protected void btnUpdate_Click(object sender, EventArgs e)
{
// Retrieve the "updated" info.
string id = Session["userId"].ToString();
string fName = txtFName.Text;
string lName = txtLName.Text;
string user = txtUser.Text;
string password = txtPassword.Text;
string address = txtAddress.Text;
string email = txtEmail.Text;
string phone = txtPhone.Text;
// Craft the query (Shouldn't send in plain text!)
string query = string.Format(
"UPDATE person " +
"SET firstName = '{0}', lastName = '{1}', userName = '******', " +
"password = '******', address = '{4}', email = '{5}', phone = '{6}' " +
"WHERE id = {7}",
fName, lName, user, password, address, email, phone, id);
DBMaster dbm = new DBMaster(); // Open a connection
dbm.ExecuteNonQuery(query); // Execute the query
dbm.CloseConnection(); // Close the connection
// Move to next web page
Response.Redirect("showUserInfo.aspx");
}
protected void Page_Load(object sender, EventArgs e)
{
// Verify a user is logged in
if (Session["userID"] == null)
{
// Passing status to main page via GET to let it handle the no
// logged-in user situation.
Response.Redirect("~/index.aspx?status=nologin");
}
else
{
const string BUSINESS = "Ice Cream Internet Parlor";
DBMaster dbm = new DBMaster();
SqlDataReader reader = null;
string query = "";
string product = "";
string price = "";
string address = "";
string email = "";
string id = Session["UserID"].ToString();
// Retrieve user's name from Session
string fName = Session["fName"].ToString();
string lName = "";
// Get id from URL
string pid = Request.QueryString["id"];
string message = "Hi! " + fName;
double price2 = 0.0;
// First, get product name & price
query = "SELECT productName, price FROM products WHERE pid = " + pid;
// Execute the query
reader = dbm.GetReader(query);
if (reader.Read())
{
product = reader["productName"].ToString();
price = reader["price"].ToString();
// Make Price look like a proper price (2 significant digits)
if (double.TryParse(price, out price2))
{
price = string.Format("{0:C}", price2);
}
else
{
// The chances of this executing are slim to none since
// price is in the database as a number.
price = "$" + price;
}
}
dbm.CloseReader(); // Done with the reader, for now.
// Second, decrement the amount
query = "UPDATE products SET currentAmount -= 1 WHERE pid = " + pid;
dbm.ExecuteNonQuery(query);
// Third, get user's address.
query = "SELECT * FROM person WHERE id = " + id;
// Get the needed info from the person table.
reader = dbm.GetReader(query);
if (reader.Read())
{
address = reader["address"].ToString();
email = reader["email"].ToString();
lName = reader["lastName"].ToString();
}
// We have all the pieces we need from the database.
dbm.CloseReader();
dbm.CloseConnection();
// Build up the message; the Greeting line is already added.
message += string.Format(
"<p>Thank you for purchasing <b>{0}</b>. " +
"Your credit card on file will be charged <b>{1}</b><br/>" +
"Your purchase will be shipped to: <b>{2}</b></p>" +
"<p>Thanks for shopping at {3}! " +
"It is a pleasure doing business with you.</p>",
product, price, address, BUSINESS);
divGreet.InnerHtml = message;
/* No point in running the rest of the code if there is no from email and
* password - JK
* // Get sender credentials
* string fromEmail = "";
* string fromPassword = "";
*
* // Combine first and last names into one string
* string toName = string.Format("{0} {1}", fName, lName);
*
* // Create a MailMessage object
* MailAddress from = new MailAddress(fromEmail, BUSINESS);
* MailAddress to = new MailAddress(email, toName);
* MailMessage mail = new MailMessage(from, to);
*
* // Build the email
* mail.Subject = "Your order from " + BUSINESS;
* mail.Body = message;
* // And tell message we're using HTML
* mail.IsBodyHtml = true;
*
* // Set SMTP for gmail
* SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587);
*
* // Provide the credentials
* smtp.Credentials = new NetworkCredential(fromEmail, fromPassword);
* smtp.EnableSsl = true;
*
* // Send the email
* smtp.Send(mail);
*/
}
}
