protected void RegisterButton_Click(object sender, EventArgs e) { if (Page.IsValid) { object returnVal; string strName, strAddress, strPhone, strPassword, strEmail; int intShopperID = 0; strName = nameTextBox.Text; strAddress = addressTextbox.Text; strPhone = phoneTextbox.Text; strEmail = emailTextbox.Text; strPassword = pswTextBox.Text.Trim(); DatabaseMgmt dbObj = new DatabaseMgmt(); string strSqlCmd; strSqlCmd = $"select ShopperID from Shopper where Email='{strEmail}'"; if ((returnVal = (object)dbObj.ExecuteScalar(strSqlCmd)) != null) { intShopperID = Convert.ToInt32(returnVal); } else { intShopperID = 0; } if (intShopperID == 0) { strSqlCmd = $"Insert into Shopper(Name, Address,Phone, Email, Passwd) VALUES ('{strName}','{strAddress}'," + $"'{strPhone}','{strEmail}','{strPassword}')"; dbObj.ExecuteNonQuery(strSqlCmd); strSqlCmd = $"select MAX(ShopperID) From Shopper"; if ((returnVal = (object)dbObj.ExecuteScalar(strSqlCmd)) != null) { intShopperID = Convert.ToInt32(returnVal); } else { intShopperID = 0; } Session["ShopperID"] = intShopperID; Session["Name"] = strName; Session["Address"] = strAddress; Session["Phone"] = strPhone; Session["Email"] = strEmail; Session["ProfileRetrived"] = 1; msgLabel.Text = "Registration Successful"; } else { msgLabel.Text = "Please select another email to register"; } } }
protected void EmailDetailsChanged_Changed(object sender, EventArgs e) { MultiView1.SetActiveView(PasswordView); object returnVal; string Name; //Read Database DatabaseMgmt dbObj = new DatabaseMgmt(); SqlDataReader dR; dbObj.Connect(); string strSqlCmd; strSqlCmd = $"select SecurityQn, ShopperID from Shopper where Email='{emailDetailsTextBox.Text}'"; dR = dbObj.ExecuteSelect(strSqlCmd); if (dR.Read()) { SecurityQnLabel.Text = dR["SecurityQn"].ToString(); } else { SecurityQnLabel.Text = "No Account found!"; } }
protected void btnAddCart_Click(object sender, EventArgs e) { // Set the Session Variables: // ProductID, ProductName, ProductPrice and Quantity //=================================================== DatabaseMgmt objdbMgmt = new DatabaseMgmt(); SqlDataReader dR; string strSqlCmd = $"select quantity from Product where productId = {int.Parse(Request["ProductId"])}"; dR = objdbMgmt.ExecuteSelect(strSqlCmd); if (dR.Read()) { if (int.Parse(txtQty.Text) > int.Parse(dR["quantity"].ToString())) { Response.Write("<script>alert('Invalid quantity/Sold out');</script>"); return; } } Session["Quantity"] = txtQty.Text; Session["ProductName"] = lblProductTitle.Text; Session["ProductPrice"] = lblProductPrice.Text; Session["ProductID"] = Request["ProductId"]; // Re-direct to AddItem page to add the // selected item to the shopping cart Response.Redirect("AddItem.aspx"); }
protected void Page_Load(object sender, EventArgs e) { if (Session["ShopperID"] == null) { Response.Redirect("Login.aspx"); } else { DatabaseMgmt objdbMgmt = new DatabaseMgmt(); SqlDataReader dR; objdbMgmt.Connect(); string strSqlCmd; strSqlCmd = $"select address,email,phone, passwd from Shopper where ShopperID='{Session["ShopperId"]}'"; dR = objdbMgmt.ExecuteSelect(strSqlCmd); if (displayNameCheckBox.Checked == true) { } NameLabel.Text = (string)Session["Name"]; if (dR.Read()) { PasswordLabel.Text = dR["Passwd"].ToString().Trim(); AddressLabel.Text = dR["address"].ToString(); EmailLabel.Text = dR["email"].ToString(); PhoneLabel.Text = dR["phone"].ToString(); } } }
protected void getAnswer_Changed(object sender, EventArgs e) { string Question; //Read Database DatabaseMgmt dbObj = new DatabaseMgmt(); SqlDataReader dR; dbObj.Connect(); string strSqlCmd; strSqlCmd = $"select Name, ShopperID, SecurityQn, QnAnswer from Shopper where Name='{nameEmailViewTextBox.Text}' and passwd = '{passwordEmailViewTextBox.Text}'"; dR = dbObj.ExecuteSelect(strSqlCmd); if (dR.Read()) { MultiView1.SetActiveView(EmailView); Question = dR["SecurityQn"].ToString(); QuestionEmailLabel.Text = Question; } else { QuestionEmailLabel.Text = "No Account found"; MultiView1.SetActiveView(EmailView); } }
protected void loginButton_Click(object sender, EventArgs e) { SqlDataReader dR; string strPassword; DatabaseMgmt dbObj = new DatabaseMgmt(); string selStr = $"select passwd, name, ShopperId from SHopper Where email ='{emailTextBox.Text}'"; dR = dbObj.ExecuteSelect(selStr); if (dR.Read()) { strPassword = dR["passwd"].ToString(); if (strPassword == pswTextBox.Text) { Session["Password"] = strPassword; Session["Name"] = dR["name"].ToString(); Session["ShopperId"] = dR["ShopperID"].ToString(); Response.Redirect("Home.aspx"); } else { msgLabel.Text = "Email or password incorrect"; } } else { msgLabel.Text = "Email or password incorrect"; } dR.Close(); }
protected void RegisterButton_Click(object sender, EventArgs e) { int intQty = 0; double dblBalance = 0, dblTotalValue = 0, dblPrice = 0; DatabaseMgmt objdbMgmt = new DatabaseMgmt(); DatabaseMgmt objdbMgmtProduct = new DatabaseMgmt(); DatabaseMgmt objdbMgmtUpdate = new DatabaseMgmt(); DatabaseMgmt objdbAccCredit = new DatabaseMgmt(); SqlDataReader dR, dRProduct, dRBalance; string strSqlCmd = $"Select productId,price,quantity from shopcartitem where shopcartid = '{Session["ShopCartId"]}'"; dR = objdbMgmt.ExecuteSelect(strSqlCmd); while (dR.Read()) { intQty = int.Parse(dR["quantity"].ToString()); dblPrice = double.Parse(dR["price"].ToString()); strSqlCmd = $"Select productid,quantity from product where productid = '{dR["productId"]}'"; dRProduct = objdbMgmtProduct.ExecuteSelect(strSqlCmd); while (dRProduct.Read()) { dblTotalValue = dblPrice * intQty; strSqlCmd = $"Select Balance FROM AccountCredit Where AccBalanceID = " + Session["ShopperID"]; dRBalance = objdbAccCredit.ExecuteSelect(strSqlCmd); if (dRBalance.Read()) { dblBalance = double.Parse(dRBalance["Balance"].ToString()); } dRBalance.Close(); dblBalance = dblBalance - dblTotalValue; if (dblBalance >= 0) { strSqlCmd = $"Update AccountCredit Set Balance = {dblBalance} Where AccBalanceID = " + Session["ShopperID"]; objdbAccCredit.ExecuteNonQuery(strSqlCmd); int intTmp = int.Parse(dRProduct["quantity"].ToString()) - int.Parse(dR["quantity"].ToString()); strSqlCmd = $"update Product set quantity = {intTmp} where productId = '{dRProduct["productid"]}'"; objdbMgmtUpdate.ExecuteNonQuery(strSqlCmd); msgLabel.Text = "Your order will be delivered soon"; } else { msgLabel.Text = "Insufficient Funds, please top up your account"; } } dRProduct.Close(); Session["ShopCartId"] = null; Response.AddHeader("REFRESH", "3;URL=Home.aspx"); } }
protected void EmailContinueButton_Click(object sender, EventArgs e) { int temp; string sqlcmd = $"update shopper set Email = '{emailChangeViewTextBox.Text}' where passwd = '{Session["passwd"]}'"; DatabaseMgmt dbObj = new DatabaseMgmt(); temp = dbObj.ExecuteNonQuery(sqlcmd); MultiView1.SetActiveView(SuccessView); }
protected void ChangePasswordPushButton_Click(object sender, EventArgs e) { int temp; string sqlcmd = $"update shopper set passwd = '{ConfirmNewPassword.Text}' where Email = '{Session["email"]}'"; DatabaseMgmt dbObj = new DatabaseMgmt(); temp = dbObj.ExecuteNonQuery(sqlcmd); MultiView1.SetActiveView(SuccessView); }
protected void Page_Load(object sender, EventArgs e) { // Connect to the database DatabaseMgmt objdbMgmt = new DatabaseMgmt(); objdbMgmt.Connect(); string strSqlCmd; // System.Data.OleDb.OleDbDataReader objDataReader; System.Data.SqlClient.SqlDataReader objDataReader; double curOringalPrice; // Retrieve the details of product of a given product ID // from the database int intProductId; intProductId = Convert.ToInt32(Request.QueryString["ProductId"]); strSqlCmd = "SELECT * FROM Product WHERE ProductId=" + intProductId; objDataReader = objdbMgmt.ExecuteSelect(strSqlCmd); // Read the only record retrieved if (objDataReader.Read()) { // Display the product title lblProductTitle.Text = (string)objDataReader["ProductTitle"]; // Display the product description if (objDataReader["ProductDesc"] != DBNull.Value) { lblProductDesc.Text = (string)objDataReader["ProductDesc"]; } // Display the product image imgProduct.ImageUrl = "images/products/" + (string)objDataReader["ProductImage"]; // Display the product price // Format to display two decimals curOringalPrice = Convert.ToDouble(objDataReader["Price"]); lblProductPrice.Text = "$" + string.Format(Convert.ToString(curOringalPrice), "0.00"); objDataReader.Close(); } // Retrieve the dynamic attributes of a given product strSqlCmd = "SELECT an.AttributeName, pa.AttributeVal FROM AttributeName an INNER JOIN ProductAttribute pa ON an.AttributeNameID=pa.AttributeNameID WHERE pa.ProductID=" + intProductId; objDataReader = objdbMgmt.ExecuteSelect(strSqlCmd); // Bind the records to the data grid control dgAttribute.DataSource = objDataReader; dgAttribute.DataBind(); objDataReader.Close(); objdbMgmt.Close(); }
protected void btnUpdateCart_Click(object sender, EventArgs e) { // Connect to the database DatabaseMgmt objdbMgmt = new DatabaseMgmt(); string strSqlCmd; // Iterate through all rows within shopping cart list // (i.e. the dgShopCart data grid) int i; for (i = 0; i <= dgShopCart.Rows.Count - 1; i++) { // Obtain references to row's controls TextBox txtQuantity; txtQuantity = (TextBox)dgShopCart.Rows[i].FindControl("txtQty"); // Get the quantity value from textbox // and convert to integer int intQuantity; intQuantity = Convert.ToInt16(txtQuantity.Text); if (intQuantity <= 0) { Response.Write("<script>alert('Invalid quantity');</script>"); return; } // Get the ProductId from the first cell // and convert to integer int intProductID; intProductID = Convert.ToInt16(dgShopCart.Rows[i].Cells[0].Text); strSqlCmd = $"select quantity from Product where productId = {intProductID}"; SqlDataReader dR = objdbMgmt.ExecuteSelect(strSqlCmd); if (dR.Read()) { if (intQuantity > int.Parse(dR["quantity"].ToString())) { Response.Write("<script>alert('Invalid quantity');</script>"); return; } } objdbMgmt.Close(); // Update quantity order of shopping cart in database strSqlCmd = "UPDATE ShopCartItem SET Quantity=" + intQuantity + " WHERE ShopCartID=" + Session["ShopCartID"] + " AND ProductId=" + intProductID; objdbMgmt.Open(); objdbMgmt.ExecuteNonQuery(strSqlCmd); } displayShopCart(); objdbMgmt.Close(); }
protected void Page_Load(object sender, EventArgs e) { DatabaseMgmt dbObj = new DatabaseMgmt(); string strSqlCmd; SqlDataReader sqlDataReader; strSqlCmd = "Select * From Department"; sqlDataReader = dbObj.ExecuteSelect(strSqlCmd); dgDept.DataSource = sqlDataReader; dgDept.DataBind(); dbObj.Close(); }
private void displayShopCart() { lblEmptyShopCart.Visible = false; dgShopCart.Visible = true; lblSubTotal.Visible = true; btnUpdateCart.Visible = true; btnCheckOut.Visible = true; // Establish a database connection DatabaseMgmt objdbMgmt = new DatabaseMgmt(); // Get items in the designated shopping cart. string strSqlCmd; SqlDataReader objDataReader; strSqlCmd = "SELECT ShopCartID, ProductID, Name, Price, Quantity, DateAdded, Price * Quantity as Total FROM ShopCartItem WHERE ShopCartID=" + Session["ShopCartId"]; objDataReader = objdbMgmt.ExecuteSelect(strSqlCmd); // Bind the records to the data list control dgShopCart.DataSource = objDataReader; dgShopCart.DataBind(); objDataReader.Close(); // Check for empty shopping cart if (dgShopCart.Rows.Count == 0) { // Call a subroutine to display empty Shopping Cart message displayEmptyShopCart(); } else { // Calculate the subtotal. double dblSubTotal; strSqlCmd = "SELECT SUM(Price * Quantity) as SubTotal FROM ShopCartItem WHERE ShopCartID=" + Session["ShopCartId"]; dblSubTotal = Convert.ToDouble(objdbMgmt.ExecuteScalar(strSqlCmd)); // Display the subtotal. string strSubTotal = string.Format("{0:c}", dblSubTotal, 2); lblSubTotal.Text = "Subtotal (before tax and shipping charge): " + strSubTotal; } objdbMgmt.Close(); }
protected void Page_Load(object sender, EventArgs e) { // Don't allow non-member to purchase a product if (Session["ShopperID"] == null) { Response.Redirect("Login.aspx"); } int intProductID; string strProductName; double dblProductPrice; int intQuantity; int intShopCartID; int intShopperID; bool flgAddItem; string strSqlCmd; // Read product's details from session variables //intProductID = Convert.ToInt32(Session["ProductID"]); intProductID = Convert.ToInt32(Request.QueryString["ProductId"]); dblProductPrice = Convert.ToDouble(Double.Parse((string)Session["ProductPrice"], System.Globalization.NumberStyles.Currency)); intQuantity = Convert.ToInt32(Session["Quantity"]); // Replace any single-quote with two single-quote strProductName = Convert.ToString(Session["ProductName"]); // Connect to the database DatabaseMgmt objdbMgmt = new DatabaseMgmt(); //objdbMgmt.Connect(); // If it is a new item, add item into shopping cart. strSqlCmd = $"Delete from ShopCartItem where productId ='{intProductID}'"; objdbMgmt.ExecuteNonQuery(strSqlCmd); objdbMgmt.Close(); // Re-direct to ShopCart page for display of shopping cart Response.Redirect("ShopCart.aspx"); }
protected void Page_Load(object sender, EventArgs e) { DatabaseMgmt objdbMgmt = new DatabaseMgmt(); SqlDataReader dR; objdbMgmt.Connect(); string strSqlCmd; strSqlCmd = $"select address,email,phone from Shopper where ShopperID='{Session["ShopperId"]}'"; dR = objdbMgmt.ExecuteSelect(strSqlCmd); nameTextBox.Text = (string)Session["Name"]; if (dR.Read()) { addressTextbox.Text = dR["address"].ToString(); emailTextbox.Text = dR["email"].ToString(); phoneTextbox.Text = dR["phone"].ToString(); } }
protected void Page_Load(object sender, EventArgs e) { DatabaseMgmt objdbMgmt = new DatabaseMgmt(); string strSqlCmd; SqlDataReader dR; if (Session["ShopperID"] != null) { LogoutButton.Visible = true; RegisterButton.Visible = false; loginsButton.Visible = false; SellButton.Visible = true; ProfileButton.Visible = true; Shopping_cartBtn.Visible = true; CheckoutBtn.Visible = true; ProfileButton.Text = $"Welcome , {Session["Name"]}"; } else { RegisterButton.Visible = true; LogoutButton.Visible = false; loginsButton.Visible = true; SellButton.Visible = false; ProfileButton.Visible = false; Shopping_cartBtn.Visible = false; CheckoutBtn.Visible = false; } if (Session["ShopCartId"] != null) { strSqlCmd = $"select quantity from shopcartitem where shopcartid = '{Session["ShopCartId"]}'"; dR = objdbMgmt.ExecuteSelect(strSqlCmd); while (dR.Read()) { itemnum = itemnum + int.Parse(dR["quantity"].ToString()); } Shopping_cartBtn.Text = $"Shop Cart ({itemnum})"; } }
protected void Page_Load(object sender, EventArgs e) { DatabaseMgmt objdbMgmt = new DatabaseMgmt(); string strSqlCmd; SqlDataReader objDataReader; if (IsPostBack == false) { if (Request.QueryString["search"] == null) { Session["LastDeptID"] = Request["DeptID"]; strSqlCmd = "SELECT DeptName, DeptDesc FROM Department WHERE DepartmentID=" + Request.QueryString["DeptID"]; objDataReader = objdbMgmt.ExecuteSelect(strSqlCmd); // Close the data reader objDataReader.Close(); strSqlCmd = "SELECT count(p.ProductId) FROM DepartmentProduct dp INNER JOIN Product p ON dp.ProductID = p.ProductID" + " WHERE dp.DepartmentID = " + Request.QueryString["DeptID"]; dgDeptProduct.VirtualItemCount = int.Parse(objdbMgmt.ExecuteScalar(strSqlCmd).ToString()); BindData("SELECT p.ProductID, p.ProductTitle, p.ProductImage, p.Price, p.Quantity FROM DepartmentProduct dp INNER JOIN Product p ON dp.ProductID = p.ProductID" + " WHERE dp.DepartmentID = " + Request.QueryString["DeptID"]); } else { strSqlCmd = "SELECT count(p.ProductId) FROM DepartmentProduct dp INNER JOIN Product p ON dp.ProductID = p.ProductID" + " WHERE p.ProductTitle like '%" + Request.QueryString["search"] + "%'"; dgDeptProduct.VirtualItemCount = int.Parse(objdbMgmt.ExecuteScalar(strSqlCmd).ToString()); BindData("SELECT p.ProductID, p.ProductTitle,p.ProductImage, p.Price, p.Quantity FROM DepartmentProduct dp INNER JOIN Product p ON dp.ProductID=p.ProductID" + " WHERE p.ProductTitle like '%" + Request.QueryString["search"] + "%'"); } } }
protected void PasswordFormSubmitButton_Click(object sender, EventArgs e) { string Question; //Read Database DatabaseMgmt dbObj = new DatabaseMgmt(); SqlDataReader dR; dbObj.Connect(); string strSqlCmd; strSqlCmd = $"select Name, ShopperID, SecurityQn, QnAnswer from Shopper where Email='{emailDetailsTextBox.Text}'"; dR = dbObj.ExecuteSelect(strSqlCmd); if (dR.Read()) { Question = dR["QnAnswer"].ToString(); if (AnswerTextBox.Text == Question) { MultiView1.SetActiveView(PasswordChangeView); Session["email"] = emailDetailsTextBox.Text; } else { SecurityQnLabel.Text = "Wrong"; MultiView1.SetActiveView(PasswordView); } } else { SecurityQnLabel.Text = "No Account found!"; MultiView1.SetActiveView(PasswordView); } }
protected void ContinueButton_Click(object sender, EventArgs e) { string Question; //Read Database DatabaseMgmt dbObj = new DatabaseMgmt(); SqlDataReader dR; dbObj.Connect(); string strSqlCmd; strSqlCmd = $"select SecurityQn, QnAnswer, Email, ShopperID from Shopper where Name='{nameEmailViewTextBox.Text}'"; dR = dbObj.ExecuteSelect(strSqlCmd); if (dR.Read()) { Question = dR["QnAnswer"].ToString(); if (answerEmailViewTextBox.Text == Question) { MultiView1.SetActiveView(EmailChangeView); Session["name"] = nameEmailViewTextBox.Text; Session["passwd"] = passwordEmailViewTextBox.Text; } else { MultiView1.SetActiveView(EmailView); QuestionEmailLabel.Text = "Wrong Answer!"; } } else { MultiView1.SetActiveView(EmailView); QuestionEmailLabel.Text = "No Account found!"; } }
protected void Update_Click(object sender, EventArgs e) { int temp; string sqlcmd = $"update shopper set address = '{addressTextbox.Text}', email = '{emailTextbox.Text}', passwd = '{pswTextBox.Text}', phone = '{phoneTextBox.Text}' where shopperid = '{Session["ShopperId"]}'"; DatabaseMgmt dbObj = new DatabaseMgmt(); temp = dbObj.ExecuteNonQuery(sqlcmd); //Read the Database. DatabaseMgmt objdbMgmt = new DatabaseMgmt(); SqlDataReader dR; objdbMgmt.Connect(); string strSqlCmd; strSqlCmd = $"select address,email,phone, passwd from Shopper where ShopperID='{Session["ShopperId"]}'"; dR = dbObj.ExecuteSelect(strSqlCmd); NameLabel.Text = (string)Session["Name"]; if (dR.Read()) { AddressLabel.Text = dR["address"].ToString(); EmailLabel.Text = dR["email"].ToString(); PhoneLabel.Text = dR["phone"].ToString(); } int other; string sqlcommands = $"Insert into shopper (DisplayName) VALUES ('{displaynameTextBox.Text}')" + $"Select DisplayName from ShopperID where ShopperID = '{Session["ShopperID"]}'"; if (displayNameCheckBox.Checked == true) { DatabaseMgmt db = new DatabaseMgmt(); other = db.ExecuteNonQuery(sqlcommands); objdbMgmt.Connect(); string strSqlCmds; strSqlCmds = $"select DisplayName from Shopper where ShopperID='{Session["ShopperId"]}'"; dR = db.ExecuteSelect(strSqlCmds); if (dR.Read()) { displayNameLabel.Text = dR["DisplayName"].ToString(); } } else { displayNameLabel.Text = "Unused"; } msgLabel.Text = "Updated Information!"; NameLabel.Visible = true; PasswordLabel.Visible = true; AddressLabel.Visible = true; EmailLabel.Visible = true; PhoneLabel.Visible = true; nameTextBox.Visible = false; pswTextBox.Visible = false; addressTextbox.Visible = false; emailTextbox.Visible = false; phoneTextBox.Visible = false; if (displaynameTextBox.Visible == true) { displaynameTextBox.Visible = false; } ConfirmButton.Visible = false; backButton.Visible = false; EditButton.Visible = true; }
protected void sellButton_Click(object sender, EventArgs e) { DatabaseMgmt dbObj = new DatabaseMgmt(); SqlDataReader dR; string strProductName = productNameTextBox.Text; string strProductDescription = productDescriptionTextBox.Text; float fltPrice; int intStock; int productType = int.Parse(typeDropdown.SelectedValue); int productId = 0; string strSqlCmd; string strFileName; string strFilePath; string strFolder; strFolder = Server.MapPath("~/Images/Products/"); strFileName = oFile.PostedFile.FileName; strFileName = Path.GetFileName(strFileName); if (strProductName == "") { Response.Write("<script>alert('Product name Needed');</script>"); return; } if (strProductDescription == "") { Response.Write("<script>alert('Description Needed');</script>"); return; } if (priceButton.Text == "") { Response.Write("<script>alert('Price Needed');</script>"); return; } else { fltPrice = float.Parse(priceButton.Text); } if (stockTextbox.Text == "") { Response.Write("<script>alert('Stock needed');</script>"); return; } else { intStock = int.Parse(stockTextbox.Text); } if (oFile.Value != "") { // Create the folder if it does not exist. if (!Directory.Exists(strFolder)) { Directory.CreateDirectory(strFolder); } // Save the uploaded file to the server. strFilePath = strFolder + strFileName; oFile.PostedFile.SaveAs(strFilePath); msgLabel.Text = strFileName + " has been successfully uploaded."; } else { msgLabel.Text = "Click 'Browse' to select the file to upload."; return; } strSqlCmd = $"Insert into Product(productTitle,ProductDesc,ProductImage,Price,Quantity)" + $"Values('{strProductName}','{strProductDescription}','{strFileName}','{fltPrice}','{intStock}')"; dbObj.ExecuteNonQuery(strSqlCmd); string strSel = "Select Max(ProductID) from Product"; productId = int.Parse(dbObj.ExecuteScalar(strSel).ToString()); strSqlCmd = $"Insert into DepartmentProduct(DepartmentId,ProductID) Values({productType},{productId})"; dbObj.ExecuteNonQuery(strSqlCmd); }
protected void loginButton_Click(object sender, EventArgs e) { attemptCounts = attemptCounts + 1; SqlDataReader dR; string strPassword; DatabaseMgmt dbObj = new DatabaseMgmt(); string selStr = $"select passwd, name, ShopperId from SHopper Where email ='{emailTextBox.Text}'"; dR = dbObj.ExecuteSelect(selStr); if (dR.Read()) { if (attemptCounts < 3) { strPassword = dR["passwd"].ToString(); if (strPassword == pswTextBox.Text) { Session["Password"] = strPassword; Session["Name"] = dR["name"].ToString(); Session["ShopperId"] = dR["ShopperID"].ToString(); Response.Redirect("Home.aspx"); } else { msgLabel.Text = "Email or password incorrect"; } } else if (attemptCounts == 3) { suggestionHyperLink.Visible = true; suggestionHyperLink.Text = "Forgot your password?"; if (dR.Read()) { strPassword = dR["passwd"].ToString(); if (strPassword == pswTextBox.Text) { Session["Password"] = strPassword; Session["Name"] = dR["name"].ToString(); Session["ShopperId"] = dR["ShopperID"].ToString(); Response.Redirect("Home.aspx"); } else { msgLabel.Text = "Email or password incorrect"; } } } else { if (attemptCounts == 3) { suggestionHyperLink.Visible = true; suggestionHyperLink.Text = "Forgot your password?"; } else { //timeout msgLabel.Text = "Reload the Web"; } } } else { msgLabel.Text = "Email or password incorrect"; } dR.Close(); }
protected void Page_Load(object sender, EventArgs e) { // Don't allow non-member to purchase a product if (Session["ShopperID"] == null) { Response.Redirect("Login.aspx"); } int intProductID; string strProductName; double dblProductPrice; int intQuantity; int intShopCartID; int intShopperID; bool flgAddItem; string strSqlCmd; // Read product's details from session variables intProductID = Convert.ToInt32(Session["ProductID"]); dblProductPrice = Convert.ToDouble(Double.Parse((string)Session["ProductPrice"], System.Globalization.NumberStyles.Currency)); intQuantity = Convert.ToInt32(Session["Quantity"]); // Replace any single-quote with two single-quote strProductName = Convert.ToString(Session["ProductName"]); // Connect to the database DatabaseMgmt objdbMgmt = new DatabaseMgmt(); //objdbMgmt.Connect(); // Check whether a shopping cart has been created. if (Session["ShopCartID"] == null) { // Create a new shopping cart //--------------------------- intShopperID = Convert.ToInt32(Session["ShopperID"]); strSqlCmd = "INSERT INTO ShopCart(ShopperID) VALUES(" + intShopperID + ")"; objdbMgmt.ExecuteNonQuery(strSqlCmd); // Get the new Shopping Cart ID strSqlCmd = "SELECT MAX(ShopCartID) AS maxShopCartID " + "FROM ShopCart WHERE ShopperID=" + intShopperID; // Save the Shopping Cart ID in a session variable Session["ShopCartID"] = objdbMgmt.ExecuteScalar(strSqlCmd); // Set AddItem flag to true - to add item to shopping cart. flgAddItem = true; } else { // Shopping cart already created //------------------------------- intShopCartID = Convert.ToInt32(Session["ShopCartID"]); // Retrieve selected product from shopping cart. System.Data.SqlClient.SqlDataReader objDataReader; strSqlCmd = "SELECT Quantity FROM ShopCartItem WHERE ProductID=" + intProductID + " AND ShopCartID=" + intShopCartID; objDataReader = objdbMgmt.ExecuteSelect(strSqlCmd); // Check whether selected item is already in shopping cart. // If yes, update order quantity instead of adding new item. if (objDataReader.HasRows) { // Close the data reader objDataReader.Close(); // update quantity of Shop Cart Item strSqlCmd = "UPDATE ShopCartItem SET Quantity = Quantity + " + intQuantity + " WHERE ProductID =" + intProductID + " AND ShopCartID =" + intShopCartID; objdbMgmt.ExecuteNonQuery(strSqlCmd); // Set AddItem flag to false - do not add item to cart flgAddItem = false; } else { // Close the data reader objDataReader.Close(); // Set AddItem flag to true - to add item to cart flgAddItem = true; } } // If it is a new item, add item into shopping cart. if (flgAddItem) { // Add Shop Cart Item to the database strSqlCmd = "INSERT INTO ShopCartitem (ShopCartID, Quantity, Price, Name, ProductID)" + " VALUES (" + Session["ShopCartId"] + "," + intQuantity + "," + dblProductPrice + ",'" + strProductName + "'," + intProductID + ")"; objdbMgmt.ExecuteNonQuery(strSqlCmd); } objdbMgmt.Close(); // Re-direct to ShopCart page for display of shopping cart Response.Redirect("ShopCart.aspx"); }