protected void Page_Load(object sender, EventArgs e)
{
// Deny normal user access
if (Session["userType"].ToString() == Reference.USR_MEM)
{
/* string script = "alert('You do not have access to the page.');";
* ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true); */
ScriptManager.RegisterStartupScript(this, this.GetType(), "redirect", "alert('You do not have access to this page'); window.location='" +
Request.ApplicationPath + "ProfileInfo.aspx';", true);
}
else
{
if (!IsPostBack)
{
User userObj = new User();
UserManagement uDao = new UserManagement();
userObj = uDao.getUserByID(Session["SelectedID"].ToString());
tbName.Text = userObj.Name;
tbContact.Text = userObj.ContactNumber;
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
User userObj = new User();
UserManagement uDao = new UserManagement();
userObj = uDao.getUserByID(Session["SelectedID"].ToString());
tbName.Text = userObj.Name;
tbContact.Text = userObj.ContactNumber;
}
}
protected void Page_Load(object sender, EventArgs e)
{
User userObj = new User();
UserManagement uDao = new UserManagement();
userObj = uDao.getUserByID(Session["SelectedID"].ToString());
lbName.Text = userObj.Name;
lbEmail.Text = userObj.Email;
lbContact.Text = userObj.ContactNumber;
lbUserType.Text = uDao.getUserType(userObj.Type);
lbCompany.Text = userObj.CompanyName;
lbStatus.Text = uDao.getUserStatus(userObj.Status);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
User userObj = new User();
UserManagement uDao = new UserManagement();
if (Session["userType"].ToString() == Reference.USR_ADM)
{
userObj = uDao.getAdminByID(Session["userID"].ToString());
}
else
{
userObj = uDao.getUserByID(Session["userID"].ToString());
}
tbName.Text = userObj.Name;
tbContact.Text = userObj.ContactNumber;
}
}
protected void diffUserView()
{
//VIC: the user of the session key username is misleading, it should be usertype right?
if ((string)Session["userType"] == Reference.USR_ADM)
{
UserView.Visible = false;
AdminView.Visible = true;
User userObj = new User();
UserManagement uDao = new UserManagement();
userObj = uDao.getAdminByID(Session["userID"].ToString());
lbAdminName.Text = userObj.Name;
lbAdminEmail.Text = userObj.Email;
lbAdminContact.Text = userObj.ContactNumber;
lbAdminType.Text = uDao.getUserType(userObj.Type);
lbAdminStatus.Text = uDao.getUserStatus(userObj.Status);
}
//VIC: the condition is redundant, if the above condition is false which already means username is not admin, there is no need for this statement as it will always be true
else
{
UserView.Visible = true;
AdminView.Visible = false;
User userObj = new User();
UserManagement uDao = new UserManagement();
userObj = uDao.getUserByID(Session["userID"].ToString());
lbName.Text = userObj.Name;
lbEmail.Text = userObj.Email;
lbContact.Text = userObj.ContactNumber;
lbUserType.Text = uDao.getUserType(userObj.Type);
lbCompany.Text = userObj.CompanyName;
lbStatus.Text = uDao.getUserStatus(userObj.Status);
}
}
protected void Page_Load(object sender, EventArgs e)
{
// Deny normal user access
if (Session["userType"].ToString() == Reference.USR_MEM)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "redirect", "alert('You do not have access to this page'); window.location='" +
Request.ApplicationPath + "ProfileInfo.aspx';", true);
}
else
{
User userObj = new User();
UserManagement uDao = new UserManagement();
userObj = uDao.getUserByID(Session["selectedID"].ToString());
lbName.Text = userObj.Name;
lbEmail.Text = userObj.Email;
lbContact.Text = userObj.ContactNumber;
lbUserType.Text = uDao.getUserType(userObj.Type);
lbCompany.Text = userObj.CompanyName;
lbStatus.Text = uDao.getUserStatus(userObj.Status);
}
}
protected void btnDelete_Command(object sender, CommandEventArgs e)
{
if (e.CommandName == "DeleteMessage")
{
SqlConnection conn = null;
SqlDataReader reader = null;
// instantiate and open connection
conn = new
SqlConnection(Reference.Constr);
conn.Open();
int index = Convert.ToInt32(e.CommandArgument);
// Retrieve the row that contains the button
// from the Rows collection.
GridViewRow row = gvUser.Rows[index];
LinkButton btnButton1 = sender as LinkButton;
GridViewRow gvRow1 = (GridViewRow)btnButton1.NamingContainer;
//SqlCommand cmdCount = new SqlCommand("select count(*) as total from Advertisement as a inner join Company as c on a.companyID=c.CompanyID where c.CompanyID=@ID", conn);
User uObj = new User();
UserManagement uDao = new UserManagement();
Label lb_msgId = (Label)gvRow1.FindControl("lb_UserID");
// string CurrentSession = Session["UserID"].ToString();
uObj = uDao.getUserByID(lb_msgId.Text);
string userName = uObj.Name;
if (lb_msgId.Text.ToString() == Session["UserID"].ToString())
{
deleteFailure.Visible = true;
alertSuccess.Visible = false;
updateSuccess.Visible = false;
createSuccess.Visible = false;
labelDelete.Text = "You cannot delete yourself";
}
else
{
deleteFailure.Visible = false;
alertSuccess.Visible = true;
updateSuccess.Visible = false;
createSuccess.Visible = false;
msgSuccess.Text = userName + " Has Been Deleted Successfully!";
Boolean insCnt = uDao.deleteQns(lb_msgId.Text);
}
//VIC: never inform if the delete is successful or not?
Database db = new Database();
SqlCommand cmd = new SqlCommand("Select * from [User] WHERE Type != @paraType and Status = 1");
cmd.Parameters.AddWithValue("@paraType", (string)Session["userType"]);
DataSet ds = db.getDataSet(cmd);
//gvUser.DataSource = ds;
gvUser.DataBind();
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
UserManagement uDao = new UserManagement();
User uObj = new User();
if (Session["userType"].ToString() == Reference.USR_ADM)
{
uObj = uDao.getAdminByID(Session["userID"].ToString());
}
else
{
uObj = uDao.getUserByID(Session["userID"].ToString());
}
string uName = tbName.Text;
string uContact = tbContact.Text;
string lastUpdBy = Session["userID"].ToString();
string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt");
//initialise hash password
string uPswdHash = "";
//initalise salted password
string uPswdSalt = "";
int testing = 1;
//pswdmatch=1
int pswdMatch = 1;
//if empty make password hash and salt same
if (CurrentPassword.Text == "" && CurrentPassword.Visible == false || tbPswd.Text == "" || tbCPswd.Text == "" || (tbPswd.Text == "" && tbCPswd.Text == ""))
{
uPswdHash = (string)uObj.PasswordHash;
uPswdSalt = (string)uObj.PasswordSalt;
Boolean insCnt = uDao.updateCurrentUser(Session["userID"].ToString(), uName, uContact, uPswdHash, uPswdSalt, lastUpdBy, lastUpdOn);
tbName.Text = String.Empty;
tbContact.Text = String.Empty;
alertSuccess.Visible = true;
}
else
{
string passwordhashlol = uObj.PasswordHash;
// convert into bytes
byte[] hashbyteslol = Convert.FromBase64String(passwordhashlol);
// take the salt out of the string
byte[] saltlol = new byte[16];
Array.Copy(hashbyteslol, 0, saltlol, 0, 16);
// hash the entered Current password
var pbkdf2lol = new Rfc2898DeriveBytes(CurrentPassword.Text, saltlol, 10000);
byte[] hashlol = pbkdf2lol.GetBytes(20);
for (int i = 0; i < 20; i++)
{
if (hashbyteslol[i + 16] != hashlol[i])
{
pswdMatch = 0;
}
}
if (pswdMatch == 1)
{
if (tbPswd.Text == tbCPswd.Text)
{
byte[] salt;
// generate salt
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
// hash and salt using PBKDF2
var pbkdf2 = new Rfc2898DeriveBytes(tbCPswd.Text, salt, 10000);
// place string in byte array
byte[] hash = pbkdf2.GetBytes(20);
// make new byte array to store hashed password + salt
// 36 --> 16(salt) + 20(hash)
byte[] hashbytes = new byte[36];
Array.Copy(salt, 0, hashbytes, 0, 16);
Array.Copy(hash, 0, hashbytes, 16, 20);
string PasswordHash = Convert.ToBase64String(hashbytes);
string PasswordSalt = Convert.ToBase64String(salt);
uPswdHash = PasswordHash;
uPswdSalt = PasswordSalt;
Boolean insCnt = uDao.updateCurrentUser(Session["userID"].ToString(), uName, uContact, uPswdHash, uPswdSalt, lastUpdBy, lastUpdOn);
tbName.Text = String.Empty;
tbContact.Text = String.Empty;
alertSuccess.Visible = true;
alertDanger.Visible = false;
}
}
else
{
alertDanger.Visible = true;
alertSuccess.Visible = false;
}
}
}
public void BindGrid()
{
SqlConnection conn = null;
SqlDataReader reader = null;
// instantiate and open connection
conn = new
SqlConnection(Reference.Constr);
conn.Open();
if (Session["userType"].ToString() == Reference.USR_ADM)
{
// 1. declare command object with parameter
SqlCommand cmd = new SqlCommand(
" SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " +
"[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1", conn);
SqlDataAdapter sda = new SqlDataAdapter();
DataTable dt = new DataTable();
cmd.Connection = conn;
sda.SelectCommand = cmd;
sda.Fill(dt);
// get data stream
GridView1.DataSource = dt;
GridView1.DataBind();
}
else
{
User uObj = new User();
UserManagement uDao = new UserManagement();
uObj = uDao.getUserByID(Session["userID"].ToString());
// 1. declare command object with parameter
SqlCommand cmd = new SqlCommand(
" SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate] FROM " +
"[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and [Company].status = 1 and [Company].CompanyID=@comID", conn);
// 2. define parameters used in command object
SqlParameter param = new SqlParameter();
param.ParameterName = "@comID";
param.Value = uObj.CompanyID.ToString();
// 3. add new parameter to command object
cmd.Parameters.Add(param);
SqlDataAdapter sda = new SqlDataAdapter();
DataTable dt = new DataTable();
cmd.Connection = conn;
sda.SelectCommand = cmd;
sda.Fill(dt);
// get data stream
GridView1.DataSource = dt;
GridView1.DataBind();
}
if (GridView1.Rows.Count == 0)
{
}
}
protected void btnDelete_Command(object sender, CommandEventArgs e)
{
SqlConnection conn = null;
SqlDataReader reader = null;
// instantiate and open connection
conn = new
SqlConnection(Reference.Constr);
conn.Open();
if (e.CommandName == "DeleteAdMessage")
{
int index = Convert.ToInt32(e.CommandArgument);
// Retrieve the row that contains the button
// from the Rows collection.
GridViewRow row = GridView1.Rows[index];
LinkButton btnButton1 = sender as LinkButton;
GridViewRow gvRow1 = (GridViewRow)btnButton1.NamingContainer;
Advertisement aObj = new Advertisement();
Advertisement_Management aDao = new Advertisement_Management();
Label lb_msgId = (Label)gvRow1.FindControl("lb_AdvertID");
aObj = aDao.getAdvByID(lb_msgId.Text);
// bObj = bDao.getBillboardByID(lb_msgId.Text);
// string BBCode = bObj.BillboardCode;
//Boolean insCnt = bDao.deleteBillboard(lb_msgId.Text);
Boolean DeleteAd = aDao.deleteAdvert(lb_msgId.Text);
//VIC: never inform if the delete is successful or not?
alertSuccessDelete.Visible = true;
alertSuccessCreate.Visible = false;
alertSuccessUpdate.Visible = false;
Label3.Text = " Advert '" + aObj.Name + "' Has Been Deleted Successfully!";
//" SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " +
// "[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1", conn);
Database db = new Database();
if (Session["userType"].ToString() == Reference.USR_ADM)
{
SqlCommand cmd = new SqlCommand("SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " +
"[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1", conn);
SqlDataAdapter sda = new SqlDataAdapter();
DataTable dt = new DataTable();
sda.SelectCommand = cmd;
sda.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
else
{
User uObj = new User();
UserManagement uDao = new UserManagement();
uObj = uDao.getUserByID(Session["userID"].ToString());
SqlCommand cmd = new SqlCommand("SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " +
"[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1 and [Advertisement].CompanyID=@comID", conn);
SqlParameter param = new SqlParameter();
param.ParameterName = "@comID";
param.Value = uObj.CompanyID.ToString();
cmd.Parameters.Add(param);
SqlDataAdapter sda = new SqlDataAdapter();
DataTable dt = new DataTable();
sda.SelectCommand = cmd;
sda.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
}
protected void btnRun_Click(object sender, EventArgs e)
{
// " select [Company].Name as CompanyName ,[Advertisement].Name as AdvertName,[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate" +
//" from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
// "where [Advertisement].status=1 order by " + e.SortExpression + " " + strSortDirection, conn);
if (Session["userType"].ToString() == Reference.USR_ADM)
{
//admin input
if (startDateTB.Text == "" && endDateTB.Text == "")
{
string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" +
",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
"where [Advertisement].status=1 and ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" +
" + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') ";
SqlCommand xp = new SqlCommand(str, con);
xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text;
//xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text;
con.Open();
xp.ExecuteNonQuery();
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = xp;
DataSet ds = new DataSet();
da.Fill(ds, "Name");
GridView1.DataSource = ds;
GridView1.DataBind();
}
else
{
DateTime sdate = DateTime.Parse(startDateTB.Text);
DateTime edate = DateTime.Parse(endDateTB.Text);
string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" +
",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
"where [Advertisement].status=1 and [Advertisement].StartDate>=@sDate and [Advertisement].EndDate<=@eDate and" +
" ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" +
" + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') ";
SqlCommand xp = new SqlCommand(str, con);
xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text;
xp.Parameters.Add("@sDate", SqlDbType.DateTime).Value = sdate;
xp.Parameters.Add("@eDate", SqlDbType.DateTime).Value = edate;
//xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text;
con.Open();
xp.ExecuteNonQuery();
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = xp;
DataSet ds = new DataSet();
da.Fill(ds, "Name");
GridView1.DataSource = ds;
GridView1.DataBind();
}
}
else
{
//user input
if (startDateTB.Text == "" && endDateTB.Text == "")
{
User uObj = new User();
UserManagement uDao = new UserManagement();
uObj = uDao.getUserByID(Session["userID"].ToString());
string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" +
",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
"where [Company].CompanyID=@ID and [Advertisement].status=1 and ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" +
" + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') ";
SqlCommand xp = new SqlCommand(str, con);
xp.Parameters.Add("@ID", SqlDbType.NVarChar).Value = uObj.CompanyID.ToString();
xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text;
//xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text;
con.Open();
xp.ExecuteNonQuery();
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = xp;
DataSet ds = new DataSet();
da.Fill(ds, "Name");
GridView1.DataSource = ds;
GridView1.DataBind();
}
else
{
DateTime sdate = DateTime.Parse(startDateTB.Text);
DateTime edate = DateTime.Parse(endDateTB.Text);
string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" +
",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
"where [Advertisement].status=1 and [Advertisement].StartDate>=@sDate and [Advertisement].EndDate<=@eDate and" +
" ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" +
" + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') ";
SqlCommand xp = new SqlCommand(str, con);
xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text;
xp.Parameters.Add("@sDate", SqlDbType.DateTime).Value = sdate;
xp.Parameters.Add("@eDate", SqlDbType.DateTime).Value = edate;
//xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text;
con.Open();
xp.ExecuteNonQuery();
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = xp;
DataSet ds = new DataSet();
da.Fill(ds, "Name");
GridView1.DataSource = ds;
GridView1.DataBind();
}
}
//string str = " select [Company].Name as CompanyName,[Advertisement].Name as AdvertName" +
// ",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
// "where [Company].CompanyID=@ID and [Advertisement].status=1 and ([Advertisement].Name like '%' + @search + '%' OR ItemType like '%'" +
// " + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') ";
//SqlCommand xp = new SqlCommand(str, vid);
//xp.Parameters.Add("@ID", SqlDbType.NVarChar).Value = Session["CompanyID"].ToString();
//xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text;
////xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text;
//vid.Open();
//xp.ExecuteNonQuery();
//SqlDataAdapter da = new SqlDataAdapter();
//da.SelectCommand = xp;
//DataSet ds = new DataSet();
//da.Fill(ds, "Name");
//GridView1.DataSource = ds;
//GridView1.DataBind();
}
protected void GridView1_Sorting(object sender, GridViewSortEventArgs e)
{
SortDirection sortDirection = SortDirection.Ascending;
string sortField = string.Empty;
SortGridview((GridView)sender, e, out sortDirection, out sortField);
string strSortDirection = sortDirection == SortDirection.Ascending ? "ASC" : "DESC";
SqlConnection conn = null;
SqlDataReader reader = null;
// instantiate and open connection
conn = new
SqlConnection(Reference.Constr);
conn.Open();
// " SELECT [Advertisement].AdvID,[Company].Name, [Advertisement].Name, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " +
//"[Advertisement] inner join[Company] on Company.CompanyID =[Advertisement].CompanyID where[Advertisement].status = 1 and[Company].status = 1"
if (Session["UserType"].ToString() == Reference.USR_ADM)
{
SqlCommand cmd = new SqlCommand(
" select AdvID, [Company].Name as CompanyName ,[Advertisement].Name as AdvertName,[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate" +
" from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
"where [Advertisement].status=1 order by " + e.SortExpression + " " + strSortDirection, conn);
SqlDataAdapter sda = new SqlDataAdapter();
DataTable dt = new DataTable();
cmd.Connection = conn;
sda.SelectCommand = cmd;
sda.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
else
{
User uObj = new User();
UserManagement uDao = new UserManagement();
uObj = uDao.getUserByID(Session["userID"].ToString());
SqlCommand cmd = new SqlCommand(
" select AdvID, [Company].Name as CompanyName ,[Advertisement].Name as AdvertName,[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate" +
" from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " +
"where [Company].CompanyID=@ID and [Advertisement].status=1 order by " + e.SortExpression + " " + strSortDirection, conn);
// 2. define parameters used in command object
SqlParameter param = new SqlParameter();
param.ParameterName = "@ID";
param.Value = uObj.CompanyID.ToString();
// 3. add new parameter to command object
cmd.Parameters.Add(param);
SqlDataAdapter sda = new SqlDataAdapter();
DataTable dt = new DataTable();
cmd.Connection = conn;
sda.SelectCommand = cmd;
sda.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
protected void ButtonConfirm_Click(object sender, EventArgs e)
{
//initialise imagelink and getvalue
string imagelink = "";
string getvalue = "";
for (int i = 0; i < CheckBoxList2.Items.Count; i++)
{
if (CheckBoxList2.Items[i].Selected)
{
getvalue += CheckBoxList2.Items[i].Text + ",";
getvalue = getvalue.TrimEnd();
}
}
//if uploaded file then save
if (FileUpload1.HasFile)
{
string fileExt = System.IO.Path.GetExtension(FileUpload1.FileName);
FileUpload1.SaveAs(Server.MapPath("~/Images/") + FileUpload1.FileName);
}
//if any field missing give warning!
//unused codes
if (Literal1.Text == "" || startDateTB.Text == "" ||
endDateTB.Text == "" || adCategoryTB.Text == "" || billboardDisplayTB.Text == "" || getvalue == "")
{
//alertWarning.Visible = true;
//warningLocation.Text = "Please ensure you have filled in all required fields";
}
//if never agree to terms and conditions,display warning
//unused codes
else if (CheckBox1.Checked == false)
{
//alertWarning.Visible = true;
//warningLocation.Text = "Please agree with T&C";
}
else
{
//alertWarning.Visible = false;
DateTime aDate = DateTime.Now;
imagelink = "Images/" + Literal1.Text;
DateTime sdate = DateTime.Parse(startDateTB.Text);
DateTime edate = DateTime.Parse(endDateTB.Text);
int companyID = Convert.ToInt32(DropDownListCompany.SelectedItem.Value);
int AdvertisementID = GetMaxIDAdvertisement();
string mainconn = ConfigurationManager.ConnectionStrings["Targeted_Marketing_DisplayConnectionString"].ConnectionString;
SqlConnection sqlconn = new SqlConnection(Reference.Constr);
String adv = "Insert into [Advertisement](Name,Item,ItemType,Duration,CompanyID,StartDate,EndDate,Status,CreatedBy,CreatedOn)" +
" Values(@Name,@Item,@ItemType,@Duration,@CompanyID,@StartDate,@EndDate,@Status,@CreatedBy,@CreatedOn)";
SqlCommand sqlcomm = new SqlCommand(adv);
sqlcomm.Connection = sqlconn;
sqlconn.Open();
if ((string)Session["userType"] == Reference.USR_ADM)
{
sqlcomm.Parameters.AddWithValue("@CreatedOn", DateTime.Now);
sqlcomm.Parameters.AddWithValue("@Name", adNameTB.Text);
sqlcomm.Parameters.AddWithValue("@Item", imagelink);
sqlcomm.Parameters.AddWithValue("@ItemType", Literal2.Text);
sqlcomm.Parameters.AddWithValue("@StartDate", sdate);
sqlcomm.Parameters.AddWithValue("@EndDate", edate);
sqlcomm.Parameters.AddWithValue("@CompanyID", companyID);
sqlcomm.Parameters.AddWithValue("@Status", "1");
sqlcomm.Parameters.AddWithValue("@CreatedBy", "2");
sqlcomm.Parameters.AddWithValue("@Duration", videoDurationTB.Text);
sqlcomm.ExecuteNonQuery();
sqlconn.Close();
}
else
{
User userObj = new User();
UserManagement uDao = new UserManagement();
userObj = uDao.getUserByID(Session["userID"].ToString());
sqlcomm.Parameters.AddWithValue("@CreatedOn", DateTime.Now);
sqlcomm.Parameters.AddWithValue("@Name", adNameTB.Text);
sqlcomm.Parameters.AddWithValue("@Item", imagelink);
sqlcomm.Parameters.AddWithValue("@ItemType", Literal2.Text);
sqlcomm.Parameters.AddWithValue("@StartDate", sdate);
sqlcomm.Parameters.AddWithValue("@EndDate", edate);
sqlcomm.Parameters.AddWithValue("@CompanyID", userObj.CompanyID);
sqlcomm.Parameters.AddWithValue("@Status", "1");
sqlcomm.Parameters.AddWithValue("@CreatedBy", "2");
sqlcomm.Parameters.AddWithValue("@Duration", videoDurationTB.Text);
sqlcomm.ExecuteNonQuery();
sqlconn.Close();
}
SqlConnection sqlcon = new SqlConnection(Reference.Constr);
string sqlquery = "Insert into [AdvertisementCategory](AdvID,CategoryID) values(@AdvID,@CategoryID)";
SqlCommand sqlcom = new SqlCommand(sqlquery, sqlcon);
sqlcon.Open();
string str = adCategoryTB.Text;
string[] splitstr = str.Split(',');
int id = GetMaxIDAdvertisement();
foreach (string s in splitstr)
{
//trim the string, i.e. remove the space if any
string _s = s;
_s = _s.Trim();
sqlcom.Parameters.AddWithValue("@AdvID", id);
//sqlcom.Parameters.AddWithValue("@CategoryID", s);
sqlcom.Parameters.AddWithValue("@CategoryID", _s);
sqlcom.ExecuteNonQuery();
sqlcom.Parameters.Clear();
}
sqlcon.Close();
List <int> ListOfID = new List <int>();
SqlConnection sqlconnn = new SqlConnection(Reference.Constr);
string sqlqueryy = "Insert into [AdvertisementLocation](AdvID,BillboardID) values(@AdvID,@BillboardID)";
SqlCommand sqlcommm = new SqlCommand(sqlqueryy, sqlconnn);
sqlconnn.Open();
int AdvId = GetMaxIDAdvertisement();
//Label bblabel = (Label)gvr.FindControl("lb_BillboardID");
for (int i = 0; i < GridView1.Rows.Count; i++)
{
//Label bblabel = (Label)gvr.FindControl("lb_BillboardID");
// billboardDisplayTB.Text = billboardDisplayTB.Text + "," + bblabel.Text;
GridViewRow row = GridView1.Rows[i];
bool chkbx = ((CheckBox)row.FindControl("CheckBoxSelector")).Checked;
if (chkbx)
{
Label bblabel = (Label)GridView1.Rows[i].FindControl("lb_BillboardID");
sqlcommm.Parameters.AddWithValue("@BillboardID", Convert.ToInt32(bblabel.Text));
sqlcommm.Parameters.AddWithValue("@AdvID", AdvId);
sqlcommm.ExecuteNonQuery();
sqlcommm.Parameters.Clear();
}
}
sqlconnn.Close();
SqlConnection sqlcn = new SqlConnection(Reference.Constr);
string sqlque = "Insert into [AdvertisementAudience](AdvID,AgeID,GenderID) values(@AdvID,@AgeID,@GenderID)";
SqlCommand sqlcm = new SqlCommand(sqlque, sqlcn);
sqlcn.Open();
int ID_audience = GetMaxIDAdvertisement();
for (int i = 0; i < CheckBoxList2.Items.Count; i++)
{
if (CheckBoxList2.Items[i].Selected == true)
{
string stri = string.Empty;
stri = CheckBoxList2.Items[i].ToString();
if (stri.Contains("Male") & stri.Contains("Child"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "M");
sqlcm.Parameters.AddWithValue("@AgeID", "1");
}
else if (stri.Contains("Male") & stri.Contains("Young Adult"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "M");
sqlcm.Parameters.AddWithValue("@AgeID", "2");
}
else if (stri.Contains("Male") & stri.Contains("Age 31-65"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "M");
sqlcm.Parameters.AddWithValue("@AgeID", "3");
}
else if (stri.Contains("Male") & stri.Contains("Senior"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "M");
sqlcm.Parameters.AddWithValue("@AgeID", "4");
}
else if (stri.Contains("Female") & stri.Contains("Child"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "F");
sqlcm.Parameters.AddWithValue("@AgeID", "1");
}
else if (stri.Contains("Female") & stri.Contains("Young Adult"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "F");
sqlcm.Parameters.AddWithValue("@AgeID", "2");
}
else if (stri.Contains("Female") & stri.Contains("Age 31-65"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "F");
sqlcm.Parameters.AddWithValue("@AgeID", "3");
}
else if (stri.Contains("Female") & stri.Contains("Senior"))
{
sqlcm.Parameters.AddWithValue("@GenderID", "F");
sqlcm.Parameters.AddWithValue("@AgeID", "4");
}
sqlcm.Parameters.AddWithValue("@AdvID", ID_audience);
sqlcm.ExecuteNonQuery();
sqlcm.Parameters.Clear();
}
}
sqlcn.Close();
adNameTB.Text = string.Empty;
DropDownListCompany.SelectedIndex = 0;
startDateTB.Text = string.Empty;
endDateTB.Text = string.Empty;
videoDurationTB.Text = string.Empty;
adCategoryTB.Text = string.Empty;
billboardDisplayTB.Text = string.Empty;
for (int i = 0; i < CheckBoxList1.Items.Count; i++)
{
CheckBoxList1.Items[i].Selected = false;
}
for (int i = 0; i > CheckBoxList2.Items.Count; i++)
{
CheckBoxList2.Items[i].Selected = false;
}
//alertWarning.Visible = false;
//alertSuccess.Visible = true;
Session["AdvertCreate"] = 2;
Response.Redirect("AdvertList.aspx");
}
}