protected void cmdLogin_Click(object sender, EventArgs e) { connect = new DatabaseConector(); SqlCommand cmd = connect.getCommand(); cmd.CommandText = "SELECT User_Password FROM Users WHERE User_UserName = '******';"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); if (reader.HasRows) { reader.Read(); string pass = (string)reader["User_Password"]; string hashed = txtPassword.Text; //hash.hash(txtPassword.Text); //not hashing as the data is corrupted in the process of sending the hashed string to the database if (hashed.Equals(pass)) { Session["Logged"] = true; Session["UserID"] = txtUserName.Text; Session["Admin"] = Convert.ToBoolean(reader["User_AdminRight"]); Response.Redirect("Default.aspx"); } } connect.close(); }
public void ConnectToDatabaseTest() { DatabaseConector d = new DatabaseConector(); d.ConnectToDatabase(); d.DisconectFromDatabase(); }
protected void cmdAdd_Click(object sender, EventArgs e) { connect = new DatabaseConector(); SqlCommand cmd = connect.getCommand(); cmd.CommandText = "SELECT * FROM Users WHERE User_UserName = '******';"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); if (!reader.HasRows){ connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); string cmdText = "INSERT INTO Users VALUES('" + txtUserName.Text + "', '" + txtEmail.Text + "', '" + hash.hash(txtPassword.Text) + "', '" + txtFName.Text + "', '" + txtLName.Text + "', " + lstTitle.SelectedValue + ", '" + txtAdress.Text + "', " + txtAccount.Text + ", 'false');"; cmd.CommandText = cmdText; cmd.Connection.Open(); cmd.ExecuteNonQuery(); } connect.close(); }
protected void cmdRemove_Click(object sender, EventArgs e) { DatabaseConector connect = new DatabaseConector(); SqlCommand cmd = connect.getCommand(); cmd.CommandText = "UPDATE Product SET Prod_State=-1 WHERE Prod_ID=" + Convert.ToInt32(Request.QueryString["Prod_ID"]) +";"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); connect.close(); }
protected void btnCheckOut_Click(object sender, EventArgs e) { ArrayList prodList = new ArrayList(); ArrayList avaList = new ArrayList(); DatabaseConector connect = new DatabaseConector(); SqlCommand cmd = connect.getCommand(); cmd.CommandText = "SELECT * FROM Cart WHERE User_UserName='******';"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); if (reader.HasRows) while (reader.Read()) { prodList.Add(reader["Prod_ID"]); } connect.close(); foreach (object o in prodList) { int i = Convert.ToInt32(o); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "SELECT * FROM Product WHERE Prod_ID=" + i + ";"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if (reader.HasRows) if (Convert.ToInt32(reader["Prod_State"]) == 0) { avaList.Add(i); } connect.close(); } foreach (object o in avaList) { int i = Convert.ToInt32(o); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "UPDATE Product SET Prod_State=1 WHERE Prod_ID=" + i + ";"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); connect.close(); } Session.Abandon(); }
protected void cmdLogin_Click(object sender, EventArgs e) { connect = new DatabaseConector(); SqlCommand cmd = connect.getCommand(); cmd.CommandText = "SELECT User_Password FROM Users WHERE User_UserName = '******';"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); if (reader.HasRows) { reader.Read(); string pass = (string)reader["User_Password"]; string hashed = hash.hash(txtPassword.Text); if (hashed.Equals(pass)) { Session.Add("LoggedIn", true); Response.Redirect("Default.aspx"); } } }
protected void cmdAdd_Click(object sender, EventArgs e) { int pID = -1; int dID = 0; string totDesc = txtDescription.Text; string fn = ""; string desc = totDesc.Substring(0, totDesc.IndexOf("\r\n")); totDesc = totDesc.Substring(totDesc.IndexOf("\n") + 1); if((imFile.PostedFile != null) && (imFile.PostedFile.ContentLength > 0)) { fn = System.IO.Path.GetFileName(imFile.PostedFile.FileName); string saveLoc = ".\\CarImages\\" + fn; try { imFile.PostedFile.SaveAs(saveLoc); } catch { // } } DatabaseConector connect = new DatabaseConector(); SqlCommand cmd = connect.getCommand(); cmd.CommandText = "SELECT COUNT(*) FROM Product AS Count;"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); if(reader.HasRows) { reader.Read(); pID = Convert.ToInt32(reader[0]); pID++; } connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "INSERT INTO Product VALUES (" + pID + ", '" + txtName.Text + "', '" + txtMake.Text + "', '" + txtModle.Text + "', '" + txtColour.Text + "', '" + desc + "', '" + fn + "', " + txtPrice.Text + ", 0, '" + Convert.ToString(Session["UserID"]) + "');"; cmd.Connection.Open(); if(pID != -1) cmd.ExecuteNonQuery(); connect.close(); int index = totDesc.IndexOf("\n"); while (index > 0) { desc = totDesc.Substring(0, totDesc.IndexOf("\r\n")); totDesc = totDesc.Substring(totDesc.IndexOf("\n") + 1); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "SELECT COUNT(*) FROM Description;"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if (reader.HasRows) { reader.Read(); dID = Convert.ToInt32(reader[0]) + 1; } connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "INSERT INTO Description VALUES(" + dID + ", 'false', '" + desc + "', " + pID + ");"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); connect.close(); index = totDesc.IndexOf("\n"); } }
protected void Page_Load(object sender, EventArgs e) { string descrip = ""; SqlConnection DisplayTable = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename='|DataDirectory|\\NovaDB.mdf';Integrated Security=True;User Instance=True"); int selected = Convert.ToInt32(Request.QueryString["Prod_ID"]); connection = new DatabaseConector(); SqlCommand cmd = connection.getCommand(); cmd.CommandText = "SELECT * FROM Product WHERE Prod_ID = " + selected + ";"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); if (reader.HasRows) { reader.Read(); descrip = Convert.ToString (reader["Prod_Description"]); tablecontent += "<image src = 'CarImages/" + reader["Prod_Image"] + "' alt='" + reader["Prod_Name"] + "' height='400' width='600'/>"; literal2.Text = tablecontent; tablecontent = "<table><tr><th>Name :</th><td>" + reader["Prod_Name"] + "</td></tr><tr><th>Make :</th><td>" + reader["Prod_Make"] + "</td></tr><tr><th>Model :</th><td>" + reader["Prod_Modle"] + "</td></tr><tr><th>Colour :</th><td>" + reader["Prod_Colour"] + "</td></tr><tr><th>Price :</th><td>" + reader["Prod_Price"] + "</td></tr></table>"; literal3.Text = tablecontent; } else { Response.Redirect("Default.aspx"); } connection.close(); tablecontent = ""; connection = new DatabaseConector(); cmd = connection.getCommand(); cmd.CommandText = "SELECT * FROM Description where Prod_ID = " + selected + " ORDER BY Desc_Image DESC;"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if (reader.HasRows) { int count = 1; bool imFlag = true; tablecontent += "<tr>"; while (reader.Read()) { count++; if (Convert.ToBoolean(reader["Desc_Image"])) { tablecontent += "<td><image src = 'CarImages/" + reader["Desc_Value"] + "' alt='" + reader["Desc_Value"] + "' height='200' width='270'/></td>"; imFlag = true; } else { if (imFlag) { tablecontent += "</tr><tr>"; count = 1; imFlag = false; } tablecontent += "<td>" + reader["Desc_Value"] + "</td>"; } if (count % 3 == 0) { tablecontent += "</tr><tr>"; } } tablecontent += "</tr>"; literal1.Text = tablecontent; } connection.close(); }
protected void Page_Load(object sender, EventArgs e) { string strTable = ""; int selected = Convert.ToInt32(Request.QueryString["Prod_ID"]); ArrayList cartList = new ArrayList(); ArrayList myList = new ArrayList(); connect = new DatabaseConector(); SqlCommand cmd = connect.getCommand(); cmd.CommandText = "SELECT * FROM Product WHERE Prod_ID=" + selected + ";"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); if (reader.HasRows && Convert.ToBoolean(Session["Logged"])) { reader.Read(); double pPrice = Convert.ToDouble(reader["Prod_Price"]); if (Convert.ToInt32(reader["Prod_state"]) == 0) { connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "SELECT COUNT(*) FROM Cart AS Count;"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if (reader.HasRows) { reader.Read(); int cID = Convert.ToInt32(reader[0]); connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "INSERT INTO Cart VALUES (" + cID + ", " + pPrice + ", '" + Session["UserID"] + "', " + selected + ");"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); } } } connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "SELECT * FROM Cart WHERE User_Username='******';"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if(reader.HasRows) { while(reader.Read()) cartList.Add(reader["Prod_ID"]); } connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "SELECT * FROM Product WHERE User_Username='******';"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if (reader.HasRows) { while (reader.Read()) myList.Add(reader["Prod_ID"]); } connect.close(); connect = new DatabaseConector(); cmd = connect.getCommand(); cmd.CommandText = "SELECT * FROM Product"; cmd.Connection.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if (!reader.HasRows) { connect.close(); } else { while (reader.Read()) { if (Convert.ToInt32(reader["Prod_State"]) == 0) { strTable += "<tr><td><a href='Description.aspx?Prod_ID=" + reader["Prod_ID"] + "'>" + reader["Prod_Name"] + "</a></td>" + "<td><a href='Description.aspx?Prod_ID=" + reader["Prod_ID"] + "'><image src = 'CarImages/" + reader["Prod_Image"] + "' alt=" + reader["Prod_Name"] + "' height=60 width=80/></a></td>" + "<td>" + reader["Prod_Make"] + "</td>" + "<td>" + reader["Prod_Modle"] + "</td>" + "<td>" + reader["Prod_Colour"] + "</td>" + "<td>" + reader["Prod_Description"] + "</td>" + "<td>" + reader["Prod_Price"] + "</td>"; if (Convert.ToBoolean(Session["Logged"]) && !cartList.Contains(reader["Prod_ID"])) strTable += "<td><a href='Catalog.aspx?Prod_ID=" + reader["Prod_ID"] + "'><input type=button value='Interest!'></a></td>"; if (Convert.ToBoolean(Session["Logged"]) && (myList.Contains(reader["Prod_ID"]) || Convert.ToBoolean(Session["Admin"]))) strTable += "<td><a href='ProdEdit.aspx?Prod_ID=" + reader["Prod_ID"] + "'><input type=button value='Edit'></a></td>" + "<td><a href='ProdRemove.aspx?Prod_ID=" + reader["Prod_ID"] + "'><input type=button value='Remove'></a></td>"; strTable += "</tr>"; } } lit.Text = strTable; connect.close(); } }