/// <summary> /// When the page loads first the page checks if the user is logged in, and is redirected to the login page if not. /// Then the method checks if the user has has proper authentication (Master Administrator role) to access this page. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Page_Load(object sender, EventArgs e) { if (Session["securityID"] == null) // Redirect Administrator to login if not logged in { Response.Redirect("~/Admin/Login.aspx"); } else if ((int)Session["securityID"] != 2) // Return HTTP Code 403 if not Master Administrator { Context.Response.StatusCode = 403; } else { if (String.IsNullOrEmpty(Request.QueryString["id"])) // If the query string is empty or null; redirect Administrator to EditUserSearch web page { Response.Redirect("~/Admin/Master/EditUserSearch"); } else { // Hide all messages SuccessMessage.Visible = false; FailedMessage.Visible = false; int id; // Try to parse the query string to an integer if (int.TryParse(Request.QueryString["id"].ToString(), out id)) { // Assign query string id = int.Parse(Request.QueryString["id"].ToString()); if (!IsPostBack) { AdministratorAccountController sysmgr = new AdministratorAccountController(); // Get Administrator Account Information passing in the ID AdministratorAccountPOCO info = sysmgr.GetAdministratorInformation(id); if (info == null) { Response.Redirect("~/Admin/Master/EditUserSearch"); } else { // Populate user information fields UserNameTextBox.Text = info.username; FirstNameTextBox.Text = info.firstName; LastNameTextBox.Text = info.lastName; SecurityLevelDDL.SelectedValue = info.roleId.ToString(); DeactivateCheckBox.Checked = info.archivedBool; } } } // If the query string cannot be converted to an integer; redirect the Administrator to the EditUserSearch web page else { Response.Redirect("~/Admin/Master/EditUserSearch"); } } } }
/// <summary> /// This method is used when the individual clicks the Login button /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void LoginButton_Click(object sender, EventArgs e) { // Validate the page Page.Validate(); // If the page did not validate; display a message to the individual if (!IsValid) { DisplayMessage("Username and password is required."); } // If the page did validate else { // Assign the variables to be used string username = UsernameTextBox.Text.Trim().ToLower(); string password = PasswordTextBox.Text; AdministratorAccountController sysmgr = new AdministratorAccountController(); // If the Administrator username is not active if (!sysmgr.AdministratorAccountIsActive(username)) { DisplayMessage("You are currently deactivated. Please contact a Master Administrator."); } else { // Validate if the login credentials exist bool isValid = sysmgr.VerifyLogin(username, password); if (isValid) { // If valid store userID, username, and securityID in sessions AdministratorRoleController roleController = new AdministratorRoleController(); Session["username"] = username.ToLower(); int userID = sysmgr.GetAdministratorAccountID(username); Session["adminID"] = userID; Session["securityID"] = roleController.GetAdministratorRole(userID).security_role_id; // Redirect individual to the Administrator home page Response.Redirect("~/Admin"); } // If login credentials are not valid; display message to the individual else { DisplayMessage("Invalid username or password"); } } } }
/// <summary> /// This method is used when the Administrator clicks the Create button. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void CreateButton_Click(object sender, EventArgs e) { // Validate the page Page.Validate(); if (!IsValid) // If the page did not validate { // Show validation summary ValidationSummary.Visible = true; // Hide success message SuccessMessage.Visible = false; } else // If the page did validate { // Assign required variables that will be used as parameters string firstName = FirstNameTextBox.Text.Trim(); string lastName = LastNameTextBox.Text.Trim(); string password = PasswordTextBox.Text; int selectedRoleId = Convert.ToInt32(SecurityLevelDDL.SelectedItem.Value); // Take the first letter from the First Name, and combine it with the Last Name // Replace any last name that has a '-' with an empty string ('') string concatName = FirstNameTextBox.Text[0] + lastName.Replace("-", "").Replace(" ", "").Replace("'", ""); // Add the new Administrator Account AdministratorAccountController sysmgr = new AdministratorAccountController(); string newUser = sysmgr.AddAdministratorAccount(concatName.ToLower(), password, firstName, lastName, selectedRoleId); // Display the success message SuccessMessage.Visible = true; string successHeader = "<span><i class='fas fa-check-circle'></i> Success</span><br/ >"; SuccessMessage.Text = successHeader + "Successfully added: " + newUser; // Clear all the text box fields ClearFields(); } }
/// <summary> /// This method is used when the Administrator clicks the Update button. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void UpdateButton_Click(object sender, EventArgs e) { // If the query string equals the currently logged in Administrator ID and the Administrator wants to deactive their own account // Alert the Administrator with a message if (Convert.ToInt32(Request.QueryString["id"]).Equals(Convert.ToInt32(Session["adminID"])) && DeactivateCheckBox.Checked) { DisplayFailedMessage("You cannot Deactivate your own account."); DeactivateCheckBox.Checked = false; } // Else if an Administrator tries to deactivate the webmaster // Alert the Administrator with a message else if (UserNameTextBox.Text.Equals("webmaster") && DeactivateCheckBox.Checked) { DisplayFailedMessage("You cannot Deactivate the webmaster account."); DeactivateCheckBox.Checked = false; } // Else if the Administrator tries to change the webmaster's security level // Alert the Administrator with a message else if (UserNameTextBox.Text.Equals("webmaster") && SecurityLevelDDL.SelectedValue.Equals("1")) { DisplayFailedMessage("You cannot set the webmaster account as Standard Administrator."); SecurityLevelDDL.SelectedValue = "2"; } else { // If the Password text box fields are empty // Run the overloaded update method that doesn't use the password parameter if (String.IsNullOrEmpty(ConfirmPasswordTextBox.Text) && String.IsNullOrEmpty(PasswordTextBox.Text)) { // Disable validation that checks for password input ConfirmPasswordRFV.Enabled = false; ConfirmPasswordCV.Enabled = false; // Validate page Page.Validate(); if (IsValid) { // Update user excluding the password change AdministratorAccountController sysmgr = new AdministratorAccountController(); string username = UserNameTextBox.Text.Trim(); string firstname = FirstNameTextBox.Text.Trim(); string lastname = LastNameTextBox.Text.Trim(); bool archive = DeactivateCheckBox.Checked; int securityId = int.Parse(SecurityLevelDDL.SelectedItem.Value); string updatedUser = sysmgr.UpdateAdministratorAccount(username, firstname, lastname, archive, securityId); DisplaySuccessMessage("Successfully updated: " + updatedUser); } } else /// Run the overloaded update method that uses the password parameter { // Disable validation that checks for password input ConfirmPasswordRFV.Enabled = true; ConfirmPasswordCV.Enabled = true; // Validate page Page.Validate(); if (IsValid) { // Update user including the password change AdministratorAccountController sysmgr = new AdministratorAccountController(); string username = UserNameTextBox.Text.Trim(); string password = PasswordTextBox.Text; string firstname = FirstNameTextBox.Text.Trim(); string lastname = LastNameTextBox.Text.Trim(); bool archive = DeactivateCheckBox.Checked; int securityId = int.Parse(SecurityLevelDDL.SelectedItem.Value); string updatedUser = sysmgr.UpdateAdministratorAccount(username, password, firstname, lastname, archive, securityId); DisplaySuccessMessage("Successfully updated: " + updatedUser + "'s password"); } } } }