest request)
{
PatientQuestionnaireResponse response = new PatientQuestionnaireResponse();
try
{
if (CommonHelpers.ValidateRequest(request.UserToken))
{
List <QuestionnaireDetails> QuestionnaireList = new List <QuestionnaireDetails>();
//Assigned Questionnaires
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamPatientID", request.PatientID);
DBAgent.AddParameter("@ParamHistoryList", 0);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetPatientQuestionnaireList");
if (data.Length > 0)
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
foreach (DataRow dr in ds.Tables[0].Rows)
{
QuestionnaireDetails qd = new QuestionnaireDetails(dr["QuestionnaireID"].ToString(), dr["QuestionnaireName"].ToString(), dr["ScheduledDate"].ToString(), dr["Score"].ToString(), dr["RiskCategory"].ToString(), dr["PQID"].ToString());
QuestionnaireList.Add(qd);
}
}
}
//Completed Questionnaires
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamPatientID", request.PatientID);
DBAgent.AddParameter("@ParamHistoryList", 1);
data = DBAgent.ExecuteStoredProcedure("dbo.spGetPatientQuestionnaireList");
if (data.Length > 0)
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
foreach (DataRow dr in ds.Tables[0].Rows)
{
QuestionnaireDetails qd = new QuestionnaireDetails(dr["QuestionnaireID"].ToString(), dr["QuestionnaireName"].ToString(), dr["ScheduledDate"].ToString(), dr["Score"].ToString(), dr["RiskCategory"].ToString(), dr["PQID"].ToString());
QuestionnaireList.Add(qd);
}
}
}
if (QuestionnaireList.Count == 0)
{
response.ErrorMessage = "No Data";
}
else
{
response.QuestionnaireList = QuestionnaireList;
}
}
else
{
response.ErrorMessage = "Invalid Request";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", request.PatientID);
DBAgent.AddParameter("@ParamRefType", "PatientID");
DBAgent.AddParameter("@ParamAction", "IR");
DBAgent.AddParameter("@ParamComment", "Invalid Request from Mobile App - PatientQuestionnaire - " + request.UserToken);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
catch (Exception ex)
{
response.ErrorMessage = ex.StackTrace;
CommonHelpers.writeLogToFile("API: PostPatientQuestionnaire - PatientQuestionnaireController.cs", ex.Message + Environment.NewLine + ex.StackTrace);
}
return(Ok(response));
}
public PatientListResponse PostPatientList([FromBody] PatientListRequest request)
{
PatientListResponse response = new PatientListResponse();
try
{
if (CommonHelpers.ValidateRequest(request.UserToken))
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
if (!String.IsNullOrEmpty(request.AccountNumber))
{
DBAgent.AddParameter("@ParamAccountNumber", request.AccountNumber);
}
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetPatientListByAccount");
if (data.Length > 0)
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
DataTable dTable = ds.Tables[0];
//response.PatientListDataTable = dTable;
ArrayList PatientList = new ArrayList();
List <PatientDetails> PatientDetailsList = new List <PatientDetails>();
foreach (DataRow dr in dTable.Rows)
{
string PatientNameRow = String.Format("{0}, {1} ({2} - {3})", dr["PatientLastName"], dr["PatientFirstName"], dr["PatientAccountNumber"], dr["PatientDOB"]);
PatientList.Add(String.Format("{0}, {1} ({2} - {3})", dr["PatientLastName"], dr["PatientFirstName"], dr["PatientAccountNumber"], dr["PatientDOB"]));
PatientDetailsList.Add(new PatientDetails(PatientNameRow, dr["PatientID"].ToString()));
}
response.PatientList = PatientList;
response.PatientDetailsList = PatientDetailsList;
}
else
{
response.ErrorMessage = "No Data";
}
}
else
{
response.ErrorMessage = "No Data";
}
}
else
{
response.ErrorMessage = "Invalid Request";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", request.LoginID);
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "IR");
DBAgent.AddParameter("@ParamComment", "Invalid Requestv from Mobile App - PatientListController - " + request.UserToken);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
catch (Exception ex)
{
response.ErrorMessage = ex.Message;
CommonHelpers.writeLogToFile("API: PostPatientList - PatientListController.cs", ex.Message + Environment.NewLine + ex.StackTrace);
}
return(response);
}
public IHttpActionResult PostQuestionnaireQuestions([FromBody] QuestionnaireQuestionsRequest request)
{
QuestionaireQuestionResponse response = new QuestionaireQuestionResponse();
try
{
if (CommonHelpers.ValidateRequest(request.UserToken))
{
List <QuestionDetail> QuestionAnswerList = new List <QuestionDetail>();
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamQuestionnaireID", request.QuestionnaireID);
DBAgent.AddParameter("@ParamPQID", request.PQID);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetAllQuestionAnswersForQuestionnaire");
if (data.Length > 0)
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
int CurrentQuestionID = 0;
QuestionDetail qd = null;
foreach (DataRow dr in ds.Tables[0].Rows)
{
if (CurrentQuestionID != int.Parse(dr["QuestionID"].ToString()))
{
if (qd != null)
{
//Save Previous Question
QuestionAnswerList.Add(qd);
}
//New Question
qd = new QuestionDetail();
qd.QuestionText = dr["QuestionText"].ToString();
qd.QuestionID = dr["QuestionID"].ToString();
CurrentQuestionID = int.Parse(dr["QuestionID"].ToString());
}
AnswerDetail ans = new AnswerDetail();
ans.AnswerID = dr["AnswerID"].ToString();
ans.AnswerText = dr["AnswerText"].ToString();
ans.SelectedAnswer = bool.Parse(dr["SelectedAnswer"].ToString());
ans.AnswerPoints = int.Parse(dr["AnswerPoints"].ToString());
qd.QuestionAnswers.Add(ans);
}
QuestionAnswerList.Add(qd); //Adding last Question
response.QuestionAnswerList = QuestionAnswerList;
}
}
else
{
response.ErrorMessage = "No Data";
}
}
else
{
response.ErrorMessage = "Invalid Request";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", request.PQID);
DBAgent.AddParameter("@ParamRefType", "PQID");
DBAgent.AddParameter("@ParamAction", "IR");
DBAgent.AddParameter("@ParamComment", "Invalid Request from Mobile App - QuestionnaireQuestionsController - " + request.UserToken);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
catch (Exception ex)
{
response.ErrorMessage = ex.Message;
CommonHelpers.writeLogToFile("API: PostQuestionnaireQuestions - QuestionnaireQuestionsController.cs", ex.Message + Environment.NewLine + ex.StackTrace);
}
return(Ok(response));
}
public IHttpActionResult PostPatientVerificaiton([FromBody] PatientVerifiactionRequest request)
{
PatientVerificationResponse response = new PatientVerificationResponse();
try
{
if (CommonHelpers.ValidateRequest(request.UserToken))
{
if (!request.LogVerificaiton)
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamPatientID", request.PatientID);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetPatientDetails");
if (data.Length > 0)
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
DataRow dr = ds.Tables[0].Rows[0];
response.PatientFirstName = dr["PatientFirstName"].ToString();
response.PatientLastName = dr["PatientLastName"].ToString();
response.DOB = dr["FormattedDOB"].ToString();
response.MaskedName = dr["MaskedName"].ToString();
response.PhysicianName = dr["PhysicianName"].ToString();
response.AccountNumber = dr["PatientAccountNumber"].ToString();
}
else
{
response.ErrorMessage = "No Data";
}
}
else
{
response.ErrorMessage = "No Data";
}
}
else
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", request.PatientID);
DBAgent.AddParameter("@ParamRefType", "PatientInfo");
DBAgent.AddParameter("@ParamAction", "VR");
DBAgent.AddParameter("@ParamComment", "Patient Verificaiton from Mobile App");
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
else
{
response.ErrorMessage = "Invalid Request";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", request.PatientID);
DBAgent.AddParameter("@ParamRefType", "PatientID");
DBAgent.AddParameter("@ParamAction", "IR");
DBAgent.AddParameter("@ParamComment", "Invalid Request from Mobile App - PatientVerification - " + request.UserToken);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
catch (Exception ex)
{
response.ErrorMessage = ex.Message;
CommonHelpers.writeLogToFile("API: PostPatientVerificaiton - PatientVerificaitonController.cs", ex.Message + Environment.NewLine + ex.StackTrace);
}
return(Ok(response));
}
public IHttpActionResult PostSaveQuestionnaire([FromBody] SaveQuestionnaireRequest request)
{
SaveQuestionnaireResponse response = new SaveQuestionnaireResponse();
try
{
if (CommonHelpers.ValidateRequest(request.UserToken))
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
List <QuestionDetail> QuestionAnswerList = request.QuestionAnswerList;
int Score = 0;
foreach (QuestionDetail Qn in QuestionAnswerList)
{
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamPQID", request.PatientQuestionnaireID);
DBAgent.AddParameter("@ParamQuestionID", Qn.QuestionID);
int Points = 0;
foreach (AnswerDetail An in Qn.QuestionAnswers)
{
if (An.SelectedAnswer)
{
Points = An.AnswerPoints;
DBAgent.AddParameter("@ParamAnswerID", An.AnswerID);
break;
}
}
Score += Points;
//Save Answer one by one
DBAgent.ExecuteNonQuery("dbo.spAddPatientResponse");
}
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamPQID", request.PatientQuestionnaireID);
DBAgent.AddParameter("@ParamStartDate", request.QuestionnaireStartDate);
DBAgent.AddParameter("@ParamScore", Score);
DBAgent.ExecuteNonQuery("dbo.spUpdatePatientQuestionnare");
response.SaveStatus = true;
}
else
{
response.ErrorMessage = "Invalid Request";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", request.PatientQuestionnaireID);
DBAgent.AddParameter("@ParamRefType", "PQID");
DBAgent.AddParameter("@ParamAction", "IR");
DBAgent.AddParameter("@ParamComment", "Invalid Request from Mobile App - SaveQuestionnaire - " + request.UserToken);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
catch (Exception ex)
{
response.ErrorMessage = ex.Message;
response.SaveStatus = false;
CommonHelpers.writeLogToFile("API: PostSaveQuestionnaire - SaveQuestionnaireController.cs", ex.Message + Environment.NewLine + ex.StackTrace);
}
return(Ok(response));
}
protected void cmdLogin_Click(object sender, EventArgs e)
{
try
{
lblErr.Text = "";
bool ValidUser = false;
bool TempPassword = false;
securityAgent = new CryptoProvider();
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamUserName", txtUserName.Value);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetUserDetails");
if (string.IsNullOrEmpty(data))
{
ValidUser = false;
lblErr.Text = "Invalid Username/Password conbination. Please try again";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamRefID", 0);
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "FL");
DBAgent.AddParameter("@ParamComment", "Login Failed - " + txtUserName.Value);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
else
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
DataRow dRow = ds.Tables[0].Rows[0];
string upassword = "";
if ((bool.Parse(dRow["IsTempPassword"].ToString())))
{
upassword = dRow["Password"].ToString();
TempPassword = true;
}
else
{
TempPassword = false;
string test = securityAgent.EncryptText("ClarityApp");
upassword = securityAgent.decryptText(dRow["Password"].ToString().Replace(" ", "+"));
}
if (upassword.Equals(txtPassword.Value))
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamRefID", dRow["LoginID"].ToString());
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "LI");
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
ValidUser = true;
Session["FullName"] = String.Format("{0}, {1}", dRow["LastName"], dRow["FirstName"]);
if (!TempPassword)
{
Session["LoginID"] = dRow["LoginID"].ToString();
Session["UserName"] = dRow["Username"].ToString();
Response.Redirect("Dashboard.aspx", true);
}
else
{
Response.Redirect(String.Format("ResetPassword.aspx?UN={0}&UID={1}", securityAgent.EncryptText(txtUserName.Text), securityAgent.EncryptText(dRow["LoginID"].ToString())), true);
}
}
else
{
ValidUser = false;
lblErr.Text = "Invalid Username/Password conbination. Please try again";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamRefID", 0);
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "FL");
DBAgent.AddParameter("@ParamComment", "Login Failed - " + txtUserName.Value);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
}
}
catch (Exception ex)
{
lblErr.Text = "There was a problem processing your request. Please contact IT.";
lblErr.Visible = true;
CommonHelpers.writeLogToFile("cmdLogin_Click: Login.aspx", ex.Message);
}
}
public IHttpActionResult PostStaffLogin([FromBody] StaffAuthenticationRequest request)
{
StaffAuthenticationResponse response = new StaffAuthenticationResponse();
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamUserName", request.UserName);
string data = DBAgent.ExecuteStoredProcedure("dbo.spGetUserDetails");
if (string.IsNullOrEmpty(data))
{
response.ErrorMessage = "Invalid Username/Password conbination. Please try again";
response.IsAuthenticated = false;
response.LoginID = -1;
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", 0);
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "FL");
DBAgent.AddParameter("@ParamComment", "Login Failed from Mobile App- " + request.UserName);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
else
{
DataSet ds = CommonHelpers.GetDataSetFromXml(data);
if (ds.Tables.Count > 0)
{
securityAgent = new CryptoProvider();
DataRow dRow = ds.Tables[0].Rows[0];
string upassword = securityAgent.decryptText(dRow["Password"].ToString().Replace(" ", "+"));
if (upassword.Equals(request.Password))
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", dRow["LoginID"].ToString());
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "LI");
DBAgent.AddParameter("@ParamComment", "Successful Login from Mobile App- " + request.UserName);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
response.IsAuthenticated = true;
response.UserFirstName = dRow["FirstName"].ToString();
response.UserLastName = dRow["LastName"].ToString();
response.UserToken = ConfigurationManager.AppSettings["UserToken"];
}
else
{
response.IsAuthenticated = false;
response.ErrorMessage = "Invalid Username/Password conbination. Please try again";
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.ClearParams();
DBAgent.AddParameter("@ParamRefID", 0);
DBAgent.AddParameter("@ParamRefType", "Users");
DBAgent.AddParameter("@ParamAction", "FL");
DBAgent.AddParameter("@ParamComment", "Login Failed from Mobile App- " + request.UserName);
DBAgent.ExecuteNonQuery("dbo.spAddUserAction");
}
}
}
}
catch (Exception ex)
{
response.ErrorMessage = ex.Message;
response.IsAuthenticated = false;
CommonHelpers.writeLogToFile("API: PostStaffLogin - StaffLoginController.cs", ex.Message + Environment.NewLine + ex.StackTrace);
}
return(Ok(response));
}