public static bool Create(User u) { DBUtilities.Connection(); try { string sql = "Insert into Users (Username,Password,Email,Name,Address,Gender,Birthday,Phone,Permission)"; sql += " values (@1,@2,@3,@4,@5,@6,@7,@8,@9)"; SqlCommand cmd = new SqlCommand(sql, DBUtilities.objConnection); cmd.Parameters.AddWithValue("@1", u.Username); cmd.Parameters.AddWithValue("@2", u.Password); cmd.Parameters.AddWithValue("@3", u.Email); cmd.Parameters.AddWithValue("@4", u.Name); cmd.Parameters.AddWithValue("@5", u.Address); cmd.Parameters.AddWithValue("@6", u.Gender); cmd.Parameters.AddWithValue("@7", u.Birthday); cmd.Parameters.AddWithValue("@8", u.Phone); cmd.Parameters.AddWithValue("@9", u.Permission); cmd.ExecuteNonQuery(); cmd.Dispose(); return true; } catch (Exception) { return false; } finally { DBUtilities.Close_Connection(); } }
protected void Page_Load(object sender, EventArgs e) { if (Session["current_user"] != null) { current_user = (User)Session["current_user"]; } }
protected void SignIn_Click(object sender, EventArgs e) { Dictionary<string, object> myQuery = new Dictionary<string, object>(); myQuery.Add("Username", txtUsername.Text); myQuery.Add("Password", Md5.To_Md5(txtPassword.Text)); DataTable dt = UserDAO.Where(myQuery); if (dt.Rows.Count > 0) { User u = new User(); u.Id = Convert.ToInt32(dt.Rows[0]["Id"]); u.Name = dt.Rows[0]["Name"].ToString(); u.Username = dt.Rows[0]["Username"].ToString(); u.Email = dt.Rows[0]["Email"].ToString(); u.Gender = bool.Parse(dt.Rows[0]["Gender"].ToString()); u.Birthday = DateTime.Parse(dt.Rows[0]["Birthday"].ToString()); u.Address = dt.Rows[0]["Address"].ToString(); u.Phone = dt.Rows[0]["Phone"].ToString(); u.Permission = Convert.ToInt32(dt.Rows[0]["Permission"].ToString()); Session["current_user"] = u; Response.Redirect("../StaticPages/Home.aspx"); } else { Flash.dictFlash.Add("danger", "Wrong <b>Username</b> Or <b>Password</b>"); } }
public static bool Destroy(User u) { DBUtilities.Connection(); try { string sql = "Delete from Users where Id = @1"; SqlCommand cmd = new SqlCommand(sql, DBUtilities.objConnection); cmd.Parameters.AddWithValue("@1", u.Id); cmd.ExecuteNonQuery(); cmd.Dispose(); return true; } catch (Exception) { return false; } finally { DBUtilities.Close_Connection(); } }
protected void btnAccept_Click(object sender, EventArgs e) { if (Validate_Control()) { User u = new User(); u.Name = txtFullname.Text; u.Username = txtUsername.Text; u.Password = Md5.To_Md5(txtPassword.Text); u.Email = txtEmail.Text; if (rdbMale.Checked) u.Gender = false; else u.Gender = true; u.Birthday = DateTime.Parse(txtBirthday.Text); u.Address = txtAddress.Text; u.Phone = txtPhone.Text; if (rdbAdmin.Checked) u.Permission = 0; //Is Admin else if (rdbStaff.Checked) u.Permission = 1; //Is Staff else if (rdbManager.Checked) u.Permission = 2; //Is Manager else u.Permission = 3; //Is Student if (UserDAO.Create(u)) { Flash.dictFlash.Add("success", String.Format("Created user [<b>{0}</b>] with email address [<b>{1}</b>] successfully", u.Username, u.Email)); Response.Redirect("Index.aspx"); } else { Flash.dictFlash.Add("danger", "[<b>Username</b>] or [<b>Email address]</b> are already used"); Response.Redirect("New.aspx"); } } }
public static User Find(int Id) { DBUtilities.objConnection = new SqlConnection(DBUtilities.connStr); DataTable dt = new DataTable(); string sql = "Select * from Users where Id = @Id"; SqlDataAdapter adap = new SqlDataAdapter(sql, DBUtilities.objConnection); adap.SelectCommand.Parameters.AddWithValue("@Id", Id); adap.Fill(dt); if (dt.Rows.Count > 0) { User u = new User(); u.Id = Convert.ToInt32(dt.Rows[0]["Id"]); u.Name = dt.Rows[0]["Name"].ToString(); u.Username = dt.Rows[0]["Username"].ToString(); u.Email = dt.Rows[0]["Email"].ToString(); u.Gender = bool.Parse(dt.Rows[0]["Gender"].ToString()); u.Birthday = DateTime.Parse(dt.Rows[0]["Birthday"].ToString()); u.Address = dt.Rows[0]["Address"].ToString(); u.Phone = dt.Rows[0]["Phone"].ToString(); u.Permission = Convert.ToInt32(dt.Rows[0]["Permission"].ToString()); return u; } return null; }
public static bool Update(User u) { DBUtilities.Connection(); try { string sql = "Update Users set "; Type myType = u.GetType(); IList<PropertyInfo> props = new List<PropertyInfo>(myType.GetProperties()); int i = 1; int j = 1; foreach (PropertyInfo prop in props) { object propValue = prop.GetValue(u, null); if (propValue != null && prop.Name != "Id") { if (j < props.Count) sql += String.Format("{0} = @{1} ,", prop.Name, i); else sql += String.Format("{0} = @{1} where ID= @{2}", prop.Name, i, i + 1); i++; } j++; } i = 1; j = 1; SqlCommand cmd = new SqlCommand(sql, DBUtilities.objConnection); foreach (PropertyInfo prop in props) { object propValue = prop.GetValue(u, null); if (propValue != null && prop.Name != "Id") { if (j < props.Count) cmd.Parameters.AddWithValue(String.Format("@{0}", i), propValue); else { cmd.Parameters.AddWithValue(String.Format("@{0}", i), propValue); cmd.Parameters.AddWithValue(String.Format("@{0}", i + 1), u.Id); } i++; } j++; } cmd.ExecuteNonQuery(); cmd.Dispose(); return true; } catch (Exception) { return false; } finally { DBUtilities.Close_Connection(); } }