public void ProcessLogin(Object s, EventArgs e)
{
//Instantiate validation
Utility Util = new Utility();
string Username;
string Userpass;
#region Input Validations
//Validate username and password both are empty.
if (Request.Form["uname"].Trim() == "" && Request.Form["password"].Trim() == "")
{
lblerror.Text = "Please enter a username and a password.";
JSLiteral.Text = Util.JSAlert("Please enter a username and a password");
return;
}
if (Request.Form["uname"].Trim() == "")
{
lblerror.Text = "Please enter a username.";
JSLiteral.Text = Util.JSAlert("Please enter a username.");
return;
}
if (Request.Form["password"].Trim() == "")
{
lblerror.Text = "Please enter a password.";
JSLiteral.Text = Util.JSAlert("Please enter a password.");
return;
}
#endregion
//Retreive value from the request.form property and filter dirty character.
Username = Util.FormatTextForInput(Request.Form["uname"]);
Userpass = Util.FormatTextForInput(Request.Form["password"]);
//Do final login process with validation
ProcessLoginCheck(Username, Userpass);
Util = null;
}
//Handles final login process with validation
private void ProcessLoginCheck(string Username, string UserPwd)
{
//Instantiate validation
Utility Util = new Utility();
//Instantiate stored procedure logic
Blogic myBL = new Blogic();
//Check whether admin username and password exist in the admin user database.
if (!myBL.AdminUserNameExist(Username))
{
lblerror.Text = "Username does not exist";
JSLiteral.Text = Util.JSAlert("Username does not exist");
return;
}
else if (!myBL.AdminPasswordExist(UserPwd))
{
lblerror.Text = "Invalid Password";
JSLiteral.Text = Util.JSAlert("Invalid Password");
return;
}
else
{
//Assign variable for username and password to use for the session.
string Getadminusername;
string Getadminpassword;
Getadminusername = myBL.GetAdminUserNameSession(Username);
Getadminpassword = myBL.GetAdminPasswordSession(UserPwd);
myBL = null;
//Store admin username and password construct in session state
Session.Add("adminuserid", Getadminusername);
Session.Add("adminpassword", Getadminpassword);
//If everything is okay, then redirect to the Admin Recipe Manager page.
//5 = recipemanager
Util.PageRedirect(5);
}
}
//Handles comment posting
public void Add_Comment(Object s, EventArgs e)
{
//Perform spam validation by matching the value of the textbox security code to the session variable
//that store the random number.
if (Page.IsValid && (txtsecfield.Text.ToString() == Session["randomStr"].ToString()))
{
//Instantiate object
Utility Util = new Utility();
//If all the fields are filled correctly, then process the comment post.
//Instantiate the SQL command object
CommentInfo AddComm = new CommentInfo();
AddComm.ID = (int)Util.Val(Request.QueryString["id"]);
//Filters harmful scripts from input string.
AddComm.Author = Util.FormatTextForInput(Request.Form[AUTHOR.UniqueID]);
AddComm.Email = Util.FormatTextForInput(Request.Form[EMAIL.UniqueID]);
AddComm.Comments = Util.FormatTextForInput(Request.Form[COMMENTS.UniqueID]);
#region Comment Form Input Validator
//Validate for empty name
if (AddComm.Author.Length == 0)
{
JSLiteral.Text = Util.JSAlert("Error: Name is empty, please enter your name.");
lbvalenght.Text = "<br>Error: Name is empty, please enter your name.";
lbvalenght.Visible = true;
txtsecfield.Text = "";
return;
}
//Validate for empty email
if (AddComm.Email.Length == 0)
{
JSLiteral.Text = Util.JSAlert("Error: Email is empty, please enter your email.");
lbvalenght.Text = "<br>Error: Email is empty, please enter your email.";
lbvalenght.Visible = true;
txtsecfield.Text = "";
return;
}
//Validate for empty comments
if (AddComm.Comments.Length == 0)
{
JSLiteral.Text = Util.JSAlert("Error: Comment is empty, please your comment.");
lbvalenght.Text = "<br>Error: Comment is empty, please your comment.";
lbvalenght.Visible = true;
txtsecfield.Text = "";
return;
}
//Name maximum of 50 char allowed
if (AddComm.Author.Length > 50)
{
JSLiteral.Text = Util.JSAlert("Error: Name is too long. Max of 50 characters.");
lbvalenght.Text = "<br>Error: Name is too long. Max of 50 characters.";
lbvalenght.Visible = true;
AUTHOR.Value = "";
txtsecfield.Text = "";
return;
}
//Email maximum of 50 char allowed
if (AddComm.Email.Length > 50)
{
JSLiteral.Text = Util.JSAlert("Error: Email is too long. Max of 50 characters.");
lbvalenght.Text = "<br>Error: Email is too long. Max of 50 characters.";
lbvalenght.Visible = true;
EMAIL.Value = "";
txtsecfield.Text = "";
return;
}
//Comments maximum of 200 char allowed
if (AddComm.Comments.Length > 200)
{
JSLiteral.Text = Util.JSAlert("Error: Comments is too long. Max of 200 characters.");
lbvalenght.Text = "<br>Error: Comments is too long. Max of 200 characters.";
lbvalenght.Visible = true;
txtsecfield.Text = "";
return;
}
#endregion
//Notify user if error occured.
if (AddComm.Add() != 0)
{
JSLiteral.Text = Util.JSAlert("A database error occured while processing your request.");
return;
}
//Instantiate email template object
EmailTemplate SendEmail = new EmailTemplate();
SendEmail.ItemID = AddComm.ID;
SendEmail.ItemName = strRName;
//Send an email notification to the webmaster in HTML format.
SendEmail.SendEmailCommentNotify();
//Release allocated memory
SendEmail = null;
AddComm = null;
//If success, redirect to confirmation and thank you page.
Util.PageRedirect(4);
Util = null;
}
else
{
//Javascript validation
JSLiteral.Text = Util.JSAlert("Invalid security code. Make sure you type it correctly.");
return;
// lblinvalidsecode.Text = "Invalid security code. Make sure you type it correctly.";
// lblinvalidsecode.Visible = true;
}
}