private void updateLikes() { SqlCommand objCommand = new SqlCommand(); BinaryFormatter serializer = new BinaryFormatter(); MemoryStream stream = new MemoryStream(); List <int> likesints = new List <int>(); foreach (Profile x in Likes) { likesints.Add(x.ProfileID); } Byte[] Store; serializer.Serialize(stream, likesints); Store = stream.ToArray(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_StoreLikes"; objCommand.Parameters.AddWithValue("@UserId", Session["UserID"].ToString()); objCommand.Parameters.AddWithValue("@Pass", Store); objDB.DoUpdateUsingCmdObj(objCommand); }
} // end method bind protected void lbUnlike_Command(object sender, CommandEventArgs e) { // removes user from liked list int unLikeUserID = Convert.ToInt32(e.CommandName); memberLikes.Remove(unLikeUserID); Session["memberLikes"] = memberLikes; // update session BinaryFormatter bf = new BinaryFormatter(); MemoryStream mStream = new MemoryStream(); Byte[] mLikes; bf.Serialize(mStream, memberLikes); mLikes = mStream.ToArray(); // update db SqlCommand objUpdatePref = new SqlCommand(); objUpdatePref.CommandType = CommandType.StoredProcedure; objUpdatePref.CommandText = "TP_UpdatePreferences"; objUpdatePref.Parameters.AddWithValue("@userID", userID); objUpdatePref.Parameters.AddWithValue("@likes", mLikes); obj.DoUpdateUsingCmdObj(objUpdatePref, out string error); if (String.IsNullOrEmpty(error)) { Boolean l = true; Boolean d = false; bind(l,d); // rebind } // end if }
protected void btnApprove_Click(object sender, EventArgs e) { Button btn = (Button)sender; GridViewRow row = (GridViewRow)btn.NamingContainer; string name = row.Cells[1].Text; //int rowIndex = e.Item.ItemIndex; SqlCommand objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; //Login objCommand.CommandText = "TP_ConfirmDate"; objCommand.Parameters.AddWithValue("@UserId", Convert.ToInt32(Session["UserId"].ToString())); objCommand.Parameters.AddWithValue("@PassConfirm", 1); objCommand.Parameters.AddWithValue("@UserName", name); objDB.DoUpdateUsingCmdObj(objCommand); }
protected void gvTripItems_RowUpdating(object sender, GridViewUpdateEventArgs e) { int rowIndex = e.RowIndex; string customerName = gvTripItems.Rows[rowIndex].Cells[0].Text; string tripItemName = gvTripItems.Rows[rowIndex].Cells[2].Text; string tripItemDescription = gvTripItems.Rows[rowIndex].Cells[3].Text; TextBox Tbox; Tbox = (TextBox)gvTripItems.Rows[rowIndex].FindControl("txtQtyAdd"); int quantity = int.Parse(Tbox.Text); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "updateTripItemQuantity"; SqlParameter inputParameter = new SqlParameter("@Quantity", quantity); inputParameter.Direction = ParameterDirection.Input; inputParameter.SqlDbType = SqlDbType.Int; objCommand.Parameters.Add(inputParameter); inputParameter = new SqlParameter("@TripItemName", tripItemName); inputParameter.Direction = ParameterDirection.Input; inputParameter.SqlDbType = SqlDbType.VarChar; objCommand.Parameters.Add(inputParameter); inputParameter = new SqlParameter("@TripItemDescription", tripItemDescription); inputParameter.Direction = ParameterDirection.Input; inputParameter.SqlDbType = SqlDbType.VarChar; objCommand.Parameters.Add(inputParameter); inputParameter = new SqlParameter("@CustomerName", customerName); inputParameter.Direction = ParameterDirection.Input; inputParameter.SqlDbType = SqlDbType.VarChar; objCommand.Parameters.Add(inputParameter); objDB.DoUpdateUsingCmdObj(objCommand); lblAlert.Text = "You have successfully updated your cart."; lblAlert.ForeColor = System.Drawing.Color.Green; lblAlert.Visible = true; gvTripItems.EditIndex = -1; ShowTripItems(); }
protected void btnSubmit_Click(object sender, EventArgs e) { String plainTextPassword = txtConfirmPassword.Text; String encryptedPassword; UTF8Encoding encoder = new UTF8Encoding(); // used to convert bytes to characters, and back Byte[] textBytes; // stores the plain text data as bytes // Perform Encryption // Convert a string to a byte array, which will be used in the encryption process. textBytes = encoder.GetBytes(plainTextPassword); RijndaelManaged rmEncryption = new RijndaelManaged(); MemoryStream myMemoryStream = new MemoryStream(); CryptoStream myEncryptionStream = new CryptoStream(myMemoryStream, rmEncryption.CreateEncryptor(key, vector), CryptoStreamMode.Write); // Use the crypto stream to perform the encryption on the plain text byte array. myEncryptionStream.Write(textBytes, 0, textBytes.Length); myEncryptionStream.FlushFinalBlock(); // Retrieve the encrypted data from the memory stream, and write it to a separate byte array. myMemoryStream.Position = 0; Byte[] encryptedBytes = new Byte[myMemoryStream.Length]; myMemoryStream.Read(encryptedBytes, 0, encryptedBytes.Length); // Close all the streams. myEncryptionStream.Close(); myMemoryStream.Close(); // Convert the bytes to a string and display it. encryptedPassword = Convert.ToBase64String(encryptedBytes); if (txtNewPassword.Text == "") { lblPassword.Text = "Please enter your new password"; txtNewPassword.Focus(); } else if (txtNewPassword.Text == txtConfirmPassword.Text) { lblPassword.Text = ""; objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_ResetPassword"; objCommand.Parameters.AddWithValue("@thePassword", encryptedPassword); objCommand.Parameters.AddWithValue("@theUsername", Session["retrieve-username"].ToString()); objDB.DoUpdateUsingCmdObj(objCommand); lblSuccess.Visible = true; Session.Clear(); Response.AddHeader("REFRESH", "2;URL=login.aspx"); } else { txtConfirmPassword.Focus(); txtConfirmPassword.Text = ""; lblPassword.Text = "Passwords do not match. Please enter again"; } }
protected void btnBlock_click(object sender, EventArgs e) { //Add current profile to block SqlCommand objCommand = new SqlCommand(); //objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_GetBlocks"; objCommand.Parameters.AddWithValue("@UserId", Session["UserID"].ToString()); objDB.GetDataSetUsingCmdObj(objCommand); Byte[] byteArray = (Byte[])objDB.GetField("BlockList", 0); BinaryFormatter deSerializer = new BinaryFormatter(); MemoryStream memStream = new MemoryStream(byteArray); List <int> BlockList; try { BlockList = (List <int>)deSerializer.Deserialize(memStream); } catch { BlockList = new List <int>(); } BlockList.Add(Convert.ToInt32(Session["CurrentUserID"])); BinaryFormatter serializer = new BinaryFormatter(); MemoryStream stream = new MemoryStream(); Byte[] Store; serializer.Serialize(stream, BlockList); Store = memStream.ToArray(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_StoreBlocks"; objCommand.Parameters.AddWithValue("@UserId", Session["CurrentUserID"].ToString()); objCommand.Parameters.AddWithValue("@BlockList", Store); objDB.DoUpdateUsingCmdObj(objCommand); }
public void UpdateTotalSales() { int customerid = Convert.ToInt16(Session["customerid"].ToString()); decimal total = Convert.ToDecimal(ShowTotalPrice()); try { objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_UpdateTotalSales"; objCommand.Parameters.AddWithValue("@id", customerid); objCommand.Parameters.AddWithValue("@total", total); objDB.DoUpdateUsingCmdObj(objCommand); } catch (Exception ex) { throw ex; } }
/* protected void btnGetProduct_Click(object sender, EventArgs e) * { * int departmentnumber = Int32.Parse(ddlDepartment.SelectedValue); * url = url + "GetProductCatalog/" + departmentnumber.ToString(); * * WebRequest request = WebRequest.Create(url); * WebResponse response = request.GetResponse(); * * Stream theDataStream = response.GetResponseStream(); * StreamReader reader = new StreamReader(theDataStream); * String data = reader.ReadToEnd(); * reader.Close(); * response.Close(); * * JavaScriptSerializer js = new JavaScriptSerializer(); * List<Product> products = js.Deserialize<List<Product>>(data); * * gvProducts.DataSource = products; * gvProducts.DataBind(); * }*/ protected void gvProducts_SelectedIndexChanged(object sender, EventArgs e) { if (Session["count"] != null) { count = (int)Session["count"] + 1; } lbCart.Text = Session["cart"].ToString() + " (" + count.ToString() + ")"; Session["FinalCart"] = lbCart.Text; Session["count"] = count; int rowIndex = gvProducts.SelectedIndex; Product product = new Product(); product.Image = gvProducts.SelectedRow.Cells[0].Text; product.Title = gvProducts.SelectedRow.Cells[1].Text; product.Desc = gvProducts.SelectedRow.Cells[2].Text; product.Price = Convert.ToDouble(gvProducts.SelectedRow.Cells[3].Text); TextBox tb = (TextBox)gvProducts.SelectedRow.FindControl("txtQuantity"); product.Product_ID = Convert.ToInt32(gvProducts.DataKeys[rowIndex].Value.ToString()); product.Quantity = Convert.ToInt32(tb.Text); if (Session["list"] != null) { productlist = (ArrayList)Session["list"]; productlist.Add(product); } else { productlist.Add(product); } Session["list"] = productlist; Session["Productlist"] = productlist; lblNotify.Visible = false; // Serialize the CreditCard object BinaryFormatter serializer = new BinaryFormatter(); MemoryStream memStream = new MemoryStream(); Byte[] byteArray; serializer.Serialize(memStream, productlist); byteArray = memStream.ToArray(); // Update the account to store the serialized object (binary data) in the database objcomm.CommandType = CommandType.StoredProcedure; objcomm.CommandText = "TP_StoreCart"; objcomm.Parameters.AddWithValue("theID", Session["customerID"]); objcomm.Parameters.AddWithValue("theCart", byteArray); objDB.DoUpdateUsingCmdObj(objcomm); }
protected void btnWipetables_Click(object sender, EventArgs e) { DBConnect objDB = new DBConnect(); SqlCommand objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "sp_WipeSQLtables"; objDB.DoUpdateUsingCmdObj(objCommand); }
} // end blocked users protected void btnUpdateUsername_Click(object sender, EventArgs e) { // validate user input for username lblUsernameError.Visible = false; Session["remain"] = 1; if (txtNewUsername.Text=="") { txtNewUsername.CssClass += " is-invalid"; return; } // end check else { SqlCommand objUpdateUserName = new SqlCommand(); objUpdateUserName.CommandType = CommandType.StoredProcedure; objUpdateUserName.CommandText = "TP_UpdateUsername"; SqlParameter outputUsernameExists = new SqlParameter("@UsernameExists", SqlDbType.Int) { Direction = ParameterDirection.Output }; objUpdateUserName.Parameters.AddWithValue("@userID", userID); objUpdateUserName.Parameters.AddWithValue("username", txtNewUsername.Text); objUpdateUserName.Parameters.Add(outputUsernameExists); if (obj.DoUpdateUsingCmdObj(objUpdateUserName, out string exception) == -2) { ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true); } if (Int32.Parse(outputUsernameExists.Value.ToString()) == 1) { lblUsernameError.Visible = true; } else { ClientScript.RegisterStartupScript(this.GetType(), "SuccessToast", "showSuccess();", true); txtCurrentUsername.Text = txtNewUsername.Text; txtNewUsername.CssClass = txtNewUsername.CssClass.Replace("is-invalid", "").Trim(); } txtNewUsername.Text = ""; } } // end update username btn click
protected void lbSendAgain_Click(object sender, EventArgs e) { //If send again is clicked, generate a new verification code, dump it into the database, and // send the email containing the new code RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] random = new byte[16]; rng.GetBytes(random); string rngString = Convert.ToBase64String(random); string trimmed = rngString.Substring(0, rngString.Length - 2); try { SqlCommand commandObj = new SqlCommand(); commandObj.Parameters.Clear(); commandObj.CommandType = CommandType.StoredProcedure; commandObj.CommandText = "TP_InsertVerification"; commandObj.Parameters.AddWithValue("@UserID", Session["VerifyingUserID"].ToString()); commandObj.Parameters.AddWithValue("@code", trimmed); DBConnect OBJ = new DBConnect(); if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) != -2) { // sends email again string email = Session["email"].ToString(); string sendAdd = "*****@*****.**"; string link = Request.Url.Host + "'/Verification.aspx'"; // send email MailMessage msg = new MailMessage(); msg.To.Add(new MailAddress(@email)); msg.Subject = "QUERY Welcome Email"; msg.From = new MailAddress(sendAdd); msg.IsBodyHtml = true; msg.Body = "<div> Thank you for signing up for Query.com! <Br><BR> You have successfully " + "created an account. To verify, please enter the verification code: <strong>" + trimmed + "</strong><Br><BR> <div>"; SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587); smtp.Credentials = new System.Net.NetworkCredential(sendAdd, "CIS3342TermProject"); smtp.EnableSsl = true; smtp.Send(msg); Response.Redirect("Verification.aspx"); } } catch { ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true); } }
private void deleteDateRequest() { DBConnect objDB = new DBConnect(); SqlCommand objCmd = new SqlCommand(); objCmd.CommandType = CommandType.StoredProcedure; objCmd.CommandText = "TP_DeleteDateRequest"; int result = 0; User tempUser = new User(); int userID1 = tempUser.getUserID(Session["Username"].ToString()); int userID2 = tempUser.getUserID(Session["RequestedProfile"].ToString()); UserProfile tempProfile = new UserProfile(); if (tempProfile.checkIfUserSentDateRequest(Session["Username"].ToString(), Session["RequestedProfile"].ToString())) { objCmd.Parameters.AddWithValue("@requestFrom", userID1); objCmd.Parameters.AddWithValue("@requestTo", userID2); result = objDB.DoUpdateUsingCmdObj(objCmd); if (result == 1) { lblErrorMsg.Text += "Successfully deleted date request to this user. <br />"; lblErrorMsg.Visible = true; } } else if (tempProfile.checkIfUserReceivedDateRequest(Session["RequestedProfile"].ToString(), Session["Username"].ToString())) { objCmd.Parameters.AddWithValue("@requestFrom", userID2); objCmd.Parameters.AddWithValue("@requestTo", userID1); result = objDB.DoUpdateUsingCmdObj(objCmd); if (result == 1) { lblErrorMsg.Text += "Successfully deleted date request from this user. <br />"; lblErrorMsg.Visible = true; } } }
protected void btnSendMessage_Click(object sender, EventArgs e) { Timer1.Enabled = true; DBConnect objDB = new DBConnect(); SqlCommand objCmd = new SqlCommand(); objCmd.CommandType = CommandType.StoredProcedure; objCmd.CommandText = "TP_GetConversation"; objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString()); objCmd.Parameters.AddWithValue("@usernameTwo", Session["MessageToUsername"].ToString()); DataSet conversationDS = objDB.GetDataSetUsingCmdObj(objCmd); string conversation = objDB.GetField("Content", 0).ToString(); int messageID = int.Parse(objDB.GetField("MessageID", 0).ToString()); String messageText = txtSendMessage.Text; String updateConversation = conversation + "<br />" + Session["Username"].ToString() + ": " + messageText; DBConnect objDBConn = new DBConnect(); SqlCommand objCmdConn = new SqlCommand(); objCmdConn.CommandType = CommandType.StoredProcedure; objCmdConn.CommandText = "TP_UpdateConversation"; objCmdConn.Parameters.AddWithValue("@messageID", messageID); objCmdConn.Parameters.AddWithValue("@content", updateConversation); int result = objDBConn.DoUpdateUsingCmdObj(objCmdConn); if (result == 1) { DataBind(); User tempUser = new User(); string recipient = tempUser.getEmailByUsername(Session["MessageToUsername"].ToString()); Email emailObj = new Email(); string to = recipient; string from = "*****@*****.**"; string subject = "New Message"; string message = "You have a new message from " + Session["Username"].ToString() + ". Visit the website to view the message."; try { emailObj.SendMail(to, from, subject, message); } catch (Exception ex) { } } txtSendMessage.Text = string.Empty; }
protected void UpdateMerchantInfo(Merchant merchant) { int id = int.Parse(Session["merchantID"].ToString()); try { objcomm.CommandType = CommandType.StoredProcedure; objcomm.CommandText = "TP_UpdateMerchantInfo"; objcomm.Parameters.AddWithValue("@id", id); objcomm.Parameters.AddWithValue("@address", merchant.Address); objcomm.Parameters.AddWithValue("@city", merchant.City); objcomm.Parameters.AddWithValue("@state", merchant.State); objcomm.Parameters.AddWithValue("@zipcode", merchant.ZipCode); objcomm.Parameters.AddWithValue("@phone", merchant.Phone); objcomm.Parameters.AddWithValue("@email", merchant.Email); objDB.DoUpdateUsingCmdObj(objcomm); } catch (Exception ex) { throw ex; } }
protected void btnSend_Click(object sender, EventArgs e) { objDB = new DBConnect(); objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_sp_SendMessage"; objCommand.Parameters.AddWithValue("@SenderID", userID); objCommand.Parameters.AddWithValue("@Username", username); objCommand.Parameters.AddWithValue("@ReceiverID", ddlMatches.SelectedValue); objCommand.Parameters.AddWithValue("@Message", txtMessage.Text); objDB.DoUpdateUsingCmdObj(objCommand); Bind(); }
private void newConvo() { DBConnect objDB = new DBConnect(); SqlCommand objCmd = new SqlCommand(); objCmd.CommandType = CommandType.StoredProcedure; objCmd.CommandText = "TP_NewConversation"; objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString()); objCmd.Parameters.AddWithValue("@usernameTwo", Session["RequestedProfile"].ToString()); int result = objDB.DoUpdateUsingCmdObj(objCmd); if (result == 1) { Response.Redirect("Messaging.aspx"); } }
protected void btnSubmitBankInformation_Click(object sender, EventArgs e) { DBConnect dbConnection = new DBConnect(); SqlCommand objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TPAddMerchantBankInformation"; objCommand.Parameters.AddWithValue("@Email", Session["userEmail"].ToString()); objCommand.Parameters.AddWithValue("@BankCompany", txtBankCompany.Text); objCommand.Parameters.AddWithValue("@AccountType", ddlAccountType.SelectedValue); objCommand.Parameters.AddWithValue("@AccountNumber", txtAccountNumber.Text); int ResponseRecevied = dbConnection.DoUpdateUsingCmdObj(objCommand); RegisterMerchantDetails.Visible = false; BankAccount.Visible = false; SubmitConfirmation.Visible = true; }
private void modifyProfilePic() { if (IsPostBack) { if (fileProfilePic.HasFile) { int result = 0, imageSize; string fileExt, imageName; User tempUser = new User(); int userID = tempUser.getUserID(Session["Username"].ToString()); imageSize = fileProfilePic.PostedFile.ContentLength; byte[] imageData = new byte[imageSize]; fileProfilePic.PostedFile.InputStream.Read(imageData, 0, imageSize); imageName = fileProfilePic.PostedFile.FileName; fileExt = imageName.Substring(imageName.LastIndexOf(".")); fileExt = fileExt.ToLower(); if (fileExt == ".jpg") { DBConnect objDB = new DBConnect(); SqlCommand objCmd = new SqlCommand(); objCmd.CommandType = CommandType.StoredProcedure; objCmd.CommandText = "TP_ModifyProfilePic"; objCmd.Parameters.AddWithValue("@imageData", imageData); objCmd.Parameters.AddWithValue("@userID", userID); result = objDB.DoUpdateUsingCmdObj(objCmd); if (result != 1) { lblErrorMsg.Text += "*There was an error updating your profile picture. <br />"; lblErrorMsg.Visible = true; } } else { lblErrorMsg.Text += "*Only jpg file types supported. <br />"; lblErrorMsg.Visible = true; } } } }
protected void btnDateSubmit_Click(object sender, EventArgs e) { try { if (Session["UsersName"].ToString() != currentProfile.FirstName) { DateTime date = Convert.ToDateTime(txtDate.Text); string location = txtLocation.Text; string desc = txtDescription.Text; SqlCommand objCommand = new SqlCommand(); objDB = new DBConnect(); objCommand = new SqlCommand(); int ID1 = Convert.ToInt32(Session["UserID"].ToString()); int ID2 = currentProfile.UserID; objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_CreateDate"; objCommand.Parameters.AddWithValue("@UserId1", ID1); objCommand.Parameters.AddWithValue("@UserId2", ID2); objCommand.Parameters.AddWithValue("@Location", location); objCommand.Parameters.AddWithValue("@Date", date); objCommand.Parameters.AddWithValue("@Description", desc); objCommand.Parameters.AddWithValue("@UserName1", Session["UsersName"].ToString()); objCommand.Parameters.AddWithValue("@UserName2", currentProfile.FirstName); objDB.DoUpdateUsingCmdObj(objCommand); } else { // MessageBox.Show("Cannot Date yourself Error"); } pnlDateRequest.Visible = false; } catch { //MessageBox.Show("Date Request Error"); pnlDateRequest.Visible = false; } }
private void deleteConversation() { DBConnect objDB = new DBConnect(); SqlCommand objCmd = new SqlCommand(); objCmd.CommandType = CommandType.StoredProcedure; objCmd.CommandText = "TP_GetConversation"; objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString()); objCmd.Parameters.AddWithValue("@usernameTwo", Session["RequestedProfile"].ToString()); DataSet conversationDS = objDB.GetDataSetUsingCmdObj(objCmd); if (conversationDS.Tables.Count > 0) { if (conversationDS.Tables[0].Rows.Count > 0) { objCmd.CommandType = CommandType.StoredProcedure; objCmd.CommandText = "TP_DeleteConversation"; objCmd.Parameters.Clear(); objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString()); objCmd.Parameters.AddWithValue("@usernameTwo", Session["RequestedProfile"].ToString()); int result = objDB.DoUpdateUsingCmdObj(objCmd); if (result == 1) { lblErrorMsg.Text += "Successfully deleted conversation with this user. <br />"; lblErrorMsg.Visible = true; } } else { lblErrorMsg.Text += "You have no conversations with this user to delete. <br />"; lblErrorMsg.Visible = true; } } else { lblErrorMsg.Text += "You have no conversations with this user to delete. <br />"; lblErrorMsg.Visible = true; } }
private void BtnDelete_Click(object sender, EventArgs e) { Button btnDelete = (Button)sender; int rowNum = int.Parse(btnDelete.ID.Split('_')[1]); ProfileDisplay profileDisplay = ((ProfileDisplay)conversationsDiv.FindControl("pdProfile_" + rowNum)); DBConnect objDB = new DBConnect(); SqlCommand objCmd = new SqlCommand(); objCmd.CommandType = CommandType.StoredProcedure; objCmd.CommandText = "TP_DeleteConversation"; objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString()); objCmd.Parameters.AddWithValue("@usernameTwo", profileDisplay.Username); int result = objDB.DoUpdateUsingCmdObj(objCmd); if (result == 1) { conversationsDiv.Controls.RemoveAt(conversationsDiv.Controls.Count - 1); loadConversations(); } }
protected void btnSaveSettings_Click(object sender, EventArgs e) { DBConnect objDB = new DBConnect(); SqlCommand objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_UpdatePreferences"; objCommand.Parameters.AddWithValue("@email", Session["Email"].ToString()); objCommand.Parameters.AddWithValue("@privacy", ddlProfileView.SelectedValue); objCommand.Parameters.AddWithValue("@theme", ddlColorStyle.SelectedValue); objCommand.Parameters.AddWithValue("@autoSignIn", ddlAutoSignIn.SelectedValue); if (objDB.DoUpdateUsingCmdObj(objCommand) > 0) { } objDB = new DBConnect(); objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_UpdateSerialPreferences"; objCommand.Parameters.AddWithValue("@email", Session["Email"].ToString()); Preferences serialPreferences = new Preferences(); serialPreferences.AutoSignIn = Convert.ToInt32(ddlAutoSignIn.SelectedValue); serialPreferences.Email = Session["Email"].ToString(); serialPreferences.Privacy = ddlProfileView.SelectedValue; serialPreferences.Theme = ddlColorStyle.SelectedValue; BinaryFormatter serializer = new BinaryFormatter(); MemoryStream memStream = new MemoryStream(); Byte[] byteArray; serializer.Serialize(memStream, serialPreferences); byteArray = memStream.ToArray(); objCommand.Parameters.AddWithValue("@serial", byteArray); objCommand.Parameters.AddWithValue("@verificationToken", Session["VerificationToken"].ToString()); if (objDB.DoUpdateUsingCmdObj(objCommand) > 0) { } }
protected void btnCreateAccount_Click(object sender, EventArgs e) { //Input Validation for new Log-in if (txtNewName.Text == "" || txtNewEmail.Text == "" || txtNewAddress.Text == "" || txtNewState.Text == "" || txtNewZipCode.Text == "" || txtNewUsername.Text == "" || txtDesiredPassword.Text == "" || txtDesiredPassword1.Text == "") { lblMessage.Text = "Please make sure all fields are filled out"; return; } if (txtDesiredPassword.Text != txtDesiredPassword1.Text) { lblMessage.Text = "Desired password and desired password confirmation do not match."; return; } if (txtNewState.Text.Length > 2) { lblMessage.Text = "State must be written in 2 letter format, i.e. New Jersey = NJ"; return; } bool zip = checkIfDigits(txtNewZipCode.Text); if (zip == false) { lblMessage.Text = "Only numbers can be inputed as your zipcode."; return; } //If they make it past input validation then check if a cookie needs to be made string username = txtNewUsername.Text; string password = txtDesiredPassword.Text; string name = txtNewName.Text; string address = txtNewAddress.Text + ", " + txtNewCity.Text + ", " + txtNewState.Text + " " + txtNewZipCode.Text; string email = txtNewEmail.Text; if (rdoRememberMe.Checked) //Remember Me is checked so make a cookie and create account { HttpCookie myCookie = new HttpCookie("theCookie"); myCookie.Value = "CIS3342 Website"; myCookie.Expires = new DateTime(2016, 1, 1); myCookie.Values["Username"] = txtUsername.Text; Response.Cookies.Add(myCookie); } else //Remember me is not checked so create account without using a cookie { SqlCommand objCommand = new SqlCommand(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "CreateNewUser"; objCommand.Parameters.AddWithValue("@inputUsername", username); objCommand.Parameters.AddWithValue("@inputPassword", password); objCommand.Parameters.AddWithValue("@inputName", name); objCommand.Parameters.AddWithValue("@inputEmail", email); objCommand.Parameters.AddWithValue("@inputAddress", address); DBConnect objDB = new DBConnect(); objDB.DoUpdateUsingCmdObj(objCommand); //adds user to DB using stored procedure //add code here to make a new customer object and create a session } }
protected void btnChangePass_Click(object sender, EventArgs e) { string password = txtNewPass.Text; string passwordConfirm = txtConfirmPass.Text; Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$"); bool trigger = false; //Validate password; Make sure it passes regex and matches the confirm password input if (password.Length <= 0 || !regexPassword.IsMatch(password)) { trigger = true; txtNewPass.CssClass += " is-invalid"; txtNewPass.Text = ""; } if (password != passwordConfirm) { trigger = true; txtConfirmPass.CssClass += " is-invalid"; txtConfirmPass.Text = ""; } if (!trigger) { //Salt the password and update it in the db //Password Salting & Hashing byte[] saltArray = CryptoUtilities.GenerateSalt(); byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password); try { SqlCommand commandObj = new SqlCommand(); commandObj.Parameters.Clear(); commandObj.CommandType = CommandType.StoredProcedure; commandObj.CommandText = "TP_UpdatePassword"; commandObj.Parameters.AddWithValue("@userID", Session["VerifyingID"].ToString()); commandObj.Parameters.AddWithValue("@pass", hashPassword); commandObj.Parameters.AddWithValue("@salt", saltArray); DBConnect OBJ = new DBConnect(); if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) == -2) { ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true); } else { divSuccess.Visible = true; divChangePassword.Visible = false; } } catch { ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true); } } else { divInvalidPassword.Visible = true; } }
protected void btnCreateAccount_Click(object sender, EventArgs e) { //Basic validation divUsernameExists.Visible = false; divEmailExists.Visible = false; string username = txtUsername.Text; string email = txtEmail.Text.Trim(); string password = txtPassword.Text; string passwordConfirm = txtConfirmPassword.Text; string firstName = txtFName.Text; string lastName = txtLName.Text; string AddressOne = txtAddressOne.Text; string AddressTwo = txtAddressTwo.Text; string city = txtCity.Text; string state = ddlState.SelectedValue; string zip = txtZip.Text; string SQOne = txtSecurityQOne.Text; string SQTwo = txtSecurityQTwo.Text; string SQThree = txtSecurityQThree.Text; // //Regular Expressions sourced from http://regexlib.com // Regex regexEmail = new Regex(@"^([\w\d\-\.]+)@{1}(([\w\d\-]{1,67})|([\w\d\-]+\.[\w\d\-]{1,67}))\.(([a-zA-Z\d]{2,4})(\.[a-zA-Z\d]{2})?)$"); Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$"); Regex regexZip = new Regex(@"(^\d{5}$)|(^\d{5}-\d{4}$)"); txtUsername.CssClass = txtUsername.CssClass.Replace("is-invalid", "").Trim(); txtEmail.CssClass = txtEmail.CssClass.Replace("is-invalid", "").Trim(); txtPassword.CssClass = txtPassword.CssClass.Replace("is-invalid", "").Trim(); txtConfirmPassword.CssClass = txtConfirmPassword.CssClass.Replace("is-invalid", "").Trim(); txtFName.CssClass = txtFName.CssClass.Replace("is-invalid", "").Trim(); txtLName.CssClass = txtLName.CssClass.Replace("is-invalid", "").Trim(); txtAddressOne.CssClass = txtAddressOne.CssClass.Replace("is-invalid", "").Trim(); txtAddressTwo.CssClass = txtAddressTwo.CssClass.Replace("is-invalid", "").Trim(); txtCity.CssClass = txtCity.CssClass.Replace("is-invalid", "").Trim(); ddlState.CssClass = ddlState.CssClass.Replace("is-invalid", "").Trim(); txtZip.CssClass = txtZip.CssClass.Replace("is-invalid", "").Trim(); txtSecurityQOne.CssClass = txtSecurityQOne.CssClass.Replace("is-invalid", "").Trim(); txtSecurityQTwo.CssClass = txtSecurityQTwo.CssClass.Replace("is-invalid", "").Trim(); txtSecurityQThree.CssClass = txtSecurityQThree.CssClass.Replace("is-invalid", "").Trim(); ddlSecurityQOne.CssClass = ddlSecurityQOne.CssClass.Replace("is-invalid", "").Trim(); ddlSecurityQTwo.CssClass = ddlSecurityQTwo.CssClass.Replace("is-invalid", "").Trim(); ddlSecurityQThree.CssClass = ddlSecurityQThree.CssClass.Replace("is-invalid", "").Trim(); Boolean trigger = false; if (username.Length <= 0) { trigger = true; txtUsername.CssClass += " is-invalid"; } if (email.Length <= 0 || !regexEmail.IsMatch(email)) { trigger = true; txtEmail.CssClass += " is-invalid"; } if (password.Length <= 0 || !regexPassword.IsMatch(password)) { trigger = true; txtPassword.CssClass += " is-invalid"; txtPassword.Text = ""; } if (password != passwordConfirm) { txtConfirmPassword.CssClass += " is-invalid"; txtConfirmPassword.Text = ""; } if (firstName.Length <= 0) { trigger = true; txtFName.CssClass += " is-invalid"; } if (lastName.Length <= 0) { trigger = true; txtLName.CssClass += " is-invalid"; } if (AddressOne.Length <= 0) { trigger = true; txtAddressOne.CssClass += " is-invalid"; } if (city.Length <= 0) { trigger = true; txtCity.CssClass += " is-invalid"; } if (state.Length <= 0) { trigger = true; ddlState.CssClass += " is-invalid"; } if (zip.Length <= 0 || !regexZip.IsMatch(zip)) { trigger = true; txtZip.CssClass += " is-invalid"; } if (SQOne.Length <= 0) { trigger = true; txtSecurityQOne.CssClass += " is-invalid"; } if (SQTwo.Length <= 0) { trigger = true; txtSecurityQTwo.CssClass += " is-invalid"; } if (SQThree.Length <= 0) { trigger = true; txtSecurityQThree.CssClass += " is-invalid"; } if (ddlSecurityQOne.SelectedValue == "") { trigger = true; ddlSecurityQOne.CssClass += " is-invalid"; } if (ddlSecurityQTwo.SelectedValue == "") { trigger = true; ddlSecurityQTwo.CssClass += " is-invalid"; } if (ddlSecurityQThree.SelectedValue == "") { trigger = true; ddlSecurityQThree.CssClass += " is-invalid"; } if (trigger) { } else { //Password Salting & Hashing byte [] saltArray = CryptoUtilities.GenerateSalt(); byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password); commandObj.Parameters.Clear(); commandObj.CommandType = CommandType.StoredProcedure; commandObj.CommandText = "TP_CreateUser"; SqlParameter inputUsername = new SqlParameter("@username", username) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter inputPassword = new SqlParameter("@password", hashPassword) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarBinary }; SqlParameter inputSalt = new SqlParameter("@salt", saltArray) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarBinary }; SqlParameter inputEmail = new SqlParameter("@emailAddress", email) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter inputFirstName = new SqlParameter("@firstName", firstName) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter inputLastName = new SqlParameter("@lastName", lastName) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter inputBilling = new SqlParameter("@billing", AddressOne) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter inputCity = new SqlParameter("@city", city) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter inputState = new SqlParameter("@state", state) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter inputZip = new SqlParameter("@zip", Convert.ToInt32(zip)) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; SqlParameter outputUsernameExists = new SqlParameter("@UsernameExists", SqlDbType.Int) { Direction = ParameterDirection.Output }; SqlParameter outputEmailExists = new SqlParameter("@EmailExists", SqlDbType.Int) { Direction = ParameterDirection.Output }; SqlParameter outputNewUserID = new SqlParameter("@NewUserID", SqlDbType.Int) { Direction = ParameterDirection.Output }; commandObj.Parameters.Add(inputUsername); commandObj.Parameters.Add(inputPassword); commandObj.Parameters.Add(inputSalt); commandObj.Parameters.Add(inputEmail); commandObj.Parameters.Add(inputFirstName); commandObj.Parameters.Add(inputLastName); commandObj.Parameters.Add(inputBilling); commandObj.Parameters.Add(inputCity); commandObj.Parameters.Add(inputState); commandObj.Parameters.Add(inputZip); commandObj.Parameters.Add(outputNewUserID); commandObj.Parameters.Add(outputEmailExists); commandObj.Parameters.Add(outputUsernameExists); if (dbConnection.DoUpdateUsingCmdObj(commandObj, out string exception) == -2) { ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true); } else { //Two output parameters tell us if the username or email exists if (Int32.Parse(outputUsernameExists.Value.ToString()) == 1) { divUsernameExists.Visible = true; } if (Int32.Parse(outputEmailExists.Value.ToString()) == 1) { divEmailExists.Visible = true; } if (!(Int32.Parse(outputUsernameExists.Value.ToString()) == 1 && (Int32.Parse(outputEmailExists.Value.ToString()) == 1))) { //If we pass the checks, then also update the security questions commandObj.Parameters.Clear(); commandObj.CommandType = CommandType.StoredProcedure; commandObj.CommandText = "TP_UpdateSecurityQuestions"; DataTable dtSecurityQuestions = new DataTable(); dtSecurityQuestions.Columns.Add("UserId", typeof(int)); dtSecurityQuestions.Columns.Add("QuestionID", typeof(int)); dtSecurityQuestions.Columns.Add("QuestionAnswer", typeof(string)); DataRow newRow = dtSecurityQuestions.NewRow(); newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString()); newRow["QuestionId"] = Int32.Parse(ddlSecurityQOne.SelectedValue); newRow["QuestionAnswer"] = txtSecurityQOne.Text; dtSecurityQuestions.Rows.Add(newRow); newRow = dtSecurityQuestions.NewRow(); newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString()); newRow["QuestionId"] = Int32.Parse(ddlSecurityQTwo.SelectedValue); newRow["QuestionAnswer"] = txtSecurityQTwo.Text; dtSecurityQuestions.Rows.Add(newRow); newRow = dtSecurityQuestions.NewRow(); newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString()); newRow["QuestionId"] = Int32.Parse(ddlSecurityQThree.SelectedValue); newRow["QuestionAnswer"] = txtSecurityQThree.Text; dtSecurityQuestions.Rows.Add(newRow); commandObj.Parameters.AddWithValue("@SecurityQuestions", dtSecurityQuestions); commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString()); if (dbConnection.DoUpdateUsingCmdObj(commandObj, out exception) == -2) { ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true); } else { // insert empty list of prefs insertPreferences(Convert.ToInt32(outputNewUserID.Value.ToString())); Session["RegisteringUserID"] = outputNewUserID; //Generate a random verification code using the crypto provider RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] random = new byte[16]; rng.GetBytes(random); string rngString = Convert.ToBase64String(random); string trimmed = rngString.Substring(0, rngString.Length - 2); // send email string sendAdd = "*****@*****.**"; MailMessage msg = new MailMessage(); msg.To.Add(new MailAddress(@email)); msg.Subject = "QUERY Welcome Email"; msg.From = new MailAddress(sendAdd); msg.IsBodyHtml = true; msg.Body = "<div> Thank you for signing up for Query.com! <Br><BR> You have successfully " + "created an account. To verify, please enter the verification code: <strong>" + trimmed + "</strong><Br><BR> <div>"; SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587); smtp.Credentials = new System.Net.NetworkCredential(sendAdd, "CIS3342TermProject"); smtp.EnableSsl = true; smtp.Send(msg); Session["email"] = email; commandObj.Parameters.Clear(); commandObj.CommandType = CommandType.StoredProcedure; commandObj.CommandText = "TP_InsertVerification"; commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString()); commandObj.Parameters.AddWithValue("@code", trimmed); DBConnect OBJ = new DBConnect(); if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) != -2) { Response.Redirect("Verification.aspx"); } else { ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true); } // end inner else } // end outter else } // end inner if } // end outter else } // end outermose else } // end button click - create account
protected void btnPurchase_Click(object sender, EventArgs e) { string customerName = Session["LoginID"].ToString(); int totalQuantity = 0; double total = 0; Trip objTrip = new Trip(); for (int i = 0; i < gvPurchase.Rows.Count; i++) { if (gvPurchase.Rows[i].Cells[0].Text == "Car") { objTrip.CarService = gvPurchase.Rows[i].Cells[1].Text; objTrip.CarServiceDescription = gvPurchase.Rows[i].Cells[2].Text; } else if (gvPurchase.Rows[i].Cells[0].Text == "Air") { objTrip.AirService = gvPurchase.Rows[i].Cells[1].Text; objTrip.AirServiceDescription = gvPurchase.Rows[i].Cells[2].Text; } else if (gvPurchase.Rows[i].Cells[0].Text == "Hotel") { objTrip.HotelService = gvPurchase.Rows[i].Cells[1].Text; objTrip.HotelServiceDescription = gvPurchase.Rows[i].Cells[2].Text; } else if (gvPurchase.Rows[i].Cells[0].Text == "Activity") { objTrip.ActivityService = gvPurchase.Rows[i].Cells[1].Text; objTrip.ActivityServiceDescription = gvPurchase.Rows[i].Cells[2].Text; } totalQuantity = totalQuantity + int.Parse(gvPurchase.Rows[i].Cells[4].Text); total = total + double.Parse(gvPurchase.Rows[i].Cells[5].Text, NumberStyles.Currency); objTrip.Quantity = totalQuantity; objTrip.TotalSales = total; objTrip.CustomerName = customerName; } BinaryFormatter serializer = new BinaryFormatter(); MemoryStream memStream = new MemoryStream(); Byte[] byteArray; serializer.Serialize(memStream, objTrip); byteArray = memStream.ToArray(); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "addVacation"; objCommand.Parameters.AddWithValue("@CustomerName", customerName); objCommand.Parameters.AddWithValue("@VacationPackage", byteArray); int retVal = objDB.DoUpdateUsingCmdObj(objCommand); if (retVal > 0) { lblDisplay.Text = "You have successfully purchased a vacation package"; lblDisplay.Visible = true; btnViewPurchase.Visible = true; btnPurchase.Visible = false; gvPurchase.Visible = false; //clears cart objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "clearTripItems"; objCommand.Parameters.Clear(); SqlParameter inputParameter = new SqlParameter("@CustomerName", customerName); inputParameter.Direction = ParameterDirection.Input; inputParameter.SqlDbType = SqlDbType.VarChar; objCommand.Parameters.Add(inputParameter); objDB.DoUpdateUsingCmdObj(objCommand); } else { lblDisplay.Text = "Unable to purchase vacation package"; } }
protected void btnSubmit_Click(object sender, EventArgs e) { objcommand.CommandType = CommandType.StoredProcedure; objcommand.CommandText = "TP_GetUsernameAndEmail"; objcommand.Parameters.AddWithValue("@username", txtUsername.Text); objcommand.Parameters.AddWithValue("@email", txtEmail.Text); DataSet ds = objconn.GetDataSetUsingCmdObj(objcommand); if (ds.Tables[0].Rows.Count == 0) { String plainTextPassword = txtPassword.Text; String encryptedPassword; UTF8Encoding encoder = new UTF8Encoding(); // used to convert bytes to characters, and back Byte[] textBytes; // stores the plain text data as bytes // Perform Encryption // Convert a string to a byte array, which will be used in the encryption process. textBytes = encoder.GetBytes(plainTextPassword); RijndaelManaged rmEncryption = new RijndaelManaged(); MemoryStream myMemoryStream = new MemoryStream(); CryptoStream myEncryptionStream = new CryptoStream(myMemoryStream, rmEncryption.CreateEncryptor(key, vector), CryptoStreamMode.Write); // Use the crypto stream to perform the encryption on the plain text byte array. myEncryptionStream.Write(textBytes, 0, textBytes.Length); myEncryptionStream.FlushFinalBlock(); // Retrieve the encrypted data from the memory stream, and write it to a separate byte array. myMemoryStream.Position = 0; Byte[] encryptedBytes = new Byte[myMemoryStream.Length]; myMemoryStream.Read(encryptedBytes, 0, encryptedBytes.Length); // Close all the streams. myEncryptionStream.Close(); myMemoryStream.Close(); // Convert the bytes to a string and display it. encryptedPassword = Convert.ToBase64String(encryptedBytes); Customer customer = new Customer(); if (txtName.Text != "" && txtUsername.Text != "" && txtPassword.Text != "" && txtEmail.Text != "" && txtAddress.Text != "" && txtCity.Text != "" && txtState.Text != "" && txtZipcode.Text != "" && txtPhone.Text != "" && txtSq1.Text != "" && txtSq2.Text != "" && txtSq3.Text != "") { customer.Name = txtName.Text; customer.Username = txtUsername.Text; customer.Password = encryptedPassword; customer.Email = txtEmail.Text; customer.Address = txtAddress.Text; customer.City = txtCity.Text; customer.State = txtState.Text; customer.ZipCode = txtZipcode.Text; customer.Phone = txtPhone.Text; customer.Sq1 = txtSq1.Text; customer.Sq2 = txtSq2.Text; customer.Sq3 = txtSq3.Text; lblDisplay.Text = ""; } else { lblDisplay.Text = "Please do not leave any field empty"; } if (customer != null) { try { objcommand.Parameters.Clear(); objcommand.CommandType = CommandType.StoredProcedure; objcommand.CommandText = "TP_AddCustomer"; objcommand.Parameters.AddWithValue("@name", customer.Name); objcommand.Parameters.AddWithValue("@username", customer.Username); objcommand.Parameters.AddWithValue("@password", customer.Password); objcommand.Parameters.AddWithValue("@address", customer.Address); objcommand.Parameters.AddWithValue("@city", customer.City); objcommand.Parameters.AddWithValue("@state", customer.State); objcommand.Parameters.AddWithValue("@zipcode", customer.ZipCode); objcommand.Parameters.AddWithValue("@phone", customer.Phone); objcommand.Parameters.AddWithValue("@email", customer.Email); objcommand.Parameters.AddWithValue("@sq1", customer.Sq1); objcommand.Parameters.AddWithValue("@sq2", customer.Sq2); objcommand.Parameters.AddWithValue("@sq3", customer.Sq3); int result = objconn.DoUpdateUsingCmdObj(objcommand); if (result == -1) { lblNotif.Text = "An error occurred. Please try again!"; lblNotif.Visible = false; } else { lblSuccess.Text = "Successfully created an account"; if (lblNotif.Visible == true) { lblNotif.Visible = false; } lblSuccess.Visible = true; btnSubmit.Visible = false; } } catch (Exception ex) { throw ex; } } } else { lblNotif.Text = "The username or email is already taken"; lblNotif.Visible = true; } }
protected void btnSubmit_Click1(object sender, EventArgs e) { string strEmail = txtEmail.Text; string strConfirmEmail = txtConfirmEmail.Text; string strPassword = txtPassword.Text; string strConfirmPassword = txtConfirmPassword.Text; string strQuestion = ddlSecurityQuestion.SelectedValue; string strQuestion2 = ddlSecurityQuestion2.SelectedValue; string strQuestion3 = ddlSecurityQuestion3.SelectedValue; int val = 0; if (txtUsername.Text.All(char.IsLetterOrDigit)) { if (strPassword == strConfirmPassword && validate.IsNotNull(strPassword)) // Validate password { if (validate.IsValidEmail(strEmail) && strEmail == strConfirmEmail && validate.IsNotNull(strEmail)) // validate email { if (strQuestion != strQuestion2 && strQuestion2 != strQuestion3 && strQuestion3 != strQuestion) // validate questions { objDB = new DBConnect(); objCommand = new SqlCommand(); Random random = new Random(); code = random.Next(10001, 99999); objCommand.CommandType = CommandType.StoredProcedure; objCommand.CommandText = "TP_sp_addNewUser"; objCommand.Parameters.AddWithValue("@username", txtUsername.Text); objCommand.Parameters.AddWithValue("@password", txtPassword.Text); objCommand.Parameters.AddWithValue("@email", txtEmail.Text); objCommand.Parameters.AddWithValue("@ConfirmationCode", code.ToString()); objCommand.Parameters.AddWithValue("@SecurityQuestion", ddlSecurityQuestion.SelectedValue); objCommand.Parameters.AddWithValue("@SecurityResponse", txtSecurityResponse.Text); objCommand.Parameters.AddWithValue("@SecurityQuestion2", ddlSecurityQuestion2.SelectedValue); objCommand.Parameters.AddWithValue("@SecurityResponse2", txtSecurityResponse2.Text); objCommand.Parameters.AddWithValue("@SecurityQuestion3", ddlSecurityQuestion3.SelectedValue); objCommand.Parameters.AddWithValue("@SecurityResponse3", txtSecurityResponse3.Text); val = objDB.DoUpdateUsingCmdObj(objCommand); if (val < 0) { lblStatus.ForeColor = Color.Red; lblStatus.Text = "[Server:Error]"; } else { Session["Username"] = txtUsername.Text; lblStatus.ForeColor = Color.Green; lblStatus.Text = "Success: New user was created"; if (EmailVerification(txtEmail.Text)) { // get user ID and sen it to send the verification email Response.Redirect("/CreateProfile.aspx"); } } } else { lblSecQuestion.ForeColor = Color.Red; lblSecQuestion2.ForeColor = Color.Red; lblSecQuestion3.ForeColor = Color.Red; lblSecQuestion.Text = "Please pick three different questions and respond each one:"; } } else { lblEmail.ForeColor = Color.Red; lblEmail.Text = "Email wont match please verify:"; } } else { lblPassword.ForeColor = Color.Red; lblPassword.Text = "Password wont match please verify:"; } } else { lblPassword.ForeColor = Color.Red; lblPassword.Text = "Username is only allow to have numbers and letters:"; } }