protected void Page_Load(object sender, EventArgs e)
{
StatusCheck.loginStatusCheck(Session, Response, "admin");
List <String[]> teacherList = new List <string[]>();
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
string sql = "SELECT id,username,fullname,password,email,is_activated FROM dotnetexp.dbo.student WHERE is_deleted=0";
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
DataSet dataSet = new DataSet();
adapter.Fill(dataSet, "student");
showStudentList.DataSource = dataSet.Tables[0];
showStudentList.DataBind();
connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
sql = "SELECT id,username,fullname,password,email,is_activated FROM dotnetexp.dbo.teacher WHERE is_deleted=0";
adapter = new SqlDataAdapter(sql, connection);
dataSet = new DataSet();
adapter.Fill(dataSet, "teacher");
for (int i = 0; i < dataSet.Tables[0].Rows.Count; i++)
{
string[] teacherRow = new string[dataSet.Tables[0].Rows[i].ItemArray.Length];
for (int j = 0; j < dataSet.Tables[0].Rows[i].ItemArray.Length; j++)
{
teacherRow[j] = (dataSet.Tables[0].Rows[i].ItemArray[j].ToString());
}
teacherList.Add(teacherRow);
}
Session["teacherList"] = teacherList;
}
protected void Page_Load(object sender, EventArgs e)
{
StatusCheck.loginStatusCheck(Session, Response, "student");
if (Request.Files.Count > 0)
{
try
{
HttpPostedFile file = Request.Files[0];
string filePath = Server.MapPath("../upload/student/" + file.FileName);
file.SaveAs(filePath);
Response.Write("{\"msg\":\"Success\",\"data\":\"" + file.FileName + "\"}");
}
catch
{
Response.Write("{\"msg\":\"Error when saving the upload file\"}");
}
}
else
{
Response.Write("{\"msg\":\"Error: No files uploaded\"}");
}
}
protected void Page_Load(object sender, EventArgs e)
{
StatusCheck.loginStatusCheck(Session, Response, "admin");
if (Request["Request_Method"] == "POST")
{
if (Request["username"] == "")
{
ClientScript.RegisterStartupScript(GetType(), "教工号为空", "<script language='javascript'>alert('对不起,您输入的教工号为空,请重新输入!')</script>");
}
else if (Request["fullname"] == "")
{
ClientScript.RegisterStartupScript(GetType(), "姓名为空", "<script language='javascript'>alert('对不起,您输入的姓名为空,请重新输入!')</script>");
}
else if (!Request["password"].Equals(Request["password2"]))
{
ClientScript.RegisterStartupScript(GetType(), "密码不一致", "<script language='javascript'>alert('对不起,您输入的密码不一致,请重新输入!')</script>");
}
else if (!Request["type"].Equals("teacher") && !Request["type"].Equals("student"))
{
ClientScript.RegisterStartupScript(GetType(), "用户类型错误", "<script language='javascript'>alert('对不起,您输入的用户类型错误,请重新输入!')</script>");
}
else
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
String username = Request["username"];
String type = Request["type"];
string sql = "select * from dotnetexp.dbo." + type + " where username='******';";
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
DataSet dataSet = new DataSet();
adapter.Fill(dataSet, "teacher");
if (dataSet.Tables[0].Rows.Count > 0)
{
ClientScript.RegisterStartupScript(GetType(), "教工号已存在", "<script language='javascript'>alert('对不起,您输入的教工号已存在,请重新输入!')</script>");
return;
}
String fullname = Request["fullname"];
String password = Request["password"];
if (password == "")
{
password = "******";
}
String email = Request["email"];
List <String[]> teacherList = new List <string[]>();
sql = "INSERT INTO dotnetexp.dbo." + type + "(username, fullname, password, email, is_deleted, is_activated) VALUES('" + username + "','" + fullname + "','" + password + "','" + email + "', 0 , 0);";
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
SqlCommand cmd = new SqlCommand(sql, connection);
object obj = cmd.ExecuteNonQuery();
if (obj != null)
{
//Success
}
else
{
//Fail
}
Response.Redirect("accountAdmin.aspx");
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
StatusCheck.loginStatusCheck(Session, Response, "admin");
if (Request["Request_Method"] == "POST")
{
if (Request["id"] != null && (Request["type"].Equals("teacher") || Request["type"].Equals("student")) &&
(Request["delete"] == null || !Request["delete"].Equals("1")) &&
(Request["reset"] == null || !Request["reset"].Equals("1")))
{
if (Request["username"] == "")
{
ClientScript.RegisterStartupScript(GetType(), "教工号为空", "<script language='javascript'>alert('对不起,您输入的教工号为空,请重新输入!')</script>");
}
else if (Request["fullname"] == "")
{
ClientScript.RegisterStartupScript(GetType(), "姓名为空", "<script language='javascript'>alert('对不起,您输入的姓名为空,请重新输入!')</script>");
}
else if (!Request["password"].Equals(Request["password2"]))
{
ClientScript.RegisterStartupScript(GetType(), "密码不一致", "<script language='javascript'>alert('对不起,您输入的密码不一致,请重新输入!')</script>");
}
else
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
string username = Request["username"];
string fullname = Request["fullname"];
string password = Request["password"];
string email = Request["email"];
string type = Request["type"];
string sql = "SELECT * FROM dotnetexp.dbo." + type + " WHERE username='******' AND id!=" + Request["id"] + ";";
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
DataSet dataSet = new DataSet();
adapter.Fill(dataSet, "teacher");
if (dataSet.Tables[0].Rows.Count > 0)
{
ClientScript.RegisterStartupScript(GetType(), "教工号已存在", "<script language='javascript'>alert('对不起,您修改的教工号已存在,请重新输入!')</script>");
}
else
{
sql = "UPDATE dotnetexp.dbo." + type + " SET username='******', fullname='" + fullname + "', password='******',email='" + email + "' WHERE is_deleted=0 AND id=" + Request["id"] + ";";
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
SqlCommand cmd = new SqlCommand(sql, connection);
object obj = cmd.ExecuteNonQuery();
if (obj != null)
{
//Success
}
else
{
//Fail
}
Response.Redirect("accountAdmin.aspx");
}
}
}
}
else if (Request["id"] != null && (Request["type"].Equals("teacher") || Request["type"].Equals("student")) && Request["delete"] == "1")
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
string type = Request["type"];
string sql = "select * from dotnetexp.dbo." + type + " where id='" + Request["id"] + "';";
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
DataSet dataSet = new DataSet();
adapter.Fill(dataSet, "teacher");
if (dataSet.Tables[0].Rows.Count == 0)
{
ClientScript.RegisterStartupScript(GetType(), "用户不存在", "<script language='javascript'>alert('对不起,用户不存在!')</script>");
return;
}
sql = "UPDATE dotnetexp.dbo." + type + " SET is_deleted=1 WHERE id=" + Request["id"];
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
SqlCommand cmd = new SqlCommand(sql, connection);
object obj = cmd.ExecuteNonQuery();
if (obj != null)
{
//Success
}
else
{
//Fail
}
Response.Redirect("accountAdmin.aspx");
}
else if (Request["id"] != null && (Request["type"].Equals("teacher") || Request["type"].Equals("student")) && Request["reset"] == "1")
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
string type = Request["type"];
string sql = "select * from dotnetexp.dbo." + type + " where id='" + Request["id"] + "';";
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
DataSet dataSet = new DataSet();
adapter.Fill(dataSet, "user");
if (dataSet.Tables[0].Rows.Count == 0)
{
ClientScript.RegisterStartupScript(GetType(), "用户不存在", "<script language='javascript'>alert('对不起,用户不存在!')</script>");
return;
}
sql = "UPDATE dotnetexp.dbo." + type + " SET password='******', is_activated=0 WHERE id=" + Request["id"];
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
SqlCommand cmd = new SqlCommand(sql, connection);
object obj = cmd.ExecuteNonQuery();
if (obj != null)
{
//Success
}
else
{
//Fail
}
Response.Redirect("accountAdmin.aspx");
}
else if (Request["Request_Method"] == "GET" && Request["id"] != null && (Request["type"].Equals("teacher") || Request["type"].Equals("student")))
{
string type = Request["type"];
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
string sql = "SELECT username,fullname,password,email FROM dotnetexp.dbo." + type + " WHERE is_deleted=0 AND id=" + Request["id"];
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
DataSet dataSet = new DataSet();
adapter.Fill(dataSet, "user");
Session["id"] = Request["id"];
Session["username"] = dataSet.Tables[0].Rows[0].ItemArray[0].ToString();
Session["fullname"] = dataSet.Tables[0].Rows[0].ItemArray[1].ToString();
Session["password"] = dataSet.Tables[0].Rows[0].ItemArray[2].ToString();
Session["email"] = dataSet.Tables[0].Rows[0].ItemArray[3].ToString();
}
}
protected void Page_Load(object sender, EventArgs e)
{
StatusCheck.loginStatusCheck(Session, Response, "user");
if (Request["Request_Method"] == "POST")
{
if (Request["username"] == "")
{
ClientScript.RegisterStartupScript(GetType(), "教工号为空", "<script language='javascript'>alert('对不起,您输入的教工号为空,请重新输入!')</script>");
}
else if (Request["fullname"] == "")
{
ClientScript.RegisterStartupScript(GetType(), "姓名为空", "<script language='javascript'>alert('对不起,您输入的姓名为空,请重新输入!')</script>");
}
else if (!Request["password"].Equals(Request["password2"]))
{
ClientScript.RegisterStartupScript(GetType(), "密码不一致", "<script language='javascript'>alert('对不起,您输入的密码不一致,请重新输入!')</script>");
}
else
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
string username = Request["username"];
string fullname = Request["fullname"];
string password = Request["password"];
string email = Request["email"];
string usertype = Session["cur_type"].ToString();
string sql = "UPDATE dotnetexp.dbo." + usertype + " SET fullname='" + fullname + "', password='******',email='" + email + "' WHERE is_deleted=0 AND id=" + Session["cur_id"] + ";";
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
SqlCommand cmd = new SqlCommand(sql, connection);
object obj = cmd.ExecuteNonQuery();
if (obj != null)
{
//Success
}
else
{
//Fail
}
if (usertype == "teacher")
{
Response.Redirect("teacher/dashboard.aspx");
}
else
{
Response.Redirect("student/dashboard.aspx");
}
}
}
else if (Request["Request_Method"] == "GET")
{
string type = Session["cur_type"].ToString();
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLServerConnection"].ToString());
string sql = "SELECT username,fullname,password,email FROM dotnetexp.dbo." + type + " WHERE is_deleted=0 AND id=" + Session["cur_id"];
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
DataSet dataSet = new DataSet();
adapter.Fill(dataSet, "user");
Session["id"] = Session["cur_id"];
Session["username"] = dataSet.Tables[0].Rows[0].ItemArray[0].ToString();
Session["fullname"] = dataSet.Tables[0].Rows[0].ItemArray[1].ToString();
Session["password"] = dataSet.Tables[0].Rows[0].ItemArray[2].ToString();
Session["email"] = dataSet.Tables[0].Rows[0].ItemArray[3].ToString();
}
}
