// GET: UserMaster
public ActionResult ShowUsers()
{
UserViewModel userViewModel = new UserViewModel();
userViewModel.Users = new List <User>();
ClsDB db = new ClsDB();
try
{
_SbQry = new StringBuilder("Select * From UserMaster");
db.Connect();
DataTable dt = db.GetDataTable(_SbQry.ToString());
foreach (DataRow row in dt.Rows)
{
userViewModel.Users.Add(new User {
Id = row["UserId"].ToString(), Name = row["Name"].ToString()
});
}
return(View(userViewModel));
}
catch (Exception ex)
{
ModelState.AddModelError("ErrorMessage", ex.Message);
ViewBag.ErrorMessage = ex.Message;
return(View(userViewModel.Users));
}
finally
{
db.DisConnect();
db = null;
}
}
public void update(string ID, string update_user_id)
{
if (ID == "")
{
return;
}
string err = check_error();
if (err != "")
{
throw new Exception(err);
}
string disable = (this.disabled == "") ? "" : "disabled = " + ClsDB.sqlEncode(this.disabled);
this._strQuery = "UPDATE [User] SET " +
"First_Name = " + ClsDB.sqlEncode(this.first_name) + ", " +
"Last_Name = " + ClsDB.sqlEncode(this.last_name) + ", " +
"Email = " + ClsDB.sqlEncode(this.email) + ", " +
"Note = " + ClsDB.sqlEncode(this.note) + ", " +
"gid = " + ClsDB.sqlEncode(this.gid) + ", " +
"last_update_user_id = " + ClsDB.sqlEncode(update_user_id) + ", " +
"last_update_datetime = " + ClsDB.sqlEncode(DateTime.Now.ToString()) + ", " +
disable +
" WHERE ID = " + ClsDB.sqlEncode(ID);
;
new ClsDB().ExecuteNonQuery(this._strQuery);
}
public JsonResult EditUser(string Id)
{
ClsDB db = new ClsDB();
User user = new User();
try
{
_SbQry = new StringBuilder("Select * From UserMaster Where UserId='" + Id + "'");
db.Connect();
DataTable dt = db.GetDataTable(_SbQry.ToString());
foreach (DataRow row in dt.Rows)
{
user.Id = row["UserId"].ToString();
user.Name = row["Name"].ToString();
}
user.Response = "Y";
}
catch (Exception ex)
{
ModelState.AddModelError("ErrorMessage", ex.Message);
ViewBag.ErrorMessage = ex.Message;
user.Response = "N";
user.ErrorMessage = "Error : " + ex.Message;
}
finally
{
db.DisConnect();
db = null;
}
return(Json(user, JsonRequestBehavior.AllowGet));
}
protected void Page_Load(object sender, EventArgs e)
{
if (this.IsPostBack)
{
this.form1.Text = "";
try
{
this.client.retrieveRequest(this.IsPostBack, Request);
this.client.insert(Session["userid"].ToString());
this.msg.Text = "<font color='green'>The new client has been added.</font> <br/><br/><a href='client_new.aspx'>Add Another New Client</a>";
if (ClsDB.DEBUG())
{
this.msg.Text += "<br/>" + this.client.strQuery();
}
}
catch (Exception ex) {
this.msg.Text = "<p><font color='red'>" + ex.Message + "</font></p>";
this.form1.Text = ShowNewForm();
}
}
else
{
this.msg.Text = "";
this.client.Case_Id = this.getNextCaseId().ToString();
this.form1.Text = ShowNewForm();
}
}
// Note this is complicated by password, so needs special handling.
void insert()
{
string s = this.check_error();
if (s != "")
{
throw new Exception(s);
}
string strQuery = @"INSERT INTO [User] (first_name, last_name, email, login, passwd, note, gid, disabled,
[create_user_id], [create_datetime]) VALUES (" +
ClsDB.sqlEncode(this.user.first_name) + ", " +
ClsDB.sqlEncode(this.user.last_name) + ", " +
ClsDB.sqlEncode(this.user.email) + ", " +
ClsDB.sqlEncode(this.user.login) + ", " +
"HASHBYTES('MD5', " + ClsDB.sqlEncode(Request["txtPwd"]) + "), " +
ClsDB.sqlEncode(this.user.note) + ", " +
ClsDB.sqlEncode(this.user.gid) + ", " +
ClsDB.sqlEncode(this.user.disabled) + ", " +
ClsDB.sqlEncode(Session["userid"].ToString()) + ", " +
ClsDB.sqlEncode(DateTime.Now.ToString()) +
")";
if (ClsDB.DEBUG())
{
Response.Write(strQuery);
}
new ClsDB().ExecuteNonQuery(strQuery);
}
public void cydaPortalAnalysis(PageContentEntity entity)
{
try
{
string pContent = entity.PContent;
Utilities util = new Utilities();
SqlBuild sqlBuild = new SqlBuild();
SqlPara sqlPara = new SqlPara();
ClsDB clsDB = new ClsDB();
RegFunc rf = new RegFunc();
ArrayList arrayList = rf.GetStrArr(pContent, "\"boatid\":", ",");
for (int i = 0; i < arrayList.Count; i++)
{
string nexurl = "http://t.cjcyw.com:8081/Boat/getBoatById.aspx?userid=" + getuser().token + "&id=" + arrayList[i].ToString() + "";
clsPageUrl.AddPageUrl(entity.ProgramName, entity.KeyWord, entity.PID, "cydaDetail", entity.SiteUrl, entity.Url, nexurl,
"GET", "", entity.EnCode, arrayList[i].ToString(), entity.CookieContent, entity.AContent, entity.TrySpiderTimes, entity.Depth + 1);
}
}
catch (Exception ex)
{
ClsLog clsLog = new ClsLog();
clsLog.AddLog(DateTime.Now.ToString(), "分析数据失败" + ex.ToString());
clsLog.AddLog(DateTime.Now.ToString(), entity.SType + ";" + entity.Url + ";");
UrlContorl urlContorl = new UrlContorl();
}
}
public void cyPortalAnalysis(PageContentEntity entity)
{
try
{
string pContent = entity.PContent;
Utilities util = new Utilities();
SqlBuild sqlBuild = new SqlBuild();
SqlPara sqlPara = new SqlPara();
ClsDB clsDB = new ClsDB();
RegFunc rf = new RegFunc();
ArrayList arrayList = rf.GetStrArr(pContent, "\"aid\":", ",");
for (int i = 0; i < 1; i++)
{
string nexurl = "http://t.cjcyw.com:8081/ship/detail";
clsPageUrl.AddPageUrl(entity.ProgramName, entity.KeyWord, entity.PID, "cyDetail", entity.SiteUrl, entity.Url, nexurl,
"POST", "aid=" + arrayList[i].ToString(), entity.EnCode, "aid=" + arrayList[i].ToString(), getuser().cookieContainer, entity.AContent, entity.TrySpiderTimes, entity.Depth + 1);
}
}
catch (Exception ex)
{
ClsLog clsLog = new ClsLog();
clsLog.AddLog(DateTime.Now.ToString(), "分析数据失败" + ex.ToString());
clsLog.AddLog(DateTime.Now.ToString(), entity.SType + ";" + entity.Url + ";");
}
}
public ActionResult EditUser(string Id)
{
ClsDB db = new ClsDB();
User user = new User();
try
{
_SbQry = new StringBuilder("Select * From UserMaster Where UserId='" + Id + "'");
db.Connect();
DataTable dt = db.GetDataTable(_SbQry.ToString());
foreach (DataRow row in dt.Rows)
{
user.Id = row["UserId"].ToString();
user.Name = row["Name"].ToString();
}
return(PartialView(user));
}
catch (Exception ex)
{
ModelState.AddModelError("ErrorMessage", ex.Message);
user.ErrorMessage = ex.Message;
return(PartialView(user));
}
finally
{
db.DisConnect();
db = null;
}
}
public string download_pdf_all()
{
string strQuery = @"select * from [V_Client]";
DataSet ds = new ClsDB().ExecuteDataSet(strQuery);
if (ds.Tables.Count == 0 || ds.Tables[0].Rows.Count == 0)
{
return("<font color='red'>Case not found.</font>");
}
string Case_ID = ds.Tables[0].Rows[0]["Case_Id"].ToString();
String Client_Type = ds.Tables[0].Rows[0]["Client_Type"].ToString();
//Response.Write("Client_Type: " + ds1.Tables[0].Rows[0]["Client_Type"]); //return;
ReportDocument myReportDocument = new ReportDocument();
string report_source = "../client/CrystalReport_all.rpt";
myReportDocument.Load(HttpContext.Current.Server.MapPath(report_source));
myReportDocument.SetDataSource(ds.Tables[0]);
myReportDocument.ExportToHttpResponse
(CrystalDecisions.Shared.ExportFormatType.PortableDocFormat, HttpContext.Current.Response, true, "Case_All");
//myReportDocument.ExportToHttpResponse
// (CrystalDecisions.Shared.ExportFormatType.ExcelRecord, Response, true, "Client_Details_" + Case_ID);
//myReportDocument.ExportToHttpResponse
// (CrystalDecisions.Shared.ExportFormatType.WordForWindows, Response, true, "Client_Details_" + Case_ID);
myReportDocument.Close();
myReportDocument.Dispose();
return("");
}
void ShowClientList()
{
string strQuery =
@"SELECT C.ID, C.Case_Id, C.Client_Type, T.name As Client_Type_Name, C.First_Name, C.Last_Name,
A.name AS Attorney, P.name AS Paralegal, C.Date_Of_Injury
FROM Client C
LEFT OUTER JOIN ClientType T ON C.Client_Type = T.ID
LEFT OUTER JOIN Attorney A ON C.Attorney = A.ID
LEFT OUTER JOIN Paralegal P ON C.Paralegal = P.ID
WHERE C.disabled = 0";
string initial = ClsUtil.getStrVal(Request["ini"]);
strQuery += " AND Last_Name like '" + initial + "%'";
strQuery += " ORDER BY C.ID ASC";
string s = "";
DataSet ds = new ClsDB().ExecuteDataSet(strQuery);
if (ds.Tables.Count > 0)
{
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
for (int i = 0; i < dt.Rows.Count; ++i)
{
string color = ((i % 2 == 0) ? " bgcolor='#ffffff'" : "");
s += addRow(dt.Rows[i], color);
}
}
s = "<table class='T2'>" + this.addHdr() + s + "</table>";
}
ClientList.Text = s;
}
public List <string> GetClientCaseIdList(string UserName, string Password)
{
List <string> list = new List <string>();
try
{
if (!UserAuth(UserName, Password))
{
throw new Exception("Unauthorized user");
}
string query = "SELECT Case_Id FROM Client WHERE disabled = '0'";
DataTable dt = new ClsDB().ExecuteDataTable(query);
for (int i = 0; i < dt.Rows.Count; ++i)
{
list.Add(dt.Rows[i][0].ToString());
}
}
catch (Exception ex) {
list.Clear();
list.Add(ex.Message);
}
return(list);
}
public bool UserAuth(string UserName, string Password)
{
bool ok = false;
try
{
string strConn = new ClsDB().strConn();
using (SqlConnection conn = new SqlConnection(strConn))
{
string strQuery = "SELECT COUNT(ID) FROM [User] WHERE login = @login AND passwd=HASHBYTES('MD5', @pwd) AND disabled = '0'";
SqlCommand comm = new SqlCommand(strQuery, conn);
comm.Parameters.Add("@login", SqlDbType.VarChar, 50).Value = UserName;
comm.Parameters.Add("@pwd", SqlDbType.VarChar, 50).Value = Password;
conn.Open();
using (SqlDataReader sdr = comm.ExecuteReader())
{
if (sdr.Read())
{
int ct = sdr.GetInt32(0);
ok = (ct == 1);
}
}
}
}
catch (Exception ex)
{
}
return(ok);
}
public UserService_Client GetClient(string UserName, string Password, string CaseId)
{
if (!UserAuth(UserName, Password))
{
return(null);
}
try
{
string query = "SELECT * FROM Client WHERE disabled = '0' AND Case_Id = " + ClsDB.sqlEncode(CaseId);
DataTable dt = new ClsDB().ExecuteDataTable(query);
if (dt.Rows.Count == 1)
{
DataRow r = dt.Rows[0];
UserService_Client c = new UserService_Client();
c.Case_Id = ClsUtil.getStrVal(r["Case_Id"]);
c.Client_Type = ClsClient.getClientType(ClsUtil.getStrVal((r["Client_Type"])));
c.First_Name = ClsUtil.getStrVal(r["First_Name"]);
c.Last_Name = ClsUtil.getStrVal(r["Last_Name"]);
return(c);
}
}
catch (Exception ex)
{
}
return(null);
}
public List <UserService_Client> GetClientList(string UserName, string Password)
{
if (!UserAuth(UserName, Password))
{
return(null);
}
List <UserService_Client> list = new List <UserService_Client>();
try
{
string query = "SELECT * FROM Client WHERE disabled = '0'";
DataTable dt = new ClsDB().ExecuteDataTable(query);
for (int i = 0; i < dt.Rows.Count; ++i)
{
UserService_Client c = new UserService_Client();
c.Case_Id = ClsUtil.getStrVal(dt.Rows[i]["Case_Id"]);
c.Client_Type = ClsClient.getClientType(ClsUtil.getStrVal((dt.Rows[i]["Client_Type"])));
c.First_Name = ClsUtil.getStrVal(dt.Rows[i]["First_Name"]);
c.Last_Name = ClsUtil.getStrVal(dt.Rows[i]["Last_Name"]);
list.Add(c);
}
}
catch (Exception ex)
{
list.Clear();
}
return(list);
}
public JsonResult DeleteUser(string Id)
{
ClsDB db = new ClsDB();
User user = new User();
try
{
_SbQry = new StringBuilder("Delete From UserMaster Where UserId='" + Id + "'");
db.Connect();
int Count = db.ExecuteNonQuery(_SbQry.ToString());
if (Count > 0)
{
user.Response = "Y";
}
else
{
user.Response = "N";
user.ErrorMessage = "User could not be deleted";
}
}
catch (Exception ex)
{
ModelState.AddModelError("ErrorMessage", ex.Message);
ViewBag.ErrorMessage = ex.Message;
user.Response = "N";
user.ErrorMessage = "Error : " + ex.Message;
}
finally
{
db.DisConnect();
db = null;
}
return(Json(user, JsonRequestBehavior.AllowGet));
}
void ShowList()
{
string strQuery =
@"SELECT U.ID, U.First_Name, U.Last_Name, U.email, U.login,
U.passwd, U.note, U.gid, G.name As UserType, U.disabled
FROM [User] U LEFT OUTER JOIN UserGroup G ON U.gid = G.ID ORDER BY U.ID ASC";
string s = "";
DataSet ds = new ClsDB().ExecuteDataSet(strQuery);
if (ds.Tables.Count > 0)
{
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
for (int i = 0; i < dt.Rows.Count; ++i)
{
string color = ((i % 2 == 0) ? " bgcolor='#ffffff'" : "");
s += addRow(dt.Rows[i], color);
}
}
s = "<table class='T1'>" + this.addHdr() + s + "</table>";
}
ClientList.Text = s;
/*
* Get same result as above code.
*
* ClsUtil u = ClsUtil.Instance();
* string ret = "";
* string strConn = u.strConn();
* SqlConnection conn = new SqlConnection(strConn);
* SqlCommand comm = new SqlCommand(strQuery, conn);
* SqlDataReader sdr = null;
*
* try
* {
* conn.Open();
* sdr = comm.ExecuteReader();
*
* int ct = 0;
* while (sdr.Read()) {
++ct;
* string color = ((ct % 2 == 0) ? " bgcolor='#eeeeee'" : "");
* ret += addRow(sdr, color);
* }
* ret = "<table border='1' cellpadding='2' cellspacing='2'>" + this.addHdr() + ret + "</table>";
* }
* catch (Exception ex) {
* throw new Exception(ex.Message);
* }
* finally {
* if (sdr != null) sdr.Close();
* conn.Close();
* }
*
* ClientList.Text = ret;
*/
}
private void retrieveDB(string ID)
{
string sql = "SELECT passwd FROM [User] WHERE ID = " + ClsDB.sqlEncode(ID);
//Response.Write(sql);
byte[] b = new ClsDB().ExecuteVarbinary(sql);
this.db_old_pwd_hash = BitConverter.ToString(b).Replace("-", string.Empty); //System.Text.Encoding.ASCII.GetString( b );
}
public JsonResult AddNewUser(User user)
{
ClsDB db = new ClsDB();
try
{
if (ModelState.IsValid)
{
_SbQry = new StringBuilder("Insert Into UserMaster(UserId,Name) Values('" + user.Id + "','" + user.Name + "')");
db.Connect();
int Count = db.ExecuteNonQuery(_SbQry.ToString());
if (Count > 0)
{
user.Response = "Y";
}
else
{
user.Response = "N";
user.ErrorMessage = "User could not be added";
}
}
else
{
foreach (var Key in ModelState.Keys)
{
if (ModelState[Key].Errors.Count > 0)
{
user.Response = "N";
user.ErrorMessage = ModelState[Key].Errors[0].ErrorMessage;
return(Json(user, JsonRequestBehavior.AllowGet));
}
}
}
}
catch (Exception ex)
{
ModelState.AddModelError("ErrorMessage", ex.Message);
ViewBag.ErrorMessage = ex.Message;
user.Response = "N";
user.ErrorMessage = "Error : " + ex.Message;
}
finally
{
db.DisConnect();
db = null;
}
return(Json(user, JsonRequestBehavior.AllowGet));
}
public void HousePortalAnalysis(PageContentEntity entity)
{
try
{
string pContent = entity.PContent;
ClsPageUrl clsPageUrl = new ClsPageUrl();
Utilities util = new Utilities();
SqlBuild sqlBuild = new SqlBuild();
SqlPara sqlPara = new SqlPara();
ClsDB clsDB = new ClsDB();
RegFunc rf = new RegFunc();
ArrayList arrayList = rf.GetStrArr(pContent, "\"id\":", ",");
for (int k = 0; k < arrayList.Count; k++)
{
}
string KeyWord = entity.KeyWord;
decimal num;
DateTime dt;
string postDataStr = "";
pContent = rf.GetStr(pContent, "/共有", "页");
if (pContent != "")
{
for (int i = 1; i <= Convert.ToInt32(pContent); i++)
//for (int i = 1; i <= 1; i++)
{
// clsPageUrl.AddPageUrl(entity.ProgramName, entity.KeyWord, entity.PID, "Batch", entity.SiteUrl, entity.Url, "http://218.14.207.76/xxgs/xmlpzs/webissue.asp?page=" + i,
//"GET", "", entity.EnCode, i.ToString(), entity.CookieContent, entity.AContent, entity.TrySpiderTimes, entity.Depth + 1);
}
}
else
{
throw new Exception("分析数据失败:页面没有数据");
}
}
catch (Exception ex)
{
ClsLog clsLog = new ClsLog();
clsLog.AddLog(DateTime.Now.ToString(), "分析数据失败" + ex.ToString());
clsLog.AddLog(DateTime.Now.ToString(), entity.SType + ";" + entity.Url + ";");
UrlContorl urlContorl = new UrlContorl();
urlContorl.SaveUrl(entity, ex.ToString());
}
}
void update(string ID)
{
if (ID == "")
{
return;
}
string strQuery = "UPDATE [User] SET passwd = HASHBYTES('MD5', " + ClsDB.sqlEncode(this.new_pwd) + ") WHERE ID = " + ID;
if (ClsDB.DEBUG())
{
Response.Write(strQuery);
}
new ClsDB().ExecuteNonQuery(strQuery);
}
private void button3_Click(object sender, EventArgs e)
{
ClsDB db = new ClsDB();
try
{
db.Connect();
db.GetDataTable_Proc("Prc_User");
MessageBox.Show("Saved");
}
catch (Exception ex) { MessageBox.Show(ex.Message); Log.Error(ex, "Error Occured"); }
finally
{
db.DisConnect();
db = null;
}
}
public void retrieveDB(string ID)
{
this.clear();
try
{
string strConn = new ClsDB().strConn();
using (SqlConnection conn = new SqlConnection(strConn))
{
this._strQuery = "SELECT * FROM Client WHERE ID = " + ClsDB.sqlEncode(ID);
SqlCommand comm = new SqlCommand(this._strQuery, conn);
conn.Open();
using (SqlDataReader sdr = comm.ExecuteReader())
{
if (sdr.Read())
{
this.Case_Id = ClsUtil.getStrVal(sdr["Case_Id"]);
this.Client_Type = ClsUtil.getStrVal(sdr["Client_Type"]);
this.First_Name = ClsUtil.getStrVal(sdr["First_Name"]);
this.Last_Name = ClsUtil.getStrVal(sdr["Last_Name"]);
this.Attorney = ClsUtil.getStrVal(sdr["Attorney"]);
this.Paralegal = ClsUtil.getStrVal(sdr["Paralegal"]);
this.Date_Of_Injury = ClsUtil.formatDate(sdr["Date_Of_Injury"].ToString());
this.Statute_Of_Limitation = ClsUtil.getStrVal(sdr["Statute_Of_Limitation"]);
this.Phone_Number = ClsUtil.getStrVal(sdr["Phone_Number"]);
this.Address = ClsUtil.getStrVal(sdr["Address"]);
this.Date_Of_Birth = ClsUtil.formatDate(sdr["Date_Of_Birth"].ToString());
this.Social_Security_Number = ClsUtil.getStrVal(sdr["Social_Security_Number"]);
this.Case_Type = ClsUtil.getStrVal(sdr["Case_Type"]);
this.At_Fault_Party = ClsUtil.getStrVal(sdr["At_Fault_Party"]);
this.Settlement_Type = ClsUtil.getStrVal(sdr["Settlement_Type"]);
this.Settlement_Amount = ClsUtil.getStrVal(sdr["Settlement_Amount"]);
this.Disposition = ClsUtil.getStrVal(sdr["Disposition"]);
this.Case_Notes = ClsUtil.getStrVal(sdr["Case_Notes"]);
this.Date_For_Perspective_Client = ClsUtil.formatDate(sdr["Date_For_Perspective_Client"].ToString());
}
}
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Request["ID"] == null)
{
this.msg.Text = "No valid ID is provided.";
this.form1.Text = "";
}
else
{
this.client.retrieveDB(Request["ID"]);
this.msg.Text = "";
if (ClsDB.DEBUG())
{
this.msg.Text += this.client.strQuery();
}
this.form1.Text = ShowViewForm();
}
}
private void btnInsert_Click(object sender, EventArgs e)
{
ClsDB db = new ClsDB();
try
{
string qry = $"Exec Prc_User {txtId.Text},'{txtName.Text}'";
db.Connect();
db.GetDataTable(qry);
MessageBox.Show("Saved");
}
catch (Exception ex) { MessageBox.Show(ex.Message); Log.Error(ex, "Error Occured"); }
finally
{
db.DisConnect();
db = null;
}
}
/// <summary>
/// Use data reader, read the first row. Don't check whether there are extra rows.
/// </summary>
/// <param name="UserName"></param>
/// <param name="Password"></param>
/// <returns></returns>
private bool doLogin(string UserName, string Password)
{
bool ok = false;
try
{
string strConn = new ClsDB().strConn();
using (SqlConnection conn = new SqlConnection(strConn))
{
string strQuery = "SELECT ID, login, gid, email FROM [User] WHERE login = @login AND passwd=HASHBYTES('MD5', @pwd) AND disabled = '0'";
SqlCommand comm = new SqlCommand(strQuery, conn);
comm.Parameters.Add("@login", SqlDbType.VarChar, 50).Value = UserName;
comm.Parameters.Add("@pwd", SqlDbType.VarChar, 50).Value = Password;
if (ClsDB.DEBUG())
{
Response.Write("query: " + strQuery);
}
conn.Open();
using (SqlDataReader sdr = comm.ExecuteReader())
{
if (sdr.Read())
{
Session["userid"] = sdr["ID"].ToString();
Session["username"] = sdr["login"].ToString();
Session["role"] = getUserRole(sdr["gid"].ToString());
Session["email"] = sdr["email"].ToString();
ok = true;
}
}
}
}
catch (Exception ex)
{
if (ClsUtil.DEBUG())
{
Response.Write("Error: " + ex.Message);
}
}
return(ok);
}
public void insert(string update_user_id)
{
string err = this.check_error();
if (err != "")
{
throw new Exception(err);
}
this._strQuery = @"INSERT INTO Client (Case_Id, Client_Type, First_Name, Last_Name, Attorney, Paralegal,
Date_Of_Injury, Statute_Of_Limitation, Phone_Number, Address, Date_Of_Birth, Social_Security_Number,
Case_Type, At_Fault_Party, Settlement_Type, Settlement_Amount, Disposition, Case_Notes,
Date_For_Perspective_Client, [create_user_id], [create_datetime], [disabled]) VALUES (" +
ClsDB.sqlEncode(this.Case_Id) + ", " +
ClsDB.sqlEncode(this.Client_Type) + ", " +
ClsDB.sqlEncode(this.First_Name) + ", " +
ClsDB.sqlEncode(this.Last_Name) + ", " +
ClsDB.sqlEncode(this.Attorney) + ", " +
ClsDB.sqlEncode(this.Paralegal) + ", " +
ClsDB.sqlEncode(this.Date_Of_Injury) + ", " +
ClsDB.sqlEncode(this.Statute_Of_Limitation) + ", " +
ClsDB.sqlEncode(this.Phone_Number) + ", " +
ClsDB.sqlEncode(this.Address) + ", " +
ClsDB.sqlEncode(this.Date_Of_Birth) + ", " +
ClsDB.sqlEncode(this.Social_Security_Number) + ", " +
ClsDB.sqlEncode(this.Case_Type) + ", " +
ClsDB.sqlEncode(this.At_Fault_Party) + ", " +
ClsDB.sqlEncode(this.Settlement_Type) + ", " +
ClsDB.sqlEncode(this.Settlement_Amount) + ", " +
ClsDB.sqlEncode(this.Disposition) + ", " +
ClsDB.sqlEncode(this.Case_Notes) + ", " +
ClsDB.sqlEncode(this.Date_For_Perspective_Client) + ", " +
ClsDB.sqlEncode(update_user_id) + ", " +
ClsDB.sqlEncode(DateTime.Now.ToString()) + ", " +
"0 "
+ ")";
new ClsDB().ExecuteNonQuery(this._strQuery);
}
protected void Page_Load(object sender, EventArgs e)
{
ClsAuth.check_auth_admin();
string ID = ClsUtil.getStrVal(Request["id"]);
if (ID == "")
{
this.msg.Text = "Not a valid user.";
this.form1.Text = "";
return;
}
if (this.IsPostBack)
{
this.form1.Text = "";
try
{
this.user.retrieveRequest(this.IsPostBack, Request);
this.user.update(ID, Session["userid"].ToString());
this.msg.Text = "<p><font color='green'>This profile has been updated.</font> </p>";
if (ClsDB.DEBUG())
{
Response.Write(this.user.strQuery());
}
}
catch (Exception ex)
{
this.msg.Text = "<p><font color='red'>" + ex.Message + "</font></p>";
}
this.user.retrieveDB(ID);
this.form1.Text = ShowEditForm();
}
else
{
this.user.retrieveDB(ID);
this.msg.Text = "";
this.form1.Text = ShowEditForm();
}
}
public void update(string ID, string update_user_id)
{
if (ID == "")
{
return;
}
string err = this.check_error();
if (err != "")
{
throw new Exception(err);
}
this._strQuery = "UPDATE Client SET " +
"Case_ID = " + ClsDB.sqlEncode(this.Case_Id) + ", " +
"Client_Type = " + ClsDB.sqlEncode(this.Client_Type) + ", " +
"First_Name = " + ClsDB.sqlEncode(this.First_Name) + ", " +
"Last_Name = " + ClsDB.sqlEncode(this.Last_Name) + ", " +
"Attorney = " + ClsDB.sqlEncode(this.Attorney) + ", " +
"Paralegal = " + ClsDB.sqlEncode(this.Paralegal) + ", " +
"Date_Of_Injury = " + ClsDB.sqlEncode(this.Date_Of_Injury) + ", " +
"Statute_Of_Limitation = " + ClsDB.sqlEncode(this.Statute_Of_Limitation) + ", " +
"Phone_Number = " + ClsDB.sqlEncode(this.Phone_Number) + ", " +
"Address = " + ClsDB.sqlEncode(this.Address) + ", " +
"Date_Of_Birth = " + ClsDB.sqlEncode(this.Date_Of_Birth) + ", " +
"Social_Security_Number = " + ClsDB.sqlEncode(this.Social_Security_Number) + ", " +
"Case_Type = " + ClsDB.sqlEncode(this.Case_Type) + ", " +
"At_Fault_Party = " + ClsDB.sqlEncode(this.At_Fault_Party) + ", " +
"Settlement_Type = " + ClsDB.sqlEncode(this.Settlement_Type) + ", " +
"Settlement_Amount = " + ClsDB.sqlEncode(this.Settlement_Amount) + ", " +
"Disposition = " + ClsDB.sqlEncode(this.Disposition) + ", " +
"Case_Notes = " + ClsDB.sqlEncode(this.Case_Notes) + ", " +
"Date_For_Perspective_Client = " + ClsDB.sqlEncode(this.Date_For_Perspective_Client) + ", " +
"last_update_user_id = " + ClsDB.sqlEncode(update_user_id) + ", " +
"last_update_datetime = " + ClsDB.sqlEncode(DateTime.Now.ToString()) +
" WHERE ID = " + ClsDB.sqlEncode(ID);
;
new ClsDB().ExecuteNonQuery(this._strQuery);
}
private void button4_Click(object sender, EventArgs e)
{
ClsDB db = new ClsDB();
try
{
db.Connect();
Dictionary <string, string> DicProcParameter = new Dictionary <string, string>();
DicProcParameter.Add("@Id", txtId.Text);
DicProcParameter.Add("@Name", txtName.Text);
db.GetDataTable_Proc("Prc_User", DicProcParameter);
MessageBox.Show("Saved");
}
catch (Exception ex) { MessageBox.Show(ex.Message); Log.Error(ex, "Error Occured"); }
finally
{
db.DisConnect();
db = null;
}
}
// This also works and is secure.
private bool doLogin_bak(string UserName, string Password)
{
bool ok = false;
try {
string strConn = new ClsDB().strConn();
using (SqlConnection conn = new SqlConnection(strConn))
{
string strQuery = "SELECT ID, login, gid, email FROM [User] WHERE login="******" AND passwd=HASHBYTES('MD5', " + ClsDB.sqlEncode(Password) + ") AND disabled = '0'";
SqlCommand comm = new SqlCommand(strQuery, conn);
if (ClsDB.DEBUG())
{
Response.Write("query: " + strQuery);
}
conn.Open();
using (SqlDataReader sdr = comm.ExecuteReader())
{
if (sdr.Read())
{
Session["userid"] = ClsUtil.getStrVal(sdr["ID"]);
Session["username"] = ClsUtil.getStrVal(sdr["login"]);
Session["role"] = getUserRole(ClsUtil.getStrVal(sdr["gid"]));
Session["email"] = ClsUtil.getStrVal(sdr["email"]);
ok = true;
}
}
}
}
catch (Exception ex)
{
if (ClsUtil.DEBUG())
{
Response.Write("Error: " + ex.Message);
}
}
return(ok);
}
