public ActionResult DoLogin()
{
var username = Request.Form["username"];
var pass = Request.Form["pass"];
var sm = "";
var cmd = new SqlCommand();
cmd.CommandText = "getUser";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@username", SqlDbType.VarChar, 90).Value = username.ToString();
DataTable dt = new LHR.lib.DataAdapter().ExecPro(cmd);
if (dt.Rows.Count > 0)
{
DataRow dr = dt.NewRow();
dr = dt.Rows[0];
if (dr[7].ToString() == LHR.lib.CoreSecurity.getMd5Hash(pass))
{
Session["userid"] = dr[0].ToString();
Session["username"] = username;
Session["groupid"] = dr[8].ToString();
sm = "yes";
}
else
{
sm = "no";
}
}
else
{
sm = "no";
}
return(Content(sm));
}
public string insert(FormCollection form)
{
string sms = "";
var cmd = new SqlCommand();
cmd.CommandText = "INSERT INTO customer(customername,company,email,phone,customertypeid,address,description) VALUES(@name,@company,@email,@phone,@customertype,@address,@description)";
cmd.Parameters.AddWithValue("@name", form["name"].ToString());
cmd.Parameters.AddWithValue("@company", form["company"].ToString());
cmd.Parameters.AddWithValue("@email", form["email"].ToString());
cmd.Parameters.AddWithValue("@phone", form["phone"].ToString());
cmd.Parameters.AddWithValue("@customertype", form["customertype"].ToString());
cmd.Parameters.AddWithValue("@address", form["address"].ToString());
cmd.Parameters.AddWithValue("@description", form["description"].ToString());
var result = new DataAdapter().RunNonQuery(cmd);
if (result)
{
sms = "អតិថិជនថ្មីត្រូវបានបង្កើតដោយជោគជ័យ!";
}
else
{
sms = "មិនអាចបង្កើតអតិថិជនថ្មីបានទេ!";
}
return sms;
}
public string Insert(FormCollection form)
{
var sms = "";
var cmd = new SqlCommand();
cmd.CommandText = "INSERT INTO bankaccount(bankname,accountcode,address,phone,fax,contactname,internationalcode,bankcode,branchcode,description) VALUES(@name,@accountcode,@address,@phone,@fax,@contact,@intercode,@bankcode,@branchcode,@des)";
cmd.Parameters.AddWithValue("@name", form["name"].ToString());
cmd.Parameters.AddWithValue("@accountcode", form["accountcode"].ToString());
cmd.Parameters.AddWithValue("@address", form["address"].ToString());
cmd.Parameters.AddWithValue("@phone", form["phone"].ToString());
cmd.Parameters.AddWithValue("@fax", form["fax"].ToString());
cmd.Parameters.AddWithValue("@contact", form["contactname"].ToString());
cmd.Parameters.AddWithValue("@intercode", form["intercode"].ToString());
cmd.Parameters.AddWithValue("@bankcode", form["bankcode"].ToString());
cmd.Parameters.AddWithValue("@branchcode", form["branchcode"].ToString());
cmd.Parameters.AddWithValue("@des", form["des"].ToString());
var result = new DataAdapter().RunNonQuery(cmd);
if (result)
{
sms = "ការបង្កើតគណនីធនាគារថ្មីត្រូវបានបង្កើតឡើងដោយេជោគេជ័យ។";
}else{
sms = "ការបង្កើតគណនីយថ្មីមិនត្រូវបានបង្កើតទេ។សូមព្យាយាមម្ដងទៀត។";
}
return sms;
}
public void DoUpdate(FormCollection form)
{
var cmd = new SqlCommand();
Byte[] password;
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
UTF8Encoding encoder = new UTF8Encoding();
password = md5Hasher.ComputeHash(encoder.GetBytes(form["old_pass"].ToString()));
string new_pass = Convert.ToBase64String(md5Hasher.ComputeHash(password));
if (form["old_pass"].ToString() == "")
{
cmd.CommandText = "UPDATE users SET firstname=@first,lastname=@last,gender=@sex,email=@email,phone=@phone,address=@address,position=@position,username=@username,description=@des WHERE userid=@id";
}
else {
cmd.CommandText = "UPDATE users SET firstname=@first,lastname=@last,gender=@sex,email=@email,phone=@phone,address=@address,position=@position,username=@username,password=@pass,description=@des WHERE userid=@id";
}
cmd.Parameters.AddWithValue("@first", form["firstname"].ToString());
cmd.Parameters.AddWithValue("@last", form["lastname"].ToString());
cmd.Parameters.AddWithValue("@sex", form["sex"].ToString());
cmd.Parameters.AddWithValue("@email", form["email"].ToString());
cmd.Parameters.AddWithValue("@phone", form["phone"].ToString());
cmd.Parameters.AddWithValue("@address", form["address"].ToString());
cmd.Parameters.AddWithValue("@position", form["position"].ToString());
cmd.Parameters.AddWithValue("@username", form["username"].ToString());
cmd.Parameters.AddWithValue("@des", form["description"].ToString());
cmd.Parameters.AddWithValue("@id", form["user_id"].ToString());
cmd.Parameters.AddWithValue("@pass",new_pass);
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/users");
}
//GEt: delete function
public void Delete(string id)
{
var cmd = new SqlCommand();
cmd.CommandText = "DELETE FROM bankaccount WHERE accountid=@id";
cmd.Parameters.AddWithValue("@id",id);
var deleted = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/bankaccount");
}
//GET: Delete data user
public void Delete(string id)
{
var cmd = new SqlCommand();
cmd.CommandText = "DELETE FROM users WHERE userid=@id";
cmd.Parameters.AddWithValue("@id",id);
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/users");
}
// delete a station by its id
public bool DeleteStationById(string Id)
{
var state = false;
var cmd = new SqlCommand();
cmd.CommandText = "deleteStation";
cmd.Parameters.AddWithValue("@Id", Id);
state = new DataAdapter().ExecNonPro(cmd);
return state;
}
//Method delete customer
public void Delete(int id)
{
string customer_id = Convert.ToString(id);
var cmd = new SqlCommand();
cmd.CommandText = "DELETE FROM customer WHERE customerid=@id";
cmd.Parameters.AddWithValue("@id",customer_id);
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/customer");
}
// delete a tu by its id
public void Delete()
{
string id = Request.QueryString["id"].ToString();
var cmd = new SqlCommand();
cmd.CommandText = "deleteTu";
cmd.Parameters.AddWithValue("@Id", id);
var result = new DataAdapter().ExecNonPro(cmd);
Response.Redirect("~/tu");
}
// insert a station
public bool InsertStation(string Name, string Description)
{
var state = false;
var cmd = new SqlCommand();
cmd.CommandText = "addStation";
cmd.Parameters.Add("@Name", SqlDbType.NVarChar, 255).Value = Name;
cmd.Parameters.Add("@Description", SqlDbType.NVarChar, 1024).Value = Description;
state = new DataAdapter().ExecNonPro(cmd);
return state;
}
// create a method to read all stations from table "station"
public DataTable GetAllStations()
{
// create command object to execute stored procedure
var cmd = new SqlCommand();
cmd.CommandText = "getStation";
DataTable stations = new DataAdapter().ExecPro(cmd);
// return result
return stations;
}
//GET: method do update data
public void DoUpdate(FormCollection form)
{
string id = form["id"].ToString();
var cmd = new SqlCommand();
cmd.CommandText = "UPDATE category SET categoryname=@name,description=@des WHERE categoryid=@id";
cmd.Parameters.AddWithValue("@name", form["categoryname"].ToString());
cmd.Parameters.AddWithValue("@des", form["description"].ToString());
cmd.Parameters.AddWithValue("@id",id);
var data = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/category");
}
// load update tu form
public ActionResult Update()
{
string id = Request.QueryString["id"].ToString();
var cmd = new SqlCommand();
cmd.CommandText = "getTuById";
cmd.Parameters.AddWithValue("@id", id);
var dt = new DataAdapter().ExecPro(cmd);
ViewBag.Tu = dt;
ViewBag.Stations = new Station().GetAllStations();
return View("UpdateTu");
}
public ActionResult Delete()
{
var userid = Request.Form["userid"].ToString();
var cmd = new SqlCommand();
cmd.CommandText = "delete from users where id=" + userid;
cmd.CommandType = CommandType.Text;
var i = new LHR.lib.DataAdapter().RunNonQuery(cmd);
return(Content(""));
}
public void DoUpdate(FormCollection form)
{
var cmd = new SqlCommand();
string satenid = form["saten_id"].ToString();
cmd.CommandText = "UPDATE saten SET satenname=@name,description=@des,stationid=@stationid WHERE satenid=@id";
cmd.Parameters.AddWithValue("@name", form["satenname"].ToString());
cmd.Parameters.AddWithValue("@des", form["description"].ToString());
cmd.Parameters.AddWithValue("@stationid", form["stationid"].ToString());
cmd.Parameters.AddWithValue("@id",satenid);
var data = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/saten");
}
public ActionResult Insert()
{
var sms = "";
var fname = Request.Form["firstname"].ToString();
var lname = Request.Form["lastname"].ToString();
var gender = Request.Form["gender"].ToString();
var email = Request.Form["email"].ToString();
var phone = Request.Form["phone"].ToString();
var groupid = Request.Form["groupid"].ToString();
var username = Request.Form["username"].ToString();
var password = Request.Form["password"].ToString();
// check if user name already exist or not
var cmd = new SqlCommand();
cmd.CommandText = "getUser";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@username", SqlDbType.VarChar, 90).Value = username;
DataTable dt = new LHR.lib.DataAdapter().ExecPro(cmd);
if (dt.Rows.Count > 0)
{
sms = "Username already exist! Try a new one.";
}
else
{
// insert user
var sql = "insert into users(firstname,lastname,gender,email,phone,username,[password],groupid) ";
sql += " values(@fname, @lname, @gender, @email, @phone, @username, @pass, @groupid)";
// prepares statement
var com = new SqlCommand();
com.CommandText = sql;
com.CommandType = CommandType.Text;
com.Parameters.Add("@fname", SqlDbType.VarChar, 50).Value = fname;
com.Parameters.Add("@lname", SqlDbType.VarChar, 50).Value = lname;
com.Parameters.Add("@gender", SqlDbType.VarChar, 50).Value = gender;
com.Parameters.Add("@email", SqlDbType.VarChar, 50).Value = email;
com.Parameters.Add("@phone", SqlDbType.VarChar, 50).Value = phone;
com.Parameters.Add("@username", SqlDbType.VarChar, 50).Value = username;
com.Parameters.Add("@pass", SqlDbType.VarChar, 50).Value = LHR.lib.CoreSecurity.getMd5Hash(password);
com.Parameters.Add("@groupid", SqlDbType.Int).Value = groupid;
var i = new LHR.lib.DataAdapter().RunNonQuery(com);
if (i)
{
sms = "Data has been saved!";
}
else
{
sms = "Cannot save data, check your input again!";
}
}
return(Content(sms));
}
public void DoUpdate(FormCollection form)
{
string name = form["name"].ToString();
string id = form["id"].ToString();
string des = form["des"].ToString();
var cmd = new SqlCommand();
cmd.CommandText = "UPDATE saletype SET typename=@name,description=@des WHERE typeid=@id";
cmd.Parameters.AddWithValue("@name",name);
cmd.Parameters.AddWithValue("@des",des);
cmd.Parameters.AddWithValue("@id",id);
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/saletype");
}
public void DoUpdate(FormCollection form)
{
var cmd = new SqlCommand();
cmd.CommandText = "UPDATE exchange SET exchangetype=@type,date=@date,dollar=@dollar,riel=@riel,description=@des WHERE exchangeid=@id";
cmd.Parameters.AddWithValue("@type", form["exchangetype"].ToString());
cmd.Parameters.AddWithValue("@date", form["date"].ToString());
cmd.Parameters.AddWithValue("@dollar", form["dollar"].ToString());
cmd.Parameters.AddWithValue("@riel", form["riel"].ToString());
cmd.Parameters.AddWithValue("@des", form["des"].ToString());
cmd.Parameters.AddWithValue("@id", form["exchangeid"].ToString());
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/exchange");
}
//GET: List Station
public ActionResult ListStation()
{
var cmd = new SqlCommand();
cmd.CommandText = "SELECT * FROM station";
ViewBag.station = new DataAdapter().RunQuery(cmd);
cmd.CommandText = "SELECT logo, companyname FROM company";
ViewBag.name = "PMC Family Col.ltd.com";
ViewBag.logo = "default.png";
DataTable dr = new DataAdapter().RunQuery(cmd);
if(dr.Rows.Count >0){
ViewBag.name = dr.Rows[0][1].ToString();
ViewBag.logo = dr.Rows[0][0].ToString();
}
return View("StationList");
}
public void Edit(FormCollection form)
{
var cmd = new SqlCommand();
string customer_id = Convert.ToString(form["customer_id"].ToString());
cmd.CommandText = "UPDATE customer SET customername=@name,company=@company,email=@email,phone=@phone,customertypeid=@customertype,address=@address,description=@description WHERE customerid=@id";
cmd.Parameters.AddWithValue("@name", form["customername"].ToString());
cmd.Parameters.AddWithValue("@company", form["companyname"].ToString());
cmd.Parameters.AddWithValue("@email", form["email"].ToString());
cmd.Parameters.AddWithValue("@phone", form["phone"].ToString());
cmd.Parameters.AddWithValue("@customertype", form["customertype"].ToString());
cmd.Parameters.AddWithValue("@address", form["address"].ToString());
cmd.Parameters.AddWithValue("@description", form["description"].ToString());
cmd.Parameters.AddWithValue("@id",customer_id);
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/customer");
}
public string Insert(FormCollection form)
{
var cmd = new SqlCommand();
var sms = "";
cmd.CommandText = "INSERT INTO category(categoryname,description) VALUES(@name,@des)";
cmd.Parameters.AddWithValue("@name",form["name"].ToString());
cmd.Parameters.AddWithValue("@des", form["description"].ToString());
var result = new DataAdapter().RunNonQuery(cmd);
if (result)
{
sms = "ការបង្កើតឈ្មោះប្រភេទប្រេងសាំងថ្មីត្រូវបានបង្កើតឡើងដោយជោគជ័យ!";
}
else {
sms = "ប្រភេទឈ្មោះប្រងសាំងថ្មីមិនត្រូវបានបង្កើត។សូមេត្តាព្យាយាមម្ដងទៀត!";
}
return sms;
}
public string Insert(FormCollection form)
{
var sms = "";
var today = DateTime.Today;
var cmd = new SqlCommand();
cmd.CommandText = "INSERT INTO saten(satenname,description,stationid,createdate) VALUES(@name,@des,@station,@date)";
cmd.Parameters.AddWithValue("@name",form["name"].ToString());
cmd.Parameters.AddWithValue("@des",form["description"].ToString());
cmd.Parameters.AddWithValue("@station", form["station"].ToString());
cmd.Parameters.AddWithValue("@date",today);
var result = new DataAdapter().RunNonQuery(cmd);
if(result)
{
sms = "ការបង្កើតសាទែនថ្មីត្រូវបានបង្កើតដោយជោគជ័យ!";
}else{
sms = "ការបង្កើតសាទែនថ្មីមិនត្រូវបានបង្កើត។សូមព្យាយាមម្ដងទៀត។";
}
return sms;
}
public void DoUpdate(FormCollection form)
{
string id = form["company_id"].ToString();
string name = form["companyname"].ToString();
string taxnumber = form["taxnumber"].ToString();
string businesstype = form["businesstype"].ToString();
string address = form["address"].ToString();
string email = form["email"].ToString();
string phone = form["phone"].ToString();
string pobox = form["pobox"].ToString();
string fax = form["fax"].ToString();
string description = form["description"].ToString();
string language = form["language"].ToString();
string filename = form["old_logo"].ToString();
HttpPostedFileBase photo = Request.Files["logo"];
string directory = "~/Content/images/";
if (photo != null && photo.ContentLength > 0)
{
filename = Path.GetFileName(photo.FileName);
photo.SaveAs(Path.Combine(Server.MapPath(directory), filename));
}
var cmd = new SqlCommand();
cmd.CommandText = "UPDATE company SET companyname=@name,taxnumber=@tax,bussinesstype=@business,language=@language,logo=@logo,address=@address,email=@email,phone=@phone,pobox=@box,fax=@fax,description=@des WHERE companyid=@id";
cmd.Parameters.AddWithValue("@id",id);
cmd.Parameters.AddWithValue("@name", name);
cmd.Parameters.AddWithValue("@tax", taxnumber);
cmd.Parameters.AddWithValue("@business", businesstype);
cmd.Parameters.AddWithValue("@language", language);
cmd.Parameters.AddWithValue("@address", address);
cmd.Parameters.AddWithValue("@email", email);
cmd.Parameters.AddWithValue("@phone", phone);
cmd.Parameters.AddWithValue("@box", pobox);
cmd.Parameters.AddWithValue("@fax", fax);
cmd.Parameters.AddWithValue("@des", description);
cmd.Parameters.AddWithValue("@logo",filename);
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/company");
}
public string Insert(string tuname,string stationname, string description)
{
var sms = "";
var cmd = new SqlCommand();
cmd.CommandText = "insert into tu(tuname,stationid, description) values(@Name,@Station,@Description)";
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@Name", tuname);
cmd.Parameters.AddWithValue("@Station", stationname);
cmd.Parameters.AddWithValue("@Description", description);
var result = new DataAdapter().RunNonQuery(cmd);
if (result)
{
sms = "ទូចាក់ថ្មីត្រូវបានបង្កើតដោយជោគជ័យ!";
}
else
{
sms = "មិនអាចបង្កើតទូចាក់ថ្មីបានទេ!";
}
return sms;
}
public void DoUpdate(FormCollection form)
{
var cmd = new SqlCommand();
cmd.CommandText = "UPDATE bankaccount SET bankname=@name,accountcode=@accountcode,address=@address,phone=@phone,fax=@fax,contactname=@contact,internationalcode=@intercode,bankcode=@bankcode,branchcode=@branchcode,description=@des WHERE accountid=@id";
cmd.Parameters.AddWithValue("@name", form["bankname"].ToString());
cmd.Parameters.AddWithValue("@accountcode", form["accountcode"].ToString());
cmd.Parameters.AddWithValue("@address", form["address"].ToString());
cmd.Parameters.AddWithValue("@phone", form["phone"].ToString());
cmd.Parameters.AddWithValue("@fax", form["fax"].ToString());
cmd.Parameters.AddWithValue("@contact", form["contactname"].ToString());
cmd.Parameters.AddWithValue("@intercode", form["intercode"].ToString());
cmd.Parameters.AddWithValue("@bankcode", form["bankcode"].ToString());
cmd.Parameters.AddWithValue("@branchcode", form["branchcode"].ToString());
cmd.Parameters.AddWithValue("@des", form["des"].ToString());
cmd.Parameters.AddWithValue("@id", form["bankid"].ToString());
var result = new DataAdapter().RunNonQuery(cmd);
Response.Redirect("~/bankaccount");
}
public string DoUsers(FormCollection form)
{
Byte[] password;
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
UTF8Encoding encoder = new UTF8Encoding();
password = md5Hasher.ComputeHash(encoder.GetBytes(form["password"].ToString()));
string new_pass = Convert.ToBase64String(md5Hasher.ComputeHash(password));
var sms = "";
var cmd = new SqlCommand();
cmd.CommandText = "SELECT username FROM users WHERE username='******'";
DataTable tr = new DataAdapter().RunQuery(cmd);
if (tr.Rows.Count > 0)
{
sms = "ឈ្មោះដែលត្រូវប្រើប្រាស់នេះមានរួចហើយ។សូមមេត្តារកថ្មីមួយទៀត។";
}
else
{
cmd.CommandText = "INSERT INTO users(firstname,lastname,gender,email,phone,address,position,username,password,description) VALUES(@firstname,@lastname,@gender,@email,@phone,@address,@position,@username,@password,@des)";
cmd.Parameters.AddWithValue("@firstname", form["firstname"].ToString());
cmd.Parameters.AddWithValue("@lastname", form["lastname"].ToString());
cmd.Parameters.AddWithValue("@gender", form["sex"].ToString());
cmd.Parameters.AddWithValue("@email", form["email"].ToString());
cmd.Parameters.AddWithValue("@phone", form["phone"].ToString());
cmd.Parameters.AddWithValue("@address", form["address"].ToString());
cmd.Parameters.AddWithValue("@position", form["position"].ToString());
cmd.Parameters.AddWithValue("@username", form["username"].ToString());
cmd.Parameters.AddWithValue("@password", new_pass);
cmd.Parameters.AddWithValue("@des", form["description"].ToString());
var result = new DataAdapter().RunNonQuery(cmd);
if (result)
{
sms = "ការបង្កើតអ្នកប្រើប្រាស់ថ្មីត្រូវបានបង្កើតដឡើងដោយជោគជ័យ។";
}
else
{
sms = "ការបង្កើតអ្នកប្រើប្រាស់មិនត្រូវបានបង្កើតទេ។សូមព្យាយាមម្ដងទៀត។";
}
}
return sms;
}
public string Insert(FormCollection form)
{
var sms = "";
var cmd = new SqlCommand();
cmd.CommandText = "INSERT INTO exchange(exchangetype,date,dollar,riel,description) VALUES(@type,@date,@dollar,@riel,@des)";
cmd.Parameters.AddWithValue("@type", form["extype"].ToString());
cmd.Parameters.AddWithValue("@date", form["date"].ToString());
cmd.Parameters.AddWithValue("@dollar", form["dollar"].ToString());
cmd.Parameters.AddWithValue("@riel", form["riel"].ToString());
cmd.Parameters.AddWithValue("@des", form["des"].ToString());
var result = new DataAdapter().RunNonQuery(cmd);
if (result)
{
sms = "ការបង្កើតអត្រាប្តូរការប្រាក់ត្រូវបានបង្កើតឡើងដោយជោគជ័យ។";
}
else {
sms = "ការបង្កើតអត្រាប្តូរការប្រាក់មិនត្រូវបានបង្កើតឡើងទេ។សូមមេត្តាព្យាយាមម្តងទៀត។";
}
return sms;
}
// GET: Company
public ActionResult Index()
{
var cmd = new SqlCommand();
cmd.CommandText = "SELECT * FROM company";
var result = new DataAdapter().RunQuery(cmd);
DataTable table = result;
ViewBag.name = "";
ViewBag.description = "";
ViewBag.taxnumber = "";
ViewBag.business = "";
ViewBag.language = "";
ViewBag.logo = "default.png";
ViewBag.address = "";
ViewBag.email = "";
ViewBag.phone = "";
ViewBag.pobox = "";
ViewBag.fax = "";
ViewBag.id = "";
if(table.Rows.Count>0){
ViewBag.name = table.Rows[0][1].ToString();
ViewBag.description = table.Rows[0][11].ToString();
ViewBag.taxnumber = table.Rows[0][2].ToString();
ViewBag.business=table.Rows[0][3].ToString();
ViewBag.language = table.Rows[0][4].ToString();
ViewBag.logo = table.Rows[0][5].ToString();
ViewBag.address = table.Rows[0][6].ToString();
ViewBag.email = table.Rows[0][7].ToString();
ViewBag.phone = table.Rows[0][8].ToString();
ViewBag.pobox = table.Rows[0][9].ToString();
ViewBag.fax = table.Rows[0][10].ToString();
ViewBag.id = table.Rows[0][0].ToString();
}
return View("CompanyList");
}
public string DoAddNew(FormCollection form)
{
string sms = "";
string name = form["sale_name"].ToString();
string des = form["des"].ToString();
var cmd = new SqlCommand();
cmd.CommandText = "INSERT INTO saletype(typename,description) VALUES(@name,@des)";
cmd.Parameters.AddWithValue("@name",name);
cmd.Parameters.AddWithValue("@des",des);
var result = new DataAdapter().RunNonQuery(cmd);
if (result)
{
sms = "ប្រភេទនៃការលក់ត្រូវបានបង្កើតឡើងដោយជោគជ៍យ។";
}
else {
sms = "ប្រភេទនៃការលក់មិនត្រូវបានបង្កើតទេ។ សូមព្យាយាមម្ដងទៀត។";
}
return sms;
}
public ActionResult Update()
{
if (Session["userid"] == null)
{
return(RedirectToAction("login", "User"));
}
var query = "?" + Request.Form["str"].ToString();
NameValueCollection data = HttpUtility.ParseQueryString(query);
// get day of the date
var myDate = Convert.ToDateTime(data["date"].ToString());
var day = myDate.Day.ToString();
var month = myDate.Month.ToString();
var year = myDate.Year.ToString();
var sr = string.Empty;
if (Session["groupid"].ToString() == "1" || (Session["groupid"].ToString() == "2" && month == DateTime.Now.Month.ToString() && year == DateTime.Now.Year.ToString()))
{
var cmd = new SqlCommand();
cmd.CommandText = "editOperation";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@date", SqlDbType.Int).Value = day;
cmd.Parameters.Add("@primary", SqlDbType.Float).Value = data["primary"].ToString();
cmd.Parameters.Add("@a12", SqlDbType.Float).Value = data["a12"].ToString();
cmd.Parameters.Add("@a19", SqlDbType.Float).Value = data["a19"].ToString();
cmd.Parameters.Add("@a1x2", SqlDbType.Float).Value = data["a1x2"].ToString();
cmd.Parameters.Add("@a2x3", SqlDbType.Float).Value = data["a2x3"].ToString();
cmd.Parameters.Add("@m30", SqlDbType.Float).Value = data["m30"].ToString();
cmd.Parameters.Add("@other", SqlDbType.Float).Value = data["other"].ToString();
cmd.Parameters.Add("@l1", SqlDbType.Float).Value = data["l1"].ToString();
cmd.Parameters.Add("@l2", SqlDbType.Float).Value = data["l2"].ToString();
cmd.Parameters.Add("@l3", SqlDbType.Float).Value = data["l3"].ToString();
cmd.Parameters.Add("@l4", SqlDbType.Float).Value = data["l4"].ToString();
cmd.Parameters.Add("@l5", SqlDbType.Float).Value = data["l5"].ToString();
cmd.Parameters.Add("@l6", SqlDbType.Float).Value = data["l6"].ToString();
cmd.Parameters.Add("@l7", SqlDbType.Float).Value = data["l7"].ToString();
cmd.Parameters.Add("@l8", SqlDbType.Float).Value = data["l8"].ToString();
cmd.Parameters.Add("@l9", SqlDbType.Float).Value = data["l9"].ToString();
cmd.Parameters.Add("@l10", SqlDbType.Float).Value = data["l10"].ToString();
cmd.Parameters.Add("@l11", SqlDbType.Float).Value = data["l11"].ToString();
cmd.Parameters.Add("@l12", SqlDbType.Float).Value = data["l12"].ToString();
cmd.Parameters.Add("@l13", SqlDbType.Float).Value = data["l13"].ToString();
cmd.Parameters.Add("@cs430", SqlDbType.Float).Value = data["c1"].ToString();
cmd.Parameters.Add("@ch440", SqlDbType.Float).Value = data["c2"].ToString();
cmd.Parameters.Add("@stcj411", SqlDbType.Float).Value = data["c3"].ToString();
cmd.Parameters.Add("@swcj411", SqlDbType.Float).Value = data["c4"].ToString();
cmd.Parameters.Add("@sunny", SqlDbType.Bit).Value = Convert.ToByte(data["s"].ToString());
cmd.Parameters.Add("@cloudy", SqlDbType.Bit).Value = Convert.ToByte(data["c"].ToString());
cmd.Parameters.Add("@rain", SqlDbType.Bit).Value = Convert.ToByte(data["r"].ToString());
cmd.Parameters.Add("@note", SqlDbType.VarChar, 50).Value = data["note"].ToString();
cmd.Parameters.Add("@fulldate", SqlDbType.VarChar, 50).Value = data["date"].ToString();
cmd.Parameters.Add("@userid", SqlDbType.Int).Value = Convert.ToInt32(Session["userid"].ToString());
cmd.Parameters.Add("@id", SqlDbType.Int).Value = data["id"].ToString();
// insert data
var i = new LHR.lib.DataAdapter().ExecNonPro(cmd);
// return data back to the list
var sql1 = "select * from operation where month(fulldate)=" + month + " and year(fulldate)=" + year + " order by [date] asc";
var com = new SqlCommand();
com.CommandText = sql1;
com.CommandType = CommandType.Text;
DataTable dt = new DataAdapter().RunQuery(com);
sr = JsonConvert.SerializeObject(dt);
}
else
{
// return data back to the list
var sql1 = "select * from operation where month(fulldate)=" + month + " and year(fulldate)=" + year + " order by [date] asc";
var com = new SqlCommand();
com.CommandText = sql1;
com.CommandType = CommandType.Text;
DataTable dt = new DataAdapter().RunQuery(com);
sr = JsonConvert.SerializeObject(dt);
}
return(Content(sr));
}
//GET : Do update data user
public ActionResult Update(string id)
{
var cmd = new SqlCommand();
cmd.CommandText = "SELECT * FROM users WHERE userid='"+id+"'";
DataTable table = new DataAdapter().RunQuery(cmd);
ViewBag.id = id;
ViewBag.firstname = "";
ViewBag.lastname = "";
ViewBag.gender = "";
ViewBag.position = "";
ViewBag.email = "";
ViewBag.phone = "";
ViewBag.username = "";
ViewBag.address = "";
ViewBag.description = "";
ViewBag.password = "";
if(table.Rows.Count >0){
ViewBag.id = table.Rows[0][0].ToString();
ViewBag.firstname = table.Rows[0][1].ToString();
ViewBag.lastname = table.Rows[0][2].ToString();
ViewBag.gender = table.Rows[0][3].ToString();
ViewBag.position = table.Rows[0][7].ToString();
ViewBag.email = table.Rows[0][4].ToString();
ViewBag.phone = table.Rows[0][5].ToString();
ViewBag.username = table.Rows[0][8].ToString();
ViewBag.address = table.Rows[0][6].ToString();
ViewBag.description = table.Rows[0][11].ToString();
ViewBag.password = table.Rows[0][9].ToString();
}
return View("UpdateUsers");
}
//GET: update
public ActionResult Update(string id)
{
var cmd = new SqlCommand();
cmd.CommandText = "SELECT * FROM bankaccount WHERE accountid='"+id+"'";
var result = new DataAdapter().RunQuery(cmd);
DataTable table = result;
ViewBag.id = id;
ViewBag.name = "";
ViewBag.accountcode = "";
ViewBag.address = "";
ViewBag.phone = "";
ViewBag.fax = "";
ViewBag.contactname = "";
ViewBag.internationalcode = "";
ViewBag.bankcode = "";
ViewBag.branchcode = "";
ViewBag.description = "";
if(table.Rows.Count >0){
ViewBag.id = table.Rows[0][0].ToString();
ViewBag.name = table.Rows[0][1].ToString();
ViewBag.accountcode = table.Rows[0][2].ToString();
ViewBag.address = table.Rows[0][3].ToString();
ViewBag.phone = table.Rows[0][4].ToString();
ViewBag.fax = table.Rows[0][5].ToString();
ViewBag.contactname = table.Rows[0][6].ToString();
ViewBag.internationalcode = table.Rows[0][7].ToString();
ViewBag.bankcode = table.Rows[0][8].ToString();
ViewBag.branchcode = table.Rows[0][9].ToString();
ViewBag.description = table.Rows[0][10].ToString();
}
return View("UpdateBankAccount");
}
//GET: Update page
public ActionResult Update(string id)
{
var cmd = new SqlCommand();
cmd.CommandText = "SELECT * FROM exchange WHERE exchangeid='"+id+"'";
DataTable result = new DataAdapter().RunQuery(cmd);
ViewBag.id = id;
ViewBag.name = "";
ViewBag.date = "";
ViewBag.dollar = "";
ViewBag.riel = "";
ViewBag.des = "";
if(result.Rows.Count >0){
var date = Convert.ToDateTime(result.Rows[0][2].ToString());
var convert = date.ToString("yyyy-MM-dd");
ViewBag.id = result.Rows[0][0].ToString();
ViewBag.name = result.Rows[0][1].ToString();
ViewBag.date = convert;
ViewBag.dollar = result.Rows[0][3].ToString();
ViewBag.riel = result.Rows[0][4].ToString();
ViewBag.des = result.Rows[0][5].ToString();
}
return View("UpdateExchange");
}
//GET: update page
public ActionResult UpdateSaleType(string id)
{
var cmd = new SqlCommand();
cmd.CommandText = "SELECT * FROM saletype WHERE typeid='"+id+"'";
var result = new DataAdapter().RunQuery(cmd);
ViewBag.name = "";
ViewBag.id = id;
ViewBag.des = "";
DataTable table = result;
if(table.Rows.Count >0){
ViewBag.name = table.Rows[0][1].ToString();
ViewBag.des = table.Rows[0][2].ToString();
}
return View("UpdateSaleType");
}
