public static int MarkBillAsPaid(int _BillID, string _Remarks) { //Select totalamount of bill SqlParameter[] BID = { new SqlParameter("@BID", _BillID) }; string strGetTotalAmt = "SELECT TotalAmount FROM Bills WHERE BillID=@BID"; double TotalAmt = Convert.ToDouble(DataAccess.ReturnData(strGetTotalAmt, BID, ConnString, "TotalAmount")); //Insert New Reciept with total amount and remarks SqlParameter[] InsertRParams = { new SqlParameter("@AMT", TotalAmt), new SqlParameter("@RMKS", AntiXSSMethods.CleanString(_Remarks)) }; int NewReceiptID = DataAccess.InsertAndGetIndex("INSERT INTO Receipts (Amount, Remarks) VALUES (@AMT, @RMKS)", InsertRParams, ConnString); //Update Bill as Paid SqlParameter[] ReceiptParams = { new SqlParameter("@RID", NewReceiptID), new SqlParameter("@BID", _BillID) }; DataAccess.DataProcessExecuteNonQuery("UPDATE Bills SET IsPaid=1, ReceiptID=@RID WHERE BillID=@BID", ReceiptParams, ConnString); //return new reciept ID return(NewReceiptID); }
//1 - Tenant 2 - Employee private void RecordDTR(int _UserType, int _UserID, string _InOrOut, string _Remarks) { string Column; if (_UserType == 1) { Column = "TenantID"; } else { Column = "EmployeeID"; } string strInsertQuery = "INSERT INTO DTR (" + Column + ", EntryType, Remarks) VALUES (@ID, @EntryType, @Remarks)"; SqlParameter[] Params = { new SqlParameter("@ID", _UserID), new SqlParameter("@EntryType", _InOrOut), new SqlParameter("@Remarks", AntiXSSMethods.CleanString(_Remarks)) }; DataAccess.DataProcessExecuteNonQuery(strInsertQuery, Params, ConnString); }
protected void btnSubmit_Click(object sender, EventArgs e) { bool UsernameExists = UserManagement.General.CheckIfExisting(textUname.Text); if (UsernameExists != true) { string strInsert = "INSERT INTO Guardians (FName, MName, LName, Gender, BDate, ContactNo, Email, Address, UN, Pwd) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @address, @un, @pwd)"; SqlParameter[] insertParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(textFname.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(textMname.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(textLname.Text)), new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)), new SqlParameter("@bdate", Convert.ToDateTime(textBirthday.Text)), new SqlParameter("@contact", AntiXSSMethods.CleanString(textContactNo.Text)), new SqlParameter("@email", AntiXSSMethods.CleanString(textEmail.Text)), new SqlParameter("@address", AntiXSSMethods.CleanString(textSaddress.Text)), new SqlParameter("@un", AntiXSSMethods.CleanString(textUname.Text)), new SqlParameter("@pwd", Encryption.GenerateBCryptHash(textPassword.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Guardian", EmployeeID); Response.Redirect("TGLink.aspx"); } }
protected void Page_Load(object sender, EventArgs e) { string username = "******"; string CurfewTime; bool HasCurfew; string strGetCurfew = "SELECT CurfewTime FROM Tenants WHERE UN=@UN"; SqlParameter[] UNParam = { new SqlParameter("@UN", AntiXSSMethods.CleanString(username)) }; try { CurfewTime = DataAccess.ReturnData(strGetCurfew, UNParam, ConnString, "CurfewTime"); DateTime Curfew = Convert.ToDateTime(DateTime.Now.ToShortDateString() + " " + CurfewTime); //Response.Write(Curfew); HasCurfew = true; } catch (Exception ex) { //Response.Write(ex.Message); HasCurfew = false; } if (HasCurfew == true) { //kaw bahala... may curfew si tenant } else { //walang curfew si tenant } }
public static int CheckUser(string _UN, string _PWD) { string strUsername = AntiXSSMethods.CleanString(_UN); try { string strCheck = "SELECT Pwd FROM Employees WHERE UN=@UN"; SqlParameter[] CheckParams = { new SqlParameter("@UN", strUsername), }; string PasswordToCompare = DataAccess.ReturnData(strCheck, CheckParams, ConnString, "Pwd"); if (BCrypt.CheckPassword(AntiXSSMethods.CleanString(_PWD), PasswordToCompare)) { string strGetID = "SELECT EmployeeID FROM Employees WHERE UN=@UN"; SqlParameter[] GetIDParams = { new SqlParameter("@UN", strUsername), }; return(int.Parse(DataAccess.ReturnData(strGetID, GetIDParams, ConnString, "EmployeeID"))); } else { return(0); } } catch { return(0); } }
public static int CheckUser(string _UN, string _PWD) { string strUsername = AntiXSSMethods.CleanString(_UN); try { string strCheck = "SELECT Pwd FROM Guardians WHERE UN=@UN"; SqlParameter[] CheckParams = { new SqlParameter("@UN", strUsername), }; string PasswordToCompare = DataAccess.ReturnData(strCheck, CheckParams, ConnString, "Pwd"); //if (PasswordToCompare == Encryption.MD5(AntiXSSMethods.CleanString(_PWD))) -- This used MD5, code below uses BCRYPT NOWs if (BCrypt.CheckPassword(AntiXSSMethods.CleanString(_PWD), PasswordToCompare)) { string strGetID = "SELECT GuardianID FROM Guardians WHERE UN=@UN"; SqlParameter[] GetIDParams = { new SqlParameter("@UN", strUsername), }; return(int.Parse(DataAccess.ReturnData(strGetID, GetIDParams, ConnString, "GuardianID"))); } else { return(0); } } catch { return(0); } }
//checks if user is existing in three tables public static bool CheckIfExisting(string _input) { string input = AntiXSSMethods.CleanString(_input); SqlParameter[] checkUNParam1 = { new SqlParameter("@un", input) }; SqlParameter[] checkUNParam2 = { new SqlParameter("@un", input) }; SqlParameter[] checkUNParam3 = { new SqlParameter("@un", input) }; bool isEmployee = DataAccess.DetermineIfExisting("SELECT * FROM Employees WHERE UN=@un", checkUNParam1, ConnString); bool isTenant = DataAccess.DetermineIfExisting("SELECT * FROM Tenants WHERE UN=@un", checkUNParam2, ConnString); bool isGuardian = DataAccess.DetermineIfExisting("SELECT * FROM Guardians WHERE UN=@un", checkUNParam3, ConnString); if (isEmployee == false && isTenant == false && isGuardian == false) //if (isEmployee == false && isTenant == false) { return(false); } else { return(true); } }
protected void btnSubmit_Click(object sender, EventArgs e) { string strImageFile = UploadPhoto(); Response.Write(UploadPhoto()); if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid")) { if (strImageFile == "nofile") { strImageFile = ""; } if (checkInputs()) { bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text); if (UsernameExists != true) { string strInsert = "INSERT INTO Employees (FName, MName, LName, Gender, BDate, ContactNo, Email, AdminLevel, UN, PWD, DateOfEmployment, PhotoFile) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @adminlevel, @un, @pwd, @doe, @photofile)"; SqlParameter[] insrtParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", ddlGender.SelectedValue), new SqlParameter("@bdate", Convert.ToDateTime(txtBDay.Text)), new SqlParameter("@contact", AntiXSSMethods.CleanString((txtContact.Text))), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)), new SqlParameter("@adminlevel", ddlAdminLevel.SelectedValue), new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)), //new SqlParameter("@pwd", Encryption.MD5(AntiXSSMethods.CleanString((txtPwd2.Text)))), new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)), new SqlParameter("@doe", Convert.ToDateTime(txtDateEmployeed.Text)), new SqlParameter("@photofile", strImageFile) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insrtParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Employee", EmployeeID); Response.Redirect("ManageEmployees.aspx"); } else { lblAlert.Text = "Username already taken!"; } } else { lblAlert.Text = "Invalid or Blank Inputs!"; } } else if (strImageFile == "large") { lblAlert.Text = "Photo File exceeds 1MB!"; } else if (strImageFile == "invalid") { lblAlert.Text = "Photo File is not valid!"; } }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO TGLink (TenantID, GuardianID, Relation) VALUES (@TID, @GID, @relation)"; SqlParameter[] insertParam = { new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@GID", AntiXSSMethods.CleanString(ddlGuardian.SelectedValue)), new SqlParameter("@relation", AntiXSSMethods.CleanString(txtRelation.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant link to Guardian", EmployeeID); Response.Redirect("GuardianMgt.aspx"); }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Expenses(ExpenseType, Amount, Remarks, EmployeeID) VALUES (@type, @amount, @remarks, @EID)"; SqlParameter[] insertParam = { new SqlParameter("@type", AntiXSSMethods.CleanString(ddlExpenseType.SelectedValue)), new SqlParameter("@amount", AntiXSSMethods.CleanString(txtAmount.Text)), new SqlParameter("@remarks", AntiXSSMethods.CleanString(txtRemarks.Text)), new SqlParameter("@EID", EmployeeID) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, connString); Response.Redirect("ExpenseMgt.aspx"); }
protected void Button1_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Messages (EmployeeID, TenantID, Subject, Message) VALUES (@EID, @TID, @subject, @message)"; SqlParameter[] insertParam = { new SqlParameter("@EID", EmployeeID), new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@message", AntiXSSMethods.CleanString(txtMsg.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Sent a message", EmployeeID); //Response.Write("<script>alert('Message sent!');</script>"); Response.Redirect("~/Admin/MessageMgt.aspx"); }
protected void btnResetPass2_Click(object sender, EventArgs e) { if (Encryption.MD5(AntiXSSMethods.CleanString(txtPassword.Text)) == Session["KEY"].ToString()) { string strResetPass = "******" + Encryption.MD5("12345") + "' WHERE TenantID=@TID"; SqlParameter[] EID = { new SqlParameter("@TID", TenantID) }; DataAccess.DataProcessExecuteNonQuery(strResetPass, EID, connString); MPEResetPass.Hide(); lblAlert.Text = "Password reset successful!"; } else { lblAlert.Text = "Password reset not successful! You have entered your password incorrectly."; MPEResetPass.Hide(); } }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Violations (TenantID, EmployeeID, Title, Description, Fine) VALUES (@tid, @eid, @title, @desc, @fine)"; SqlParameter[] insertParam = { new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@eid", EmployeeID), new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)), new SqlParameter("@desc", AntiXSSMethods.CleanString(txtDesc.Text)), new SqlParameter("@fine", AntiXSSMethods.CleanString(txtFine.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Violation", EmployeeID); Response.Redirect("~/Admin/ViolationMgt.aspx"); }
protected void btnSearch_Click(object sender, EventArgs e) { if (ddlSearch.SelectedValue != "") { string strSelect = "SELECT * FROM Employees WHERE " + AntiXSSMethods.MakeStringSafeForSQL(ddlSearch.SelectedValue) + " LIKE @entry AND EmployeeID !='" + CurrentUserID.ToString() + "' ORDER BY EmployeeID DESC"; SqlParameter[] SearchVal = { new SqlParameter("@entry", "%" + AntiXSSMethods.CleanString(txtSearch.Text) + "%") }; DataSet ds = DataAccess.DataProcessReturnData(strSelect, SearchVal, connString); GrdEmployees.DataSourceID = string.Empty; GrdEmployees.DataSource = ds; GrdEmployees.DataBind(); } else { } }
public string UploadPhoto() { string result; try { if (FupPhoto.HasFile) { ImageProcess img = new ImageProcess(); Stream imgStream = FupPhoto.FileContent; //validates if file is a valid JPG/PNG image bool isValidType = img.ValidateImageFileType(imgStream); //validates if file meets valid size; bool isValidSize = img.ValidateImageFileSize(imgStream, 1048576); if (isValidType == false) { return("invalid"); } if (isValidSize == false) { return("large"); } string FileExtension = Path.GetExtension(FupPhoto.FileName).ToLower(); string NewFileName = "Employee_" + AntiXSSMethods.CleanString(txtUN.Text) + "_" + StringCustomizers.dateStampNoID + FileExtension; FupPhoto.SaveAs(Server.MapPath(@"~/uploads/" + NewFileName)); result = NewFileName; } else { result = "nofile"; } } catch (Exception ex) { result = "error: " + ex.Message; } finally { FupPhoto.Dispose(); } return(result); }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO ServiceRequest (TenantID, Title, Details, Remarks, Priority) VALUES (@TID, @title, @details, @remarks, @priority)"; SqlParameter[] insertParam = { new SqlParameter("@TID", TenantID), new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)), new SqlParameter("@details", AntiXSSMethods.CleanString(txtDetails.Text)), new SqlParameter("@remarks", remarks), new SqlParameter("@priority", priority) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateTenantAuditTrail("Added new service request", TenantID); //Response.Write("<script>alert('Success!');</script>"); Response.Redirect("~/Tenant/ServiceRequestMgt.aspx"); }
protected void btnUpdate_Click(object sender, EventArgs e) { try { string curfewTime; if (cbkDisableCurfew.Checked) { curfewTime = ""; } else { curfewTime = DDLHR.SelectedValue + ":" + DDLMIN.SelectedValue; } string strUpdate = "UPDATE Tenants SET AdminLevel=@adminlevel, Gender=@gender, Photofile=@photofile, ContactNo=@contactno, BDate=@bdate, Email=@email, FName=@fname, MName=@mname, LName=@lname, Street=@street, City=@city, Region=@region, Country=@country, CurfewTime=@curfewtime WHERE TenantID=@TID"; photofile = UploadPhoto(); SqlParameter[] UpdateParams = { new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)), new SqlParameter("@photofile", photofile), new SqlParameter("@contactno", AntiXSSMethods.CleanString(txtContactNo.Text)), new SqlParameter("@bdate", Convert.ToDateTime(txtDOB.Text)), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmailAdd.Text)), new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)), new SqlParameter("@city", AntiXSSMethods.CleanString(txtCity.Text)), new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)), new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)), new SqlParameter("@TID", TenantID), new SqlParameter("@curfewtime", curfewTime) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, connString); loaddata(TenantID); lblAlert.Text = "Tenant information saved."; } catch (Exception ex) { Response.Write(ex.Message); } }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Announcement (Subject, Message, EmployeeID) VALUES (@subject, @message, @eid)"; SqlParameter[] insertParam = { new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@message", Server.HtmlEncode(txtMsg.Text.Trim())), new SqlParameter("@eid", EmployeeID) }; int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Announcement", EmployeeID); //DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); //Response.Write("<script>alert('Success!');</script>"); Response.Redirect("ViewAnnouncement.aspx?ID=" + newID.ToString()); }
protected void btnSearch_Click(object sender, EventArgs e) { if (ddlCategory.SelectedValue + ddlUserType.SelectedValue != "") { string strSelect = "SELECT * FROM DTR WHERE " + ddlCategory.SelectedValue + ddlUserType.SelectedValue + " LIKE @entry AND DTR_ID !='" + SelectedUser.ToString() + "' ORDER BY Username DESC"; SqlParameter[] SearchVal = { new SqlParameter("@entry", "%" + AntiXSSMethods.CleanString(txtSearch.Text) + "%") }; DataSet ds = DataAccess.DataProcessReturnData(strSelect, SearchVal, connString); GRD_Results.DataSourceID = string.Empty; GRD_Results.DataSourceID = string.Empty; GRD_Results.DataBind(); } else { } }
protected void btnUpdate_Click(object sender, EventArgs e) { int fpid; try { fpid = int.Parse(AntiXSSMethods.CleanString(txtFPID.Text)); } catch { fpid = 0; } try { string strUpdate = "UPDATE Tenants SET PhotoFile=@photofile, FingerprintID=@fpid, FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, MobileNo=@mobno, Email=@email, Street=@street, City=@city, Region=@region, Country=@country WHERE TenantID=@TID"; photofile = UploadPhoto(); SqlParameter[] UpdateParams = { new SqlParameter("@fpid", fpid), new SqlParameter("@photofile", photofile), new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)), new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtDOB.Text)), new SqlParameter("@mobno", AntiXSSMethods.CleanString(txtContactNo.Text)), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmailAdd.Text)), new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)), new SqlParameter("@city", AntiXSSMethods.CleanString(txtCityProvince.Text)), new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)), new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)), new SqlParameter("@TID", TenantID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated tenants details", EmployeeID); loaddata(TenantID); lblAlert.Text = "Tenant information saved."; } catch (Exception ex) { Response.Write(ex.Message); } }
protected void btnUpdate_Click(object sender, EventArgs e) { try { if (ddlRemarks.SelectedValue == "Completed") { txtDateCompleted.Visible = true; string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority, DateCompleted=@dateCompleted WHERE ServiceRequestID=@SRID"; SqlParameter[] updateParam = { new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)), new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)), new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)), new SqlParameter("@dateCompleted", AntiXSSMethods.CleanString(txtDateCompleted.Text)), new SqlParameter("@SRID", ServiceRequestID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID); loaddata(ServiceRequestID); lblAlert.Text = "Update saved!"; } else { string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority WHERE ServiceRequestID=@SRID"; SqlParameter[] updateParam = { new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)), new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)), new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)), new SqlParameter("@SRID", ServiceRequestID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID); loaddata(ServiceRequestID); lblAlert.Text = "Update saved!"; } } catch (Exception ex) { Response.Write(ex.Message); } }
protected void btnUpdate_Click(object sender, EventArgs e) { if (CheckInputs()) { string strUpdate = "UPDATE Announcement SET Message=@message, Subject=@subject WHERE AnnouncementID=@AID"; SqlParameter[] UpdateParams = { new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@message", Server.HtmlEncode(AntiXSSMethods.CleanString(txtMsg.Text))), new SqlParameter("@AID", AnnouncementID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated announcement", EmployeeID); lblAlert.Text = "Announcement updated!"; } else { lblAlert.Text = "Update failed. Some fields are blank."; } }
bool CheckInputs() { oldpass = AntiXSSMethods.CleanString(txtOldPass.Text); if (oldpass == "") { return(false); } if (AntiXSSMethods.CleanString(txtNewPass.Text) == AntiXSSMethods.CleanString(txtRetypeNewPass.Text)) { //newpass = AntiXSSMethods.CleanString(txtNewPass.Text); newpass = Encryption.GenerateBCryptHash(txtNewPass.Text); } else { return(false); } return(true); }
protected void btnUpdate_Click(object sender, EventArgs e) { int SelectedGuardian = int.Parse(grdGuardian.SelectedDataKey["GuardianID"].ToString()); string strUpdate = "UPDATE Guardians SET FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, ContactNo=@contactNo, Email=@email, Address=@address WHERE GuardianID=@GID"; SqlParameter[] updateParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)), new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)), new SqlParameter("@contactNo", AntiXSSMethods.CleanString(txtContact.Text)), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)), new SqlParameter("@address", AntiXSSMethods.CleanString(txtAddress.Text)), new SqlParameter("@GID", SelectedGuardian) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated guardians details", EmployeeID); lblAlert.Text = "Successfully Updated!"; grdGuardian.DataBind(); loaddata(SelectedGuardian); }
protected void btnReg_Click(object sender, EventArgs e) { if (checkInputs()) { string strInsert = "INSERT INTO Assets (TenantID, AssetType, ModelName, BrandName,SerialNo, Amount) VALUES (@tid, @type, @model, @brand, @serial, @amount)"; SqlParameter[] insertParam = { new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@type", AntiXSSMethods.CleanString(ddlType.SelectedValue)), new SqlParameter("@model", AntiXSSMethods.CleanString(txtModel.Text)), new SqlParameter("@brand", AntiXSSMethods.CleanString(txtBrand.Text)), new SqlParameter("@serial", AntiXSSMethods.CleanString(txtSerial.Text)), new SqlParameter("@amount", StringCustomizers.CheckMoney(Convert.ToDouble(AntiXSSMethods.CleanString(txtAmount.Text)))) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Asset", EmployeeID); Response.Redirect("~/Admin/ManageAssets.aspx"); } else { lblAlert.Text = "Please check your input fields for invalid entries"; } }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Complaints (TenantID, Subject, Details, Status) VALUES (@TID, @subj, @details, @status)"; SqlParameter[] insertParam = { new SqlParameter("@TID", TenantID), new SqlParameter("@subj", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@details", AntiXSSMethods.CleanString(txtMsg.Text)), new SqlParameter("@status", status) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateTenantAuditTrail("Added new complaints", TenantID); //Response.Write("<script>alert('Success!');</script>"); Response.Redirect("AddComplaint.aspx"); lblAlert.Text = "Complaint submitted!"; if (IsPostBack) { txtSubject.Text = ""; txtMsg.Text = ""; } }
protected void btnResetPass_Click(object sender, EventArgs e) { string TableName = ""; string Username = AntiXSSMethods.CleanString(txtUsername.Text); if (Username != "") { bool IsExisting = General.CheckIfExisting(Username); if (IsExisting) { //role = 1 Employee, 2 Tenant, 3 Guardian, 4 - error that will most likely not happen! :) int role = General.CheckRole(Username); //Response.Write(role.ToString()); string newpass = StringCustomizers.RandomStr(); string encryptednewpass = Encryption.GenerateBCryptHash(newpass); if (role == 1) { TableName = "Employees"; } else if (role == 2) { TableName = "Tenants"; } else if (role == 3) { TableName = "Guardians"; } string UpdatePWD = "UPDATE " + TableName + " SET Pwd=@pwd WHERE UN=@UN"; SqlParameter[] Params = { new SqlParameter("@UN", Username), new SqlParameter("@pwd", encryptednewpass) }; DataAccess.DataProcessExecuteNonQuery(UpdatePWD, Params, ConnString); //sends email SqlParameter[] UN = { new SqlParameter("@UN", Username) }; string email = DataAccess.ReturnData("SELECT Email FROM " + TableName + " WHERE UN=@UN", UN, ConnString, "Email"); bool mailIsSent = sendmail(email, newpass); if (mailIsSent) { lblAlert.Text = "Your password has been successfully reset. Please check your registered email's inbox for your new password. Don't forget to check your junk mailbox."; } else { lblAlert.Text = "Email is not sent. You may ask an administrator to reset your password for you."; } } else { lblAlert.Text = "Username doesn't exist!"; } } else { lblAlert.Text = "No username entered!"; } }
protected void btnSubmit_Click(object sender, EventArgs e) { string curfewTime; if (cbkDisableCurfew.Checked) { curfewTime = ""; } else { curfewTime = DDLHR.SelectedValue + ":" + DDLMIN.SelectedValue; } string strImageFile = UploadPhoto(); if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid")) { if (strImageFile == "nofile") { strImageFile = ""; } if (checkInputs()) { bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text); if (UsernameExists != true) { string strInsert = "INSERT INTO Tenants (FName, MName, LName, Gender, Email, BDate, Street, City, Region, Country, MobileNo, UN, Pwd, CurfewTime) VALUES (@fname, @mname, @lname, @gender, @email, @bdate, @street, @city, @region, @country, @mobileNo, @un, @pwd, @curfewtime)"; SqlParameter[] insertParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", ddlGender.SelectedValue), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)), new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)), new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)), new SqlParameter("@city", AntiXSSMethods.CleanString(txtCity.Text)), new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)), new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)), new SqlParameter("@mobileNo", AntiXSSMethods.CleanString(txtContact.Text)), new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)), new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)), new SqlParameter("@curfewtime", curfewTime) }; int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant", EmployeeID); Response.Redirect("Contract.aspx?ID=" + newID.ToString()); } else { lblAlert.Text = "Username already taken!"; } } else { lblAlert.Text = "Birth date is invalid!"; } } else if (strImageFile == "large") { lblAlert.Text = "Photo File exceeds 1MB!"; } else if (strImageFile == "invalid") { lblAlert.Text = "Photo File is not valid!"; } }
private void setSearch() { dsSearch.ConnectionString = ConnString; if (ddlCategory.SelectedValue != "" && ddlUserType.SelectedValue != "") { if (ddlUserType.SelectedValue == "Tenants") { SelectTenant += " WHERE " + AntiXSSMethods.MakeStringSafeForSQL(ddlCategory.SelectedValue) + " LIKE @SQ"; SearcQuery = SelectTenant; SelectedUserType = 1; } else if (ddlUserType.SelectedValue == "Employees") { SelectEmployee += " WHERE " + AntiXSSMethods.MakeStringSafeForSQL(ddlCategory.SelectedValue) + " LIKE @SQ"; SearcQuery = SelectEmployee; SelectedUserType = 2; } ViewState.Add("UserType", SelectedUserType.ToString()); dsSearch.SelectParameters.Add(new Parameter("SQ", System.Data.DbType.String, "%" + AntiXSSMethods.CleanString(txtSearchQuery.Text) + "%")); dsSearch.SelectCommand = SearcQuery; dsSearch.DataBind(); GRD_Results.DataSource = dsSearch; GRD_Results.DataBind(); lblAlert.Text = ""; } else if (ddlUserType.SelectedValue != "" && ddlCategory.SelectedValue == "") { //no category selected clearGrid(); lblAlert.Text = "No Category selected."; } else if (ddlUserType.SelectedValue == "" && ddlCategory.SelectedValue != "") { //no category selected clearGrid(); lblAlert.Text = "No User Type selected."; } else { //no category selected lblAlert.Text = "Please complete fields!"; clearGrid(); } }
protected void btnRecordPayment_Click(object sender, EventArgs e) { //I need bill ID... to follow //Response.Redirect("BillPayment.aspx?ID="); int NewBillID = AcctFunctions.MarkBillAsPaid(int.Parse(DDLBillPeriod.SelectedValue), AntiXSSMethods.CleanString(txtPayRemarks.Text)); AcctFunctions.ClearPreviousBills(TenantID); Response.Redirect("Receipt.aspx?ID=" + NewBillID.ToString()); }