/// <summary>
/// When the page loads first the page checks if the user is logged in, and is redirected to the login page if not.
/// Then the method checks if the user has has proper authentication (Master Administrator role) to access this page.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
if (Session["securityID"] == null) // Redirect Administrator to login if not logged in
{
Response.Redirect("~/Admin/Login.aspx");
}
else if ((int)Session["securityID"] != 2) // Return HTTP Code 403 if not Master Administrator
{
Context.Response.StatusCode = 403;
}
else
{
if (String.IsNullOrEmpty(Request.QueryString["id"])) // If the query string is empty or null; redirect Administrator to EditUserSearch web page
{
Response.Redirect("~/Admin/Master/EditUserSearch");
}
else
{
// Hide all messages
SuccessMessage.Visible = false;
FailedMessage.Visible = false;
int id;
// Try to parse the query string to an integer
if (int.TryParse(Request.QueryString["id"].ToString(), out id))
{
// Assign query string
id = int.Parse(Request.QueryString["id"].ToString());
if (!IsPostBack)
{
AdministratorAccountController sysmgr = new AdministratorAccountController();
// Get Administrator Account Information passing in the ID
AdministratorAccountPOCO info = sysmgr.GetAdministratorInformation(id);
if (info == null)
{
Response.Redirect("~/Admin/Master/EditUserSearch");
}
else
{
// Populate user information fields
UserNameTextBox.Text = info.username;
FirstNameTextBox.Text = info.firstName;
LastNameTextBox.Text = info.lastName;
SecurityLevelDDL.SelectedValue = info.roleId.ToString();
DeactivateCheckBox.Checked = info.archivedBool;
}
}
}
// If the query string cannot be converted to an integer; redirect the Administrator to the EditUserSearch web page
else
{
Response.Redirect("~/Admin/Master/EditUserSearch");
}
}
}
}
/// <summary>
/// This method is used when the individual clicks the Login button
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void LoginButton_Click(object sender, EventArgs e)
{
// Validate the page
Page.Validate();
// If the page did not validate; display a message to the individual
if (!IsValid)
{
DisplayMessage("Username and password is required.");
}
// If the page did validate
else
{
// Assign the variables to be used
string username = UsernameTextBox.Text.Trim().ToLower();
string password = PasswordTextBox.Text;
AdministratorAccountController sysmgr = new AdministratorAccountController();
// If the Administrator username is not active
if (!sysmgr.AdministratorAccountIsActive(username))
{
DisplayMessage("You are currently deactivated. Please contact a Master Administrator.");
}
else
{
// Validate if the login credentials exist
bool isValid = sysmgr.VerifyLogin(username, password);
if (isValid)
{
// If valid store userID, username, and securityID in sessions
AdministratorRoleController roleController = new AdministratorRoleController();
Session["username"] = username.ToLower();
int userID = sysmgr.GetAdministratorAccountID(username);
Session["adminID"] = userID;
Session["securityID"] = roleController.GetAdministratorRole(userID).security_role_id;
// Redirect individual to the Administrator home page
Response.Redirect("~/Admin");
}
// If login credentials are not valid; display message to the individual
else
{
DisplayMessage("Invalid username or password");
}
}
}
}
/// <summary>
/// This method is used when the Administrator clicks the Create button.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void CreateButton_Click(object sender, EventArgs e)
{
// Validate the page
Page.Validate();
if (!IsValid) // If the page did not validate
{
// Show validation summary
ValidationSummary.Visible = true;
// Hide success message
SuccessMessage.Visible = false;
}
else // If the page did validate
{
// Assign required variables that will be used as parameters
string firstName = FirstNameTextBox.Text.Trim();
string lastName = LastNameTextBox.Text.Trim();
string password = PasswordTextBox.Text;
int selectedRoleId = Convert.ToInt32(SecurityLevelDDL.SelectedItem.Value);
// Take the first letter from the First Name, and combine it with the Last Name
// Replace any last name that has a '-' with an empty string ('')
string concatName = FirstNameTextBox.Text[0] + lastName.Replace("-", "").Replace(" ", "").Replace("'", "");
// Add the new Administrator Account
AdministratorAccountController sysmgr = new AdministratorAccountController();
string newUser = sysmgr.AddAdministratorAccount(concatName.ToLower(), password, firstName, lastName, selectedRoleId);
// Display the success message
SuccessMessage.Visible = true;
string successHeader = "<span><i class='fas fa-check-circle'></i> Success</span><br/ >";
SuccessMessage.Text = successHeader + "Successfully added: " + newUser;
// Clear all the text box fields
ClearFields();
}
}
/// <summary>
/// This method is used when the Administrator clicks the Update button.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void UpdateButton_Click(object sender, EventArgs e)
{
// If the query string equals the currently logged in Administrator ID and the Administrator wants to deactive their own account
// Alert the Administrator with a message
if (Convert.ToInt32(Request.QueryString["id"]).Equals(Convert.ToInt32(Session["adminID"])) && DeactivateCheckBox.Checked)
{
DisplayFailedMessage("You cannot Deactivate your own account.");
DeactivateCheckBox.Checked = false;
}
// Else if an Administrator tries to deactivate the webmaster
// Alert the Administrator with a message
else if (UserNameTextBox.Text.Equals("webmaster") && DeactivateCheckBox.Checked)
{
DisplayFailedMessage("You cannot Deactivate the webmaster account.");
DeactivateCheckBox.Checked = false;
}
// Else if the Administrator tries to change the webmaster's security level
// Alert the Administrator with a message
else if (UserNameTextBox.Text.Equals("webmaster") && SecurityLevelDDL.SelectedValue.Equals("1"))
{
DisplayFailedMessage("You cannot set the webmaster account as Standard Administrator.");
SecurityLevelDDL.SelectedValue = "2";
}
else
{
// If the Password text box fields are empty
// Run the overloaded update method that doesn't use the password parameter
if (String.IsNullOrEmpty(ConfirmPasswordTextBox.Text) && String.IsNullOrEmpty(PasswordTextBox.Text))
{
// Disable validation that checks for password input
ConfirmPasswordRFV.Enabled = false;
ConfirmPasswordCV.Enabled = false;
// Validate page
Page.Validate();
if (IsValid)
{
// Update user excluding the password change
AdministratorAccountController sysmgr = new AdministratorAccountController();
string username = UserNameTextBox.Text.Trim();
string firstname = FirstNameTextBox.Text.Trim();
string lastname = LastNameTextBox.Text.Trim();
bool archive = DeactivateCheckBox.Checked;
int securityId = int.Parse(SecurityLevelDDL.SelectedItem.Value);
string updatedUser = sysmgr.UpdateAdministratorAccount(username, firstname, lastname, archive, securityId);
DisplaySuccessMessage("Successfully updated: " + updatedUser);
}
}
else /// Run the overloaded update method that uses the password parameter
{
// Disable validation that checks for password input
ConfirmPasswordRFV.Enabled = true;
ConfirmPasswordCV.Enabled = true;
// Validate page
Page.Validate();
if (IsValid)
{
// Update user including the password change
AdministratorAccountController sysmgr = new AdministratorAccountController();
string username = UserNameTextBox.Text.Trim();
string password = PasswordTextBox.Text;
string firstname = FirstNameTextBox.Text.Trim();
string lastname = LastNameTextBox.Text.Trim();
bool archive = DeactivateCheckBox.Checked;
int securityId = int.Parse(SecurityLevelDDL.SelectedItem.Value);
string updatedUser = sysmgr.UpdateAdministratorAccount(username, password, firstname, lastname, archive, securityId);
DisplaySuccessMessage("Successfully updated: " + updatedUser + "'s password");
}
}
}
}
