//save username, password and usertype to Logintb.
protected void btnsave_Click(object sender, EventArgs e)
{
if (btnsave.Text == "Save")
{
string query = "select * from LoginTb where Username='******'", "''") + "'";
SqlDataReader dr = db1.getDataReader(query);
if (dr.HasRows)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('Username already exists!');", true);
}
else
{
db1.strCommand = "insert into LoginTb(Username,Password,Usertype) values('" +
txtusername.Text.Trim().Replace("'", "''") + "','" +
txtpswd.Text.Trim().Replace("'", "''") + "','" +
drpusertype.SelectedValue + "')";
db1.insertqry();
find_logid();
clear();
string path = Page.Request.Url.AbsolutePath;
Response.Redirect(path);
}
}
else if (btnsave.Text == "Update")
{
if (drpusertype.SelectedValue == "2")
{
db1.strCommand = "BEGIN TRANSACTION UPDATE LoginTb SET LoginTb.Username = '******'", "''") + "' , LoginTb.Password='******'", "''") + "' FROM LoginTb T1, Hospital T2 WHERE T1.LoginID = T2.LoginID and T1.LoginID = '" +
logidgrid_hidden.Value + "' UPDATE Hospital SET Hospital.HospitalName = '" +
txtname.Text.Trim().Replace("'", "''") + "', Hospital.Address='" +
txtaddress.Text.Trim().Replace("'", "''") + "' FROM LoginTb T1, Hospital T2 WHERE T1.LoginID = T2.LoginID and T1.LoginID = '" + logidgrid_hidden.Value + "' COMMIT";
db1.insertqry();
PopulateHospitalInfo();
clear();
}
else
{
db1.strCommand = "Update LoginTb set Username='******'", "''") + "',Password='******'", "''") + "',Usertype='" +
drpusertype.SelectedValue + "' where LoginID='" + logidgrid_hidden.Value + "'";
db1.insertqry();
PopulateExecutiveInfo();
clear();
}
}
}
protected void lsttrace_SelectedIndexChanged(object sender, System.EventArgs e)
{
traceidhidden.Value = lsttrace.SelectedValue;
string query = "select * from Traceability_Info where Tracibility_ID='" + traceidhidden.Value + "'";
SqlDataReader dr = db1.getDataReader(query);
if (dr.HasRows)
{
while (dr.Read())
{
lblinstrument.Text = dr["Instrument"].ToString();
lblmake.Text = dr["Make"].ToString();
lblmodel.Text = dr["Model"].ToString();
lblserno.Text = dr["Serial_No"].ToString();
lblcalldue.Text = dr["Traceability_call_due"].ToString();
lblref.Text = dr["Reference"].ToString();
}
}
}
protected void btnlogin_Click(object sender, EventArgs e)
{
FormsAuthentication.Initialize();
FormsAuthentication.SignOut();
FormsAuthentication.Initialize();
string query1 = "select * from LoginTb where Username='******'", "''") + "' and Password='******'", "''") + "'";
SqlDataReader reader = db1.getDataReader(query1);
FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd.Text, "sha1");
// Fill our parameters
if (reader.Read())
{
usertype = reader["Usertype"].ToString();
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), true, reader.GetString(1), FormsAuthentication.FormsCookiePath);
// Hash the cookie for transport over the wire
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
// Add the cookie to the list for outbound response
Response.Cookies.Add(cookie);
//Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null)
{
returnUrl = "Login.aspx";
}
Session["Usertype"] = reader["Usertype"].ToString();
string usertypeid = Session["Usertype"].ToString();
if (usertypeid == null)
{
Response.Redirect("Default.aspx");
}
if (usertypeid == "0")
{
db_backup();
Response.Redirect("Add_Hospital_admin.aspx");
}
else if (usertypeid == "1")
{
db_backup();
Response.Redirect("AddReport.aspx");
}
else if (usertypeid == "2")
{
Response.Redirect("ViewReport.aspx");
}
else
{
Response.Redirect("Default.aspx");
}
}
else
{
// Username and or password not found in our database...
lbMsg.Text = "Username / password incorrect. Please login again.";
lbMsg.ForeColor = System.Drawing.Color.Red;
lbMsg.Visible = true;
}
reader.Close();
}
