public static int MarkBillAsPaid(int _BillID, string _Remarks)
{
//Select totalamount of bill
SqlParameter[] BID = { new SqlParameter("@BID", _BillID) };
string strGetTotalAmt = "SELECT TotalAmount FROM Bills WHERE BillID=@BID";
double TotalAmt = Convert.ToDouble(DataAccess.ReturnData(strGetTotalAmt, BID, ConnString, "TotalAmount"));
//Insert New Reciept with total amount and remarks
SqlParameter[] InsertRParams =
{
new SqlParameter("@AMT", TotalAmt),
new SqlParameter("@RMKS", AntiXSSMethods.CleanString(_Remarks))
};
int NewReceiptID = DataAccess.InsertAndGetIndex("INSERT INTO Receipts (Amount, Remarks) VALUES (@AMT, @RMKS)", InsertRParams, ConnString);
//Update Bill as Paid
SqlParameter[] ReceiptParams =
{
new SqlParameter("@RID", NewReceiptID),
new SqlParameter("@BID", _BillID)
};
DataAccess.DataProcessExecuteNonQuery("UPDATE Bills SET IsPaid=1, ReceiptID=@RID WHERE BillID=@BID", ReceiptParams, ConnString);
//return new reciept ID
return(NewReceiptID);
}
public static int CheckUser(string _UN, string _PWD)
{
string strUsername = AntiXSSMethods.CleanString(_UN);
try
{
string strCheck = "SELECT Pwd FROM Employees WHERE UN=@UN";
SqlParameter[] CheckParams =
{
new SqlParameter("@UN", strUsername),
};
string PasswordToCompare = DataAccess.ReturnData(strCheck, CheckParams, ConnString, "Pwd");
if (BCrypt.CheckPassword(AntiXSSMethods.CleanString(_PWD), PasswordToCompare))
{
string strGetID = "SELECT EmployeeID FROM Employees WHERE UN=@UN";
SqlParameter[] GetIDParams =
{
new SqlParameter("@UN", strUsername),
};
return(int.Parse(DataAccess.ReturnData(strGetID, GetIDParams, ConnString, "EmployeeID")));
}
else
{
return(0);
}
}
catch
{
return(0);
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
bool UsernameExists = UserManagement.General.CheckIfExisting(textUname.Text);
if (UsernameExists != true)
{
string strInsert = "INSERT INTO Guardians (FName, MName, LName, Gender, BDate, ContactNo, Email, Address, UN, Pwd) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @address, @un, @pwd)";
SqlParameter[] insertParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(textFname.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(textMname.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(textLname.Text)),
new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)),
new SqlParameter("@bdate", Convert.ToDateTime(textBirthday.Text)),
new SqlParameter("@contact", AntiXSSMethods.CleanString(textContactNo.Text)),
new SqlParameter("@email", AntiXSSMethods.CleanString(textEmail.Text)),
new SqlParameter("@address", AntiXSSMethods.CleanString(textSaddress.Text)),
new SqlParameter("@un", AntiXSSMethods.CleanString(textUname.Text)),
new SqlParameter("@pwd", Encryption.GenerateBCryptHash(textPassword.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Guardian", EmployeeID);
Response.Redirect("TGLink.aspx");
}
}
protected void Page_Load(object sender, EventArgs e)
{
string username = "******";
string CurfewTime;
bool HasCurfew;
string strGetCurfew = "SELECT CurfewTime FROM Tenants WHERE UN=@UN";
SqlParameter[] UNParam = { new SqlParameter("@UN", AntiXSSMethods.CleanString(username)) };
try
{
CurfewTime = DataAccess.ReturnData(strGetCurfew, UNParam, ConnString, "CurfewTime");
DateTime Curfew = Convert.ToDateTime(DateTime.Now.ToShortDateString() + " " + CurfewTime);
//Response.Write(Curfew);
HasCurfew = true;
}
catch (Exception ex)
{
//Response.Write(ex.Message);
HasCurfew = false;
}
if (HasCurfew == true)
{
//kaw bahala... may curfew si tenant
}
else
{
//walang curfew si tenant
}
}
public static int CheckUser(string _UN, string _PWD)
{
string strUsername = AntiXSSMethods.CleanString(_UN);
try
{
string strCheck = "SELECT Pwd FROM Guardians WHERE UN=@UN";
SqlParameter[] CheckParams =
{
new SqlParameter("@UN", strUsername),
};
string PasswordToCompare = DataAccess.ReturnData(strCheck, CheckParams, ConnString, "Pwd");
//if (PasswordToCompare == Encryption.MD5(AntiXSSMethods.CleanString(_PWD))) -- This used MD5, code below uses BCRYPT NOWs
if (BCrypt.CheckPassword(AntiXSSMethods.CleanString(_PWD), PasswordToCompare))
{
string strGetID = "SELECT GuardianID FROM Guardians WHERE UN=@UN";
SqlParameter[] GetIDParams =
{
new SqlParameter("@UN", strUsername),
};
return(int.Parse(DataAccess.ReturnData(strGetID, GetIDParams, ConnString, "GuardianID")));
}
else
{
return(0);
}
}
catch
{
return(0);
}
}
//checks if user is existing in three tables
public static bool CheckIfExisting(string _input)
{
string input = AntiXSSMethods.CleanString(_input);
SqlParameter[] checkUNParam1 =
{
new SqlParameter("@un", input)
};
SqlParameter[] checkUNParam2 =
{
new SqlParameter("@un", input)
};
SqlParameter[] checkUNParam3 =
{
new SqlParameter("@un", input)
};
bool isEmployee = DataAccess.DetermineIfExisting("SELECT * FROM Employees WHERE UN=@un", checkUNParam1, ConnString);
bool isTenant = DataAccess.DetermineIfExisting("SELECT * FROM Tenants WHERE UN=@un", checkUNParam2, ConnString);
bool isGuardian = DataAccess.DetermineIfExisting("SELECT * FROM Guardians WHERE UN=@un", checkUNParam3, ConnString);
if (isEmployee == false && isTenant == false && isGuardian == false)
//if (isEmployee == false && isTenant == false)
{
return(false);
}
else
{
return(true);
}
}
//1 - Tenant 2 - Employee
private void RecordDTR(int _UserType, int _UserID, string _InOrOut, string _Remarks)
{
string Column;
if (_UserType == 1)
{
Column = "TenantID";
}
else
{
Column = "EmployeeID";
}
string strInsertQuery = "INSERT INTO DTR (" + Column + ", EntryType, Remarks) VALUES (@ID, @EntryType, @Remarks)";
SqlParameter[] Params =
{
new SqlParameter("@ID", _UserID),
new SqlParameter("@EntryType", _InOrOut),
new SqlParameter("@Remarks", AntiXSSMethods.CleanString(_Remarks))
};
DataAccess.DataProcessExecuteNonQuery(strInsertQuery, Params, ConnString);
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strImageFile = UploadPhoto();
Response.Write(UploadPhoto());
if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid"))
{
if (strImageFile == "nofile")
{
strImageFile = "";
}
if (checkInputs())
{
bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text);
if (UsernameExists != true)
{
string strInsert = "INSERT INTO Employees (FName, MName, LName, Gender, BDate, ContactNo, Email, AdminLevel, UN, PWD, DateOfEmployment, PhotoFile) VALUES (@fname, @mname, @lname, @gender, @bdate, @contact, @email, @adminlevel, @un, @pwd, @doe, @photofile)";
SqlParameter[] insrtParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", ddlGender.SelectedValue),
new SqlParameter("@bdate", Convert.ToDateTime(txtBDay.Text)),
new SqlParameter("@contact", AntiXSSMethods.CleanString((txtContact.Text))),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)),
new SqlParameter("@adminlevel", ddlAdminLevel.SelectedValue),
new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)),
//new SqlParameter("@pwd", Encryption.MD5(AntiXSSMethods.CleanString((txtPwd2.Text)))),
new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)),
new SqlParameter("@doe", Convert.ToDateTime(txtDateEmployeed.Text)),
new SqlParameter("@photofile", strImageFile)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insrtParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Employee", EmployeeID);
Response.Redirect("ManageEmployees.aspx");
}
else
{
lblAlert.Text = "Username already taken!";
}
}
else
{
lblAlert.Text = "Invalid or Blank Inputs!";
}
}
else if (strImageFile == "large")
{
lblAlert.Text = "Photo File exceeds 1MB!";
}
else if (strImageFile == "invalid")
{
lblAlert.Text = "Photo File is not valid!";
}
}
private void setSearch()
{
dsSearch.ConnectionString = ConnString;
if (ddlCategory.SelectedValue != "" && ddlUserType.SelectedValue != "")
{
if (ddlUserType.SelectedValue == "Tenants")
{
SelectTenant += " WHERE " + AntiXSSMethods.MakeStringSafeForSQL(ddlCategory.SelectedValue) + " LIKE @SQ";
SearcQuery = SelectTenant;
SelectedUserType = 1;
}
else if (ddlUserType.SelectedValue == "Employees")
{
SelectEmployee += " WHERE " + AntiXSSMethods.MakeStringSafeForSQL(ddlCategory.SelectedValue) + " LIKE @SQ";
SearcQuery = SelectEmployee;
SelectedUserType = 2;
}
ViewState.Add("UserType", SelectedUserType.ToString());
dsSearch.SelectParameters.Add(new Parameter("SQ", System.Data.DbType.String, "%" + AntiXSSMethods.CleanString(txtSearchQuery.Text) + "%"));
dsSearch.SelectCommand = SearcQuery;
dsSearch.DataBind();
GRD_Results.DataSource = dsSearch;
GRD_Results.DataBind();
lblAlert.Text = "";
}
else if (ddlUserType.SelectedValue != "" && ddlCategory.SelectedValue == "")
{
//no category selected
clearGrid();
lblAlert.Text = "No Category selected.";
}
else if (ddlUserType.SelectedValue == "" && ddlCategory.SelectedValue != "")
{
//no category selected
clearGrid();
lblAlert.Text = "No User Type selected.";
}
else
{
//no category selected
lblAlert.Text = "Please complete fields!";
clearGrid();
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO TGLink (TenantID, GuardianID, Relation) VALUES (@TID, @GID, @relation)";
SqlParameter[] insertParam =
{
new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@GID", AntiXSSMethods.CleanString(ddlGuardian.SelectedValue)),
new SqlParameter("@relation", AntiXSSMethods.CleanString(txtRelation.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant link to Guardian", EmployeeID);
Response.Redirect("GuardianMgt.aspx");
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Expenses(ExpenseType, Amount, Remarks, EmployeeID) VALUES (@type, @amount, @remarks, @EID)";
SqlParameter[] insertParam =
{
new SqlParameter("@type", AntiXSSMethods.CleanString(ddlExpenseType.SelectedValue)),
new SqlParameter("@amount", AntiXSSMethods.CleanString(txtAmount.Text)),
new SqlParameter("@remarks", AntiXSSMethods.CleanString(txtRemarks.Text)),
new SqlParameter("@EID", EmployeeID)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, connString);
Response.Redirect("ExpenseMgt.aspx");
}
protected void btnResetPass2_Click(object sender, EventArgs e)
{
if (Encryption.MD5(AntiXSSMethods.CleanString(txtPassword.Text)) == Session["KEY"].ToString())
{
string strResetPass = "******" + Encryption.MD5("12345") + "' WHERE TenantID=@TID";
SqlParameter[] EID = { new SqlParameter("@TID", TenantID) };
DataAccess.DataProcessExecuteNonQuery(strResetPass, EID, connString);
MPEResetPass.Hide();
lblAlert.Text = "Password reset successful!";
}
else
{
lblAlert.Text = "Password reset not successful! You have entered your password incorrectly.";
MPEResetPass.Hide();
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Violations (TenantID, EmployeeID, Title, Description, Fine) VALUES (@tid, @eid, @title, @desc, @fine)";
SqlParameter[] insertParam =
{
new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@eid", EmployeeID),
new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)),
new SqlParameter("@desc", AntiXSSMethods.CleanString(txtDesc.Text)),
new SqlParameter("@fine", AntiXSSMethods.CleanString(txtFine.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Violation", EmployeeID);
Response.Redirect("~/Admin/ViolationMgt.aspx");
}
protected void btnSearch_Click(object sender, EventArgs e)
{
if (ddlSearch.SelectedValue != "")
{
string strSelect = "SELECT * FROM Employees WHERE " + AntiXSSMethods.MakeStringSafeForSQL(ddlSearch.SelectedValue) + " LIKE @entry AND EmployeeID !='" + CurrentUserID.ToString() + "' ORDER BY EmployeeID DESC";
SqlParameter[] SearchVal = { new SqlParameter("@entry", "%" + AntiXSSMethods.CleanString(txtSearch.Text) + "%") };
DataSet ds = DataAccess.DataProcessReturnData(strSelect, SearchVal, connString);
GrdEmployees.DataSourceID = string.Empty;
GrdEmployees.DataSource = ds;
GrdEmployees.DataBind();
}
else
{
}
}
protected void Button1_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Messages (EmployeeID, TenantID, Subject, Message) VALUES (@EID, @TID, @subject, @message)";
SqlParameter[] insertParam =
{
new SqlParameter("@EID", EmployeeID),
new SqlParameter("@TID", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@message", AntiXSSMethods.CleanString(txtMsg.Text))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Sent a message", EmployeeID);
//Response.Write("<script>alert('Message sent!');</script>");
Response.Redirect("~/Admin/MessageMgt.aspx");
}
public string UploadPhoto()
{
string result;
try
{
if (FupPhoto.HasFile)
{
ImageProcess img = new ImageProcess();
Stream imgStream = FupPhoto.FileContent;
//validates if file is a valid JPG/PNG image
bool isValidType = img.ValidateImageFileType(imgStream);
//validates if file meets valid size;
bool isValidSize = img.ValidateImageFileSize(imgStream, 1048576);
if (isValidType == false)
{
return("invalid");
}
if (isValidSize == false)
{
return("large");
}
string FileExtension = Path.GetExtension(FupPhoto.FileName).ToLower();
string NewFileName = "Employee_" + AntiXSSMethods.CleanString(txtUN.Text) + "_" + StringCustomizers.dateStampNoID + FileExtension;
FupPhoto.SaveAs(Server.MapPath(@"~/uploads/" + NewFileName));
result = NewFileName;
}
else
{
result = "nofile";
}
}
catch (Exception ex)
{
result = "error: " + ex.Message;
}
finally
{
FupPhoto.Dispose();
}
return(result);
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
try
{
string curfewTime;
if (cbkDisableCurfew.Checked)
{
curfewTime = "";
}
else
{
curfewTime = DDLHR.SelectedValue + ":" + DDLMIN.SelectedValue;
}
string strUpdate = "UPDATE Tenants SET AdminLevel=@adminlevel, Gender=@gender, Photofile=@photofile, ContactNo=@contactno, BDate=@bdate, Email=@email, FName=@fname, MName=@mname, LName=@lname, Street=@street, City=@city, Region=@region, Country=@country, CurfewTime=@curfewtime WHERE TenantID=@TID";
photofile = UploadPhoto();
SqlParameter[] UpdateParams =
{
new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)),
new SqlParameter("@photofile", photofile),
new SqlParameter("@contactno", AntiXSSMethods.CleanString(txtContactNo.Text)),
new SqlParameter("@bdate", Convert.ToDateTime(txtDOB.Text)),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmailAdd.Text)),
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)),
new SqlParameter("@city", AntiXSSMethods.CleanString(txtCity.Text)),
new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)),
new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)),
new SqlParameter("@TID", TenantID),
new SqlParameter("@curfewtime", curfewTime)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, connString);
loaddata(TenantID);
lblAlert.Text = "Tenant information saved.";
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO ServiceRequest (TenantID, Title, Details, Remarks, Priority) VALUES (@TID, @title, @details, @remarks, @priority)";
SqlParameter[] insertParam =
{
new SqlParameter("@TID", TenantID),
new SqlParameter("@title", AntiXSSMethods.CleanString(txtTitle.Text)),
new SqlParameter("@details", AntiXSSMethods.CleanString(txtDetails.Text)),
new SqlParameter("@remarks", remarks),
new SqlParameter("@priority", priority)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateTenantAuditTrail("Added new service request", TenantID);
//Response.Write("<script>alert('Success!');</script>");
Response.Redirect("~/Tenant/ServiceRequestMgt.aspx");
}
protected void btnSearch_Click(object sender, EventArgs e)
{
if (ddlCategory.SelectedValue + ddlUserType.SelectedValue != "")
{
string strSelect = "SELECT * FROM DTR WHERE " + ddlCategory.SelectedValue + ddlUserType.SelectedValue + " LIKE @entry AND DTR_ID !='" + SelectedUser.ToString() + "' ORDER BY Username DESC";
SqlParameter[] SearchVal = { new SqlParameter("@entry", "%" + AntiXSSMethods.CleanString(txtSearch.Text) + "%") };
DataSet ds = DataAccess.DataProcessReturnData(strSelect, SearchVal, connString);
GRD_Results.DataSourceID = string.Empty;
GRD_Results.DataSourceID = string.Empty;
GRD_Results.DataBind();
}
else
{
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Announcement (Subject, Message, EmployeeID) VALUES (@subject, @message, @eid)";
SqlParameter[] insertParam =
{
new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@message", Server.HtmlEncode(txtMsg.Text.Trim())),
new SqlParameter("@eid", EmployeeID)
};
int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Announcement", EmployeeID);
//DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
//Response.Write("<script>alert('Success!');</script>");
Response.Redirect("ViewAnnouncement.aspx?ID=" + newID.ToString());
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
int fpid;
try
{
fpid = int.Parse(AntiXSSMethods.CleanString(txtFPID.Text));
}
catch
{
fpid = 0;
}
try
{
string strUpdate = "UPDATE Tenants SET PhotoFile=@photofile, FingerprintID=@fpid, FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, MobileNo=@mobno, Email=@email, Street=@street, City=@city, Region=@region, Country=@country WHERE TenantID=@TID";
photofile = UploadPhoto();
SqlParameter[] UpdateParams =
{
new SqlParameter("@fpid", fpid),
new SqlParameter("@photofile", photofile),
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)),
new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtDOB.Text)),
new SqlParameter("@mobno", AntiXSSMethods.CleanString(txtContactNo.Text)),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmailAdd.Text)),
new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)),
new SqlParameter("@city", AntiXSSMethods.CleanString(txtCityProvince.Text)),
new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)),
new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)),
new SqlParameter("@TID", TenantID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated tenants details", EmployeeID);
loaddata(TenantID);
lblAlert.Text = "Tenant information saved.";
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
try
{
if (ddlRemarks.SelectedValue == "Completed")
{
txtDateCompleted.Visible = true;
string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority, DateCompleted=@dateCompleted WHERE ServiceRequestID=@SRID";
SqlParameter[] updateParam =
{
new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)),
new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)),
new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)),
new SqlParameter("@dateCompleted", AntiXSSMethods.CleanString(txtDateCompleted.Text)),
new SqlParameter("@SRID", ServiceRequestID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID);
loaddata(ServiceRequestID);
lblAlert.Text = "Update saved!";
}
else
{
string strUpdate = "UPDATE ServiceRequest SET EmployeeID=@EID, Remarks=@remarks, Priority=@priority WHERE ServiceRequestID=@SRID";
SqlParameter[] updateParam =
{
new SqlParameter("@EID", AntiXSSMethods.CleanString(ddlEmp.SelectedValue)),
new SqlParameter("@remarks", AntiXSSMethods.CleanString(ddlRemarks.SelectedValue)),
new SqlParameter("@priority", AntiXSSMethods.CleanString(ddlPriority.SelectedValue)),
new SqlParameter("@SRID", ServiceRequestID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, connString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated service request remarks and priority", EmployeeID);
loaddata(ServiceRequestID);
lblAlert.Text = "Update saved!";
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
if (CheckInputs())
{
string strUpdate = "UPDATE Announcement SET Message=@message, Subject=@subject WHERE AnnouncementID=@AID";
SqlParameter[] UpdateParams =
{
new SqlParameter("@subject", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@message", Server.HtmlEncode(AntiXSSMethods.CleanString(txtMsg.Text))),
new SqlParameter("@AID", AnnouncementID)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, UpdateParams, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated announcement", EmployeeID);
lblAlert.Text = "Announcement updated!";
}
else
{
lblAlert.Text = "Update failed. Some fields are blank.";
}
}
bool CheckInputs()
{
oldpass = AntiXSSMethods.CleanString(txtOldPass.Text);
if (oldpass == "")
{
return(false);
}
if (AntiXSSMethods.CleanString(txtNewPass.Text) == AntiXSSMethods.CleanString(txtRetypeNewPass.Text))
{
//newpass = AntiXSSMethods.CleanString(txtNewPass.Text);
newpass = Encryption.GenerateBCryptHash(txtNewPass.Text);
}
else
{
return(false);
}
return(true);
}
protected void btnReg_Click(object sender, EventArgs e)
{
if (checkInputs())
{
string strInsert = "INSERT INTO Assets (TenantID, AssetType, ModelName, BrandName,SerialNo, Amount) VALUES (@tid, @type, @model, @brand, @serial, @amount)";
SqlParameter[] insertParam =
{
new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@type", AntiXSSMethods.CleanString(ddlType.SelectedValue)),
new SqlParameter("@model", AntiXSSMethods.CleanString(txtModel.Text)),
new SqlParameter("@brand", AntiXSSMethods.CleanString(txtBrand.Text)),
new SqlParameter("@serial", AntiXSSMethods.CleanString(txtSerial.Text)),
new SqlParameter("@amount", StringCustomizers.CheckMoney(Convert.ToDouble(AntiXSSMethods.CleanString(txtAmount.Text))))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Asset", EmployeeID);
Response.Redirect("~/Admin/ManageAssets.aspx");
}
else
{
lblAlert.Text = "Please check your input fields for invalid entries";
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string strInsert = "INSERT INTO Complaints (TenantID, Subject, Details, Status) VALUES (@TID, @subj, @details, @status)";
SqlParameter[] insertParam =
{
new SqlParameter("@TID", TenantID),
new SqlParameter("@subj", AntiXSSMethods.CleanString(txtSubject.Text)),
new SqlParameter("@details", AntiXSSMethods.CleanString(txtMsg.Text)),
new SqlParameter("@status", status)
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateTenantAuditTrail("Added new complaints", TenantID);
//Response.Write("<script>alert('Success!');</script>");
Response.Redirect("AddComplaint.aspx");
lblAlert.Text = "Complaint submitted!";
if (IsPostBack)
{
txtSubject.Text = "";
txtMsg.Text = "";
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
int SelectedGuardian = int.Parse(grdGuardian.SelectedDataKey["GuardianID"].ToString());
string strUpdate = "UPDATE Guardians SET FName=@fname, MName=@mname, LName=@lname, Gender=@gender, BDate=@bdate, ContactNo=@contactNo, Email=@email, Address=@address WHERE GuardianID=@GID";
SqlParameter[] updateParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", AntiXSSMethods.CleanString(ddlGender.SelectedValue)),
new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)),
new SqlParameter("@contactNo", AntiXSSMethods.CleanString(txtContact.Text)),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)),
new SqlParameter("@address", AntiXSSMethods.CleanString(txtAddress.Text)),
new SqlParameter("@GID", SelectedGuardian)
};
DataAccess.DataProcessExecuteNonQuery(strUpdate, updateParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Updated guardians details", EmployeeID);
lblAlert.Text = "Successfully Updated!";
grdGuardian.DataBind();
loaddata(SelectedGuardian);
}
protected void btnRecordPayment_Click(object sender, EventArgs e)
{
//I need bill ID... to follow
//Response.Redirect("BillPayment.aspx?ID=");
int NewBillID = AcctFunctions.MarkBillAsPaid(int.Parse(DDLBillPeriod.SelectedValue), AntiXSSMethods.CleanString(txtPayRemarks.Text));
AcctFunctions.ClearPreviousBills(TenantID);
Response.Redirect("Receipt.aspx?ID=" + NewBillID.ToString());
}
protected void btnResetPass_Click(object sender, EventArgs e)
{
string TableName = "";
string Username = AntiXSSMethods.CleanString(txtUsername.Text);
if (Username != "")
{
bool IsExisting = General.CheckIfExisting(Username);
if (IsExisting)
{
//role = 1 Employee, 2 Tenant, 3 Guardian, 4 - error that will most likely not happen! :)
int role = General.CheckRole(Username);
//Response.Write(role.ToString());
string newpass = StringCustomizers.RandomStr();
string encryptednewpass = Encryption.GenerateBCryptHash(newpass);
if (role == 1)
{
TableName = "Employees";
}
else if (role == 2)
{
TableName = "Tenants";
}
else if (role == 3)
{
TableName = "Guardians";
}
string UpdatePWD = "UPDATE " + TableName + " SET Pwd=@pwd WHERE UN=@UN";
SqlParameter[] Params =
{
new SqlParameter("@UN", Username),
new SqlParameter("@pwd", encryptednewpass)
};
DataAccess.DataProcessExecuteNonQuery(UpdatePWD, Params, ConnString);
//sends email
SqlParameter[] UN = { new SqlParameter("@UN", Username) };
string email = DataAccess.ReturnData("SELECT Email FROM " + TableName + " WHERE UN=@UN", UN, ConnString, "Email");
bool mailIsSent = sendmail(email, newpass);
if (mailIsSent)
{
lblAlert.Text = "Your password has been successfully reset. Please check your registered email's inbox for your new password. Don't forget to check your junk mailbox.";
}
else
{
lblAlert.Text = "Email is not sent. You may ask an administrator to reset your password for you.";
}
}
else
{
lblAlert.Text = "Username doesn't exist!";
}
}
else
{
lblAlert.Text = "No username entered!";
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
string curfewTime;
if (cbkDisableCurfew.Checked)
{
curfewTime = "";
}
else
{
curfewTime = DDLHR.SelectedValue + ":" + DDLMIN.SelectedValue;
}
string strImageFile = UploadPhoto();
if ((strImageFile == "nofile") || (strImageFile != "large" && strImageFile != "invalid"))
{
if (strImageFile == "nofile")
{
strImageFile = "";
}
if (checkInputs())
{
bool UsernameExists = UserManagement.General.CheckIfExisting(txtUN.Text);
if (UsernameExists != true)
{
string strInsert = "INSERT INTO Tenants (FName, MName, LName, Gender, Email, BDate, Street, City, Region, Country, MobileNo, UN, Pwd, CurfewTime) VALUES (@fname, @mname, @lname, @gender, @email, @bdate, @street, @city, @region, @country, @mobileNo, @un, @pwd, @curfewtime)";
SqlParameter[] insertParam =
{
new SqlParameter("@fname", AntiXSSMethods.CleanString(txtFName.Text)),
new SqlParameter("@mname", AntiXSSMethods.CleanString(txtMName.Text)),
new SqlParameter("@lname", AntiXSSMethods.CleanString(txtLName.Text)),
new SqlParameter("@gender", ddlGender.SelectedValue),
new SqlParameter("@email", AntiXSSMethods.CleanString(txtEmail.Text)),
new SqlParameter("@bdate", AntiXSSMethods.CleanString(txtBDay.Text)),
new SqlParameter("@street", AntiXSSMethods.CleanString(txtStreet.Text)),
new SqlParameter("@city", AntiXSSMethods.CleanString(txtCity.Text)),
new SqlParameter("@region", AntiXSSMethods.CleanString(txtRegion.Text)),
new SqlParameter("@country", AntiXSSMethods.CleanString(txtCountry.Text)),
new SqlParameter("@mobileNo", AntiXSSMethods.CleanString(txtContact.Text)),
new SqlParameter("@un", AntiXSSMethods.CleanString(txtUN.Text)),
new SqlParameter("@pwd", Encryption.GenerateBCryptHash(txtPwd1.Text)),
new SqlParameter("@curfewtime", curfewTime)
};
int newID = DataAccess.InsertAndGetIndex(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Tenant", EmployeeID);
Response.Redirect("Contract.aspx?ID=" + newID.ToString());
}
else
{
lblAlert.Text = "Username already taken!";
}
}
else
{
lblAlert.Text = "Birth date is invalid!";
}
}
else if (strImageFile == "large")
{
lblAlert.Text = "Photo File exceeds 1MB!";
}
else if (strImageFile == "invalid")
{
lblAlert.Text = "Photo File is not valid!";
}
}
