protected void btnChangePass_Click(object sender, EventArgs e) { if (CheckInputs()) { try { string strUpdateQuery = "UPDATE Employees SET PWD=@PWD WHERE EmployeeID=@EID"; SqlParameter[] UpdateParams = { //new SqlParameter("@PWD", Encryption.MD5(newpass)), new SqlParameter("@PWD", newpass), new SqlParameter("@EID", EmployeeID) }; DataAccess.DataProcessExecuteNonQuery(strUpdateQuery, UpdateParams, ConnString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Password change", EmployeeID); //Session.Add("KEY", Encryption.MD5(newpass)); Session.Add("KEY", newpass); lblAlert.Text = "Change password succeeded!"; } catch { lblAlert.Text = "Change password failed!"; } } else { lblAlert.Text = "Please check your inputs."; } }
protected void btnSubmit_Click(object sender, EventArgs e) { bool UsernameExists = UserManagement.General.CheckIfExisting(textUname.Text); if (UsernameExists != true) { string strInsert = "INSERT INTO Guardians (FName, MName, LName, Gender, BDate, ContactNo, Email, Address, UN, Pwd) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @address, @un, @pwd)"; SqlParameter[] insertParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(textFname.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(textMname.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(textLname.Text)), new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)), new SqlParameter("@bdate", Convert.ToDateTime(textBirthday.Text)), new SqlParameter("@contact", AntiXSSMethods.CleanString(textContactNo.Text)), new SqlParameter("@email", AntiXSSMethods.CleanString(textEmail.Text)), new SqlParameter("@address", AntiXSSMethods.CleanString(textSaddress.Text)), new SqlParameter("@un", AntiXSSMethods.CleanString(textUname.Text)), new SqlParameter("@pwd", Encryption.GenerateBCryptHash(textPassword.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Guardian", EmployeeID); Response.Redirect("TGLink.aspx"); } }
protected void btnSubmit_Click(object sender, EventArgs e) { string strImageFile = UploadPhoto(); Response.Write(UploadPhoto()); if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid")) { if (strImageFile == "nofile") { strImageFile = ""; } if (checkInputs()) { bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text); if (UsernameExists != true) { string strInsert = "INSERT INTO Employees (FName, MName, LName, Gender, BDate, ContactNo, Email, AdminLevel, UN, PWD, DateOfEmployment, PhotoFile) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @adminlevel, @un, @pwd, @doe, @photofile)"; SqlParameter[] insrtParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", ddlGender.SelectedValue), new SqlParameter("@bdate", Convert.ToDateTime(txtBDay.Text)), new SqlParameter("@contact", AntiXSSMethods.CleanString((txtContact.Text))), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)), new SqlParameter("@adminlevel", ddlAdminLevel.SelectedValue), new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)), //new SqlParameter("@pwd", Encryption.MD5(AntiXSSMethods.CleanString((txtPwd2.Text)))), new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)), new SqlParameter("@doe", Convert.ToDateTime(txtDateEmployeed.Text)), new SqlParameter("@photofile", strImageFile) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insrtParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Employee", EmployeeID); Response.Redirect("ManageEmployees.aspx"); } else { lblAlert.Text = "Username already taken!"; } } else { lblAlert.Text = "Invalid or Blank Inputs!"; } } else if (strImageFile == "large") { lblAlert.Text = "Photo File exceeds 1MB!"; } else if (strImageFile == "invalid") { lblAlert.Text = "Photo File is not valid!"; } }
protected void btnDelete_Click(object sender, EventArgs e) { string strDelete = "DELETE FROM Assets WHERE AssetID=@AID"; SqlParameter[] delParam = { new SqlParameter("@AID", AssetID) }; DataAccess.DataProcessExecuteNonQuery(strDelete, delParam, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Deleted asset!", EmployeeID); Response.Redirect("ManageAssets.aspx"); }
protected void btnUpdate_Click(object sender, EventArgs e) { string strUpdate = "UPDATE Complaints SET Status=@status WHERE ComplaintID=@CID"; SqlParameter[] updateParam = { new SqlParameter("@status", ddlStatus.SelectedValue), new SqlParameter("@CID", ComplaintID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated complaint status", EmployeeID); lblAlert.Text = "Complaint status updated"; }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Rooms (RoomNo, UnitTypeID) VALUES (@roomNo, @unitType)"; SqlParameter[] insertParam = { new SqlParameter("@roomNo", txtRoomNo.Text), new SqlParameter("@unitType", ddlUnitType.SelectedValue) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Room", EmployeeID); Response.Redirect("~/Admin/RoomMgt.aspx"); }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO BedSpaces (RoomID, BedSide) VALUES (@roomID, @side)"; SqlParameter[] insertParam = { new SqlParameter("@roomID", ddlRoomNo.SelectedValue), new SqlParameter("@side", ddlSide.SelectedValue) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Bedspace", EmployeeID); Response.Redirect("~/Admin/RoomMgt.aspx"); }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO TGLink (TenantID, GuardianID, Relation) VALUES (@TID, @GID, @relation)"; SqlParameter[] insertParam = { new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@GID", AntiXSSMethods.CleanString(ddlGuardian.SelectedValue)), new SqlParameter("@relation", AntiXSSMethods.CleanString(txtRelation.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant link to Guardian", EmployeeID); Response.Redirect("GuardianMgt.aspx"); }
protected void btnUpdate_Click(object sender, EventArgs e) { string strUpdate = "UPDATE Assets SET Amount=@amount WHERE AssetID=@AID"; SqlParameter[] updateParam = { new SqlParameter("@AID", AssetID), new SqlParameter("@amount", Convert.ToDouble(txtAmount.Text)) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated assets amount", EmployeeID); loaddata(AssetID); lblAlert.Text = "Successfully Updated!"; }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Violations (TenantID, EmployeeID, Title, Description, Fine) VALUES (@tid, @eid, @title, @desc, @fine)"; SqlParameter[] insertParam = { new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@eid", EmployeeID), new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)), new SqlParameter("@desc", AntiXSSMethods.CleanString(txtDesc.Text)), new SqlParameter("@fine", AntiXSSMethods.CleanString(txtFine.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Violation", EmployeeID); Response.Redirect("~/Admin/ViolationMgt.aspx"); }
protected void Button1_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Messages (EmployeeID, TenantID, Subject, Message) VALUES (@EID, @TID, @subject, @message)"; SqlParameter[] insertParam = { new SqlParameter("@EID", EmployeeID), new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@message", AntiXSSMethods.CleanString(txtMsg.Text)) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Sent a message", EmployeeID); //Response.Write("<script>alert('Message sent!');</script>"); Response.Redirect("~/Admin/MessageMgt.aspx"); }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO ServiceRequest (TenantID, Title, Details, Remarks, Priority) VALUES (@TID, @title, @details, @remarks, @priority)"; SqlParameter[] insertParam = { new SqlParameter("@TID", TenantID), new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)), new SqlParameter("@details", AntiXSSMethods.CleanString(txtDetails.Text)), new SqlParameter("@remarks", remarks), new SqlParameter("@priority", priority) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateTenantAuditTrail("Added new service request", TenantID); //Response.Write("<script>alert('Success!');</script>"); Response.Redirect("~/Tenant/ServiceRequestMgt.aspx"); }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Announcement (Subject, Message, EmployeeID) VALUES (@subject, @message, @eid)"; SqlParameter[] insertParam = { new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@message", Server.HtmlEncode(txtMsg.Text.Trim())), new SqlParameter("@eid", EmployeeID) }; int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Announcement", EmployeeID); //DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); //Response.Write("<script>alert('Success!');</script>"); Response.Redirect("ViewAnnouncement.aspx?ID=" + newID.ToString()); }
protected void btnUpdate_Click(object sender, EventArgs e) { int fpid; try { fpid = int.Parse(AntiXSSMethods.CleanString(txtFPID.Text)); } catch { fpid = 0; } try { string strUpdate = "UPDATE Tenants SET PhotoFile=@photofile, FingerprintID=@fpid, FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, MobileNo=@mobno, Email=@email, Street=@street, City=@city, Region=@region, Country=@country WHERE TenantID=@TID"; photofile = UploadPhoto(); SqlParameter[] UpdateParams = { new SqlParameter("@fpid", fpid), new SqlParameter("@photofile", photofile), new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)), new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtDOB.Text)), new SqlParameter("@mobno", AntiXSSMethods.CleanString(txtContactNo.Text)), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmailAdd.Text)), new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)), new SqlParameter("@city", AntiXSSMethods.CleanString(txtCityProvince.Text)), new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)), new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)), new SqlParameter("@TID", TenantID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated tenants details", EmployeeID); loaddata(TenantID); lblAlert.Text = "Tenant information saved."; } catch (Exception ex) { Response.Write(ex.Message); } }
protected void btnUpdate_Click(object sender, EventArgs e) { try { if (ddlRemarks.SelectedValue == "Completed") { txtDateCompleted.Visible = true; string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority, DateCompleted=@dateCompleted WHERE ServiceRequestID=@SRID"; SqlParameter[] updateParam = { new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)), new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)), new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)), new SqlParameter("@dateCompleted", AntiXSSMethods.CleanString(txtDateCompleted.Text)), new SqlParameter("@SRID", ServiceRequestID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID); loaddata(ServiceRequestID); lblAlert.Text = "Update saved!"; } else { string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority WHERE ServiceRequestID=@SRID"; SqlParameter[] updateParam = { new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)), new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)), new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)), new SqlParameter("@SRID", ServiceRequestID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID); loaddata(ServiceRequestID); lblAlert.Text = "Update saved!"; } } catch (Exception ex) { Response.Write(ex.Message); } }
protected void btnUpdate_Click(object sender, EventArgs e) { if (CheckInputs()) { string strUpdate = "UPDATE Announcement SET Message=@message, Subject=@subject WHERE AnnouncementID=@AID"; SqlParameter[] UpdateParams = { new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@message", Server.HtmlEncode(AntiXSSMethods.CleanString(txtMsg.Text))), new SqlParameter("@AID", AnnouncementID) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated announcement", EmployeeID); lblAlert.Text = "Announcement updated!"; } else { lblAlert.Text = "Update failed. Some fields are blank."; } }
protected void btnUpdate_Click(object sender, EventArgs e) { int SelectedGuardian = int.Parse(grdGuardian.SelectedDataKey["GuardianID"].ToString()); string strUpdate = "UPDATE Guardians SET FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, ContactNo=@contactNo, Email=@email, Address=@address WHERE GuardianID=@GID"; SqlParameter[] updateParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)), new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)), new SqlParameter("@contactNo", AntiXSSMethods.CleanString(txtContact.Text)), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)), new SqlParameter("@address", AntiXSSMethods.CleanString(txtAddress.Text)), new SqlParameter("@GID", SelectedGuardian) }; DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated guardians details", EmployeeID); lblAlert.Text = "Successfully Updated!"; grdGuardian.DataBind(); loaddata(SelectedGuardian); }
protected void btnSubmit_Click(object sender, EventArgs e) { string strInsert = "INSERT INTO Complaints (TenantID, Subject, Details, Status) VALUES (@TID, @subj, @details, @status)"; SqlParameter[] insertParam = { new SqlParameter("@TID", TenantID), new SqlParameter("@subj", AntiXSSMethods.CleanString(txtSubject.Text)), new SqlParameter("@details", AntiXSSMethods.CleanString(txtMsg.Text)), new SqlParameter("@status", status) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateTenantAuditTrail("Added new complaints", TenantID); //Response.Write("<script>alert('Success!');</script>"); Response.Redirect("AddComplaint.aspx"); lblAlert.Text = "Complaint submitted!"; if (IsPostBack) { txtSubject.Text = ""; txtMsg.Text = ""; } }
protected void btnReg_Click(object sender, EventArgs e) { if (checkInputs()) { string strInsert = "INSERT INTO Assets (TenantID, AssetType, ModelName, BrandName,SerialNo, Amount) VALUES (@tid, @type, @model, @brand, @serial, @amount)"; SqlParameter[] insertParam = { new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@type", AntiXSSMethods.CleanString(ddlType.SelectedValue)), new SqlParameter("@model", AntiXSSMethods.CleanString(txtModel.Text)), new SqlParameter("@brand", AntiXSSMethods.CleanString(txtBrand.Text)), new SqlParameter("@serial", AntiXSSMethods.CleanString(txtSerial.Text)), new SqlParameter("@amount", StringCustomizers.CheckMoney(Convert.ToDouble(AntiXSSMethods.CleanString(txtAmount.Text)))) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Asset", EmployeeID); Response.Redirect("~/Admin/ManageAssets.aspx"); } else { lblAlert.Text = "Please check your input fields for invalid entries"; } }
protected void btnSubmit_Click(object sender, EventArgs e) { string curfewTime; if (cbkDisableCurfew.Checked) { curfewTime = ""; } else { curfewTime = DDLHR.SelectedValue + ":" + DDLMIN.SelectedValue; } string strImageFile = UploadPhoto(); if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid")) { if (strImageFile == "nofile") { strImageFile = ""; } if (checkInputs()) { bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text); if (UsernameExists != true) { string strInsert = "INSERT INTO Tenants (FName, MName, LName, Gender, Email, BDate, Street, City, Region, Country, MobileNo, UN, Pwd, CurfewTime) VALUES (@fname, @mname, @lname, @gender, @email, @bdate, @street, @city, @region, @country, @mobileNo, @un, @pwd, @curfewtime)"; SqlParameter[] insertParam = { new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)), new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)), new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)), new SqlParameter("@gender", ddlGender.SelectedValue), new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)), new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)), new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)), new SqlParameter("@city", AntiXSSMethods.CleanString(txtCity.Text)), new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)), new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)), new SqlParameter("@mobileNo", AntiXSSMethods.CleanString(txtContact.Text)), new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)), new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)), new SqlParameter("@curfewtime", curfewTime) }; int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant", EmployeeID); Response.Redirect("Contract.aspx?ID=" + newID.ToString()); } else { lblAlert.Text = "Username already taken!"; } } else { lblAlert.Text = "Birth date is invalid!"; } } else if (strImageFile == "large") { lblAlert.Text = "Photo File exceeds 1MB!"; } else if (strImageFile == "invalid") { lblAlert.Text = "Photo File is not valid!"; } }