protected void loginbtn_Click(object sender, EventArgs e)
{
string username = usertbx.Text;
string password = pwtbx.Text;
Staff s = new Staff();
s = SWENDbmanager.UserLogin(username,password);
if (s == null)
{
lblfail.Text = "Invalid Username or Password..";
}
else
{
string staffnum = Convert.ToString(s.Staffnum);
Response.Redirect("HomePage.aspx?staffnum=" + staffnum);
}
}
protected void Button1_Click(object sender, EventArgs e)
{
Staff s = new Staff();
s.Staffname = staffnametbx.Text;
s.Dob = dobtbx.Text;
s.Bankaccnum = banknotbx.Text;
s.Contactnum = Convert.ToInt32(contatbx.Text);
s.Homeadd = hometbx.Text;
s.Dutytype = dutytbx.Text;
s.Username = usernametbx.Text;
s.Password = passtbx.Text;
if (SWENDbmanager.InsertStaff(s) == 1)
{
lblSuccessful.Text = "Staff Creation Completed..";
}
else
{
lblSuccessful.Text = "Staff Creation Failed..";
}
}
protected void Button1_Click(object sender, EventArgs e)
{
Staff s1 = new Staff();
s1.Staffnum = Convert.ToInt32(lblstaffnum.Text);
s1.Staffname = staffnametbx.Text;
s1.Dob = dobtbx.Text;
s1.Bankaccnum = banktbx.Text;
s1.Contactnum = Convert.ToInt32(conttbx.Text);
s1.Dutytype = lblduty.Text;
s1.Homeadd = hometbx.Text;
s1.Username = usertbx.Text;
s1.Password = pwtbx.Text;
if (SWENDbmanager.UpdateStaff(s1) == 1)
{
lblupdated.Text = "Profile Update Completed..";
}
else
{
lblupdated.Text = "Profile Update Failed..";
}
}
protected void Button3_Click(object sender, EventArgs e)
{
Staff s = new Staff();
s.Staffnum = Convert.ToInt32(lblstaffno.Text);
s.Staffname = staffnametbx.Text;
s.Dob = lbldob.Text;
s.Bankaccnum = lblbankno.Text;
s.Contactnum = Convert.ToInt32(contatbx.Text);
s.Homeadd = homeaddtbx.Text;
s.Dutytype = dutytbx.Text;
s.Username = usernametbx.Text;
s.Password = passtbx.Text;
if (SWENDbmanager.UpdateStaff(s) == 1)
{
lblSuccesful.Text = "Staff Update Completed..";
}
else
{
lblSuccesful.Text = "Staff Update Failed..";
}
}
public static Staff UserLogin(string username, string password)
{
Staff s = null;
SqlConnection conn = null;
try
{
conn = new SqlConnection();
conn.ConnectionString = ConfigurationManager.ConnectionStrings["SWENConnectionString"].ConnectionString;
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "SELECT * FROM Staff WHERE password=@password COLLATE SQL_Latin1_General_CP1_CS_AS and username=@username COLLATE SQL_Latin1_General_CP1_CS_AS";
comm.Parameters.AddWithValue("@password", password);
comm.Parameters.AddWithValue("@username", username);
SqlDataReader dr = comm.ExecuteReader();
if (dr.Read())
{
s = new Staff();
s.Username = (string)dr["username"];
s.Password = (string)dr["password"];
s.Staffnum = (int)dr["staffnum"];
s.Staffname = (string)dr["staffname"];;
s.Dob = (string)dr["dateofbirth"];
s.Bankaccnum = (string)dr["bankaccnum"];
s.Contactnum = (int)dr["contactnum"];
s.Homeadd = (string)dr["homeadd"];
s.Dutytype = (string)dr["dutytype"];
}
dr.Close();
}
catch (SqlException e)
{
throw e;
}
return s;
}
public static int UpdateStaff(Staff s)
{
int rowsupdated = 0;
SqlConnection conn = null;
try
{
conn = new SqlConnection();
conn.ConnectionString = ConfigurationManager.ConnectionStrings["SWENConnectionString"].ConnectionString;
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "UPDATE Staff SET staffname=@staffname, dateofbirth=@dateofbirth, bankaccnum=@bankaccnum, contactnum=@contactnum, dutytype=@dutytype, homeadd=@homeadd, username=@username, password=@password WHERE staffnum=@staffnum";
comm.Parameters.AddWithValue("@staffname", s.Staffname);
comm.Parameters.AddWithValue("@dateofbirth", s.Dob);
comm.Parameters.AddWithValue("@bankaccnum", s.Bankaccnum);
comm.Parameters.AddWithValue("@contactnum", s.Contactnum);
comm.Parameters.AddWithValue("@dutytype", s.Dutytype);
comm.Parameters.AddWithValue("@homeadd", s.Homeadd);
comm.Parameters.AddWithValue("@username", s.Username);
comm.Parameters.AddWithValue("@password", s.Password);
comm.Parameters.AddWithValue("@staffnum",s.Staffnum);
rowsupdated = comm.ExecuteNonQuery();
conn.Close();
}
catch (SqlException e)
{
throw e;
}
return rowsupdated;
}
public static int InsertStaff(Staff s)
{
int rowsinserted = 0;
SqlConnection conn = null;
try
{
conn = new SqlConnection();
conn.ConnectionString = ConfigurationManager.ConnectionStrings["SWENConnectionString"].ConnectionString;
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "INSERT INTO Staff(staffname,dateofbirth,bankaccnum,contactnum,dutytype,homeadd,username,password)" +
" VALUES (@staffname,@dateofbirth,@bankaccnum,@contactnum,@dutytype,@homeadd,@username,@password)";
comm.Parameters.AddWithValue("@staffname", s.Staffname);
comm.Parameters.AddWithValue("@dateofbirth", s.Dob);
comm.Parameters.AddWithValue("@bankaccnum", s.Bankaccnum);
comm.Parameters.AddWithValue("@contactnum" , s.Contactnum);
comm.Parameters.AddWithValue("@dutytype", s.Dutytype);
comm.Parameters.AddWithValue("@homeadd", s.Homeadd);
comm.Parameters.AddWithValue("@username", s.Username);
comm.Parameters.AddWithValue("@password", s.Password);
rowsinserted = comm.ExecuteNonQuery();
conn.Close();
}
catch (SqlException e)
{
throw e;
}
return rowsinserted;
}
public static Staff GetStaffByNum(int staffnum)
{
Staff s = new Staff();
SqlConnection conn = null;
try
{
conn = new SqlConnection();
conn.ConnectionString = ConfigurationManager.ConnectionStrings["SWENConnectionString"].ConnectionString;
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "SELECT * FROM Staff WHERE staffnum=@staffnum";
comm.Parameters.AddWithValue("@staffnum", staffnum);
SqlDataReader dr = comm.ExecuteReader();
if (dr.Read())
{
s.Staffnum = (int)dr["staffnum"];
s.Staffname = (string)dr["staffname"];
s.Dob = (string)dr["dateofbirth"];
s.Bankaccnum = (string)dr["bankaccnum"];
s.Contactnum = (int)dr["contactnum"];
s.Dutytype = (string)dr["dutytype"];
s.Homeadd = (string)dr["homeadd"];
s.Username = (string)dr["username"];
s.Password = (string)dr["password"];
}
dr.Close();
}
catch (SqlException e)
{
throw e;
}
return s;
}