//save username, password and usertype to Logintb. protected void btnsave_Click(object sender, EventArgs e) { if (btnsave.Text == "Save") { string query = "select * from LoginTb where Username='******'", "''") + "'"; SqlDataReader dr = db1.getDataReader(query); if (dr.HasRows) { ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('Username already exists!');", true); } else { db1.strCommand = "insert into LoginTb(Username,Password,Usertype) values('" + txtusername.Text.Trim().Replace("'", "''") + "','" + txtpswd.Text.Trim().Replace("'", "''") + "','" + drpusertype.SelectedValue + "')"; db1.insertqry(); find_logid(); clear(); string path = Page.Request.Url.AbsolutePath; Response.Redirect(path); } } else if (btnsave.Text == "Update") { if (drpusertype.SelectedValue == "2") { db1.strCommand = "BEGIN TRANSACTION UPDATE LoginTb SET LoginTb.Username = '******'", "''") + "' , LoginTb.Password='******'", "''") + "' FROM LoginTb T1, Hospital T2 WHERE T1.LoginID = T2.LoginID and T1.LoginID = '" + logidgrid_hidden.Value + "' UPDATE Hospital SET Hospital.HospitalName = '" + txtname.Text.Trim().Replace("'", "''") + "', Hospital.Address='" + txtaddress.Text.Trim().Replace("'", "''") + "' FROM LoginTb T1, Hospital T2 WHERE T1.LoginID = T2.LoginID and T1.LoginID = '" + logidgrid_hidden.Value + "' COMMIT"; db1.insertqry(); PopulateHospitalInfo(); clear(); } else { db1.strCommand = "Update LoginTb set Username='******'", "''") + "',Password='******'", "''") + "',Usertype='" + drpusertype.SelectedValue + "' where LoginID='" + logidgrid_hidden.Value + "'"; db1.insertqry(); PopulateExecutiveInfo(); clear(); } } }
protected void lsttrace_SelectedIndexChanged(object sender, System.EventArgs e) { traceidhidden.Value = lsttrace.SelectedValue; string query = "select * from Traceability_Info where Tracibility_ID='" + traceidhidden.Value + "'"; SqlDataReader dr = db1.getDataReader(query); if (dr.HasRows) { while (dr.Read()) { lblinstrument.Text = dr["Instrument"].ToString(); lblmake.Text = dr["Make"].ToString(); lblmodel.Text = dr["Model"].ToString(); lblserno.Text = dr["Serial_No"].ToString(); lblcalldue.Text = dr["Traceability_call_due"].ToString(); lblref.Text = dr["Reference"].ToString(); } } }
protected void btnlogin_Click(object sender, EventArgs e) { FormsAuthentication.Initialize(); FormsAuthentication.SignOut(); FormsAuthentication.Initialize(); string query1 = "select * from LoginTb where Username='******'", "''") + "' and Password='******'", "''") + "'"; SqlDataReader reader = db1.getDataReader(query1); FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd.Text, "sha1"); // Fill our parameters if (reader.Read()) { usertype = reader["Usertype"].ToString(); // Create a new ticket used for authentication FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), true, reader.GetString(1), FormsAuthentication.FormsCookiePath); // Hash the cookie for transport over the wire string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); // Add the cookie to the list for outbound response Response.Cookies.Add(cookie); //Redirect to requested URL, or homepage if no previous page requested string returnUrl = Request.QueryString["ReturnUrl"]; if (returnUrl == null) { returnUrl = "Login.aspx"; } Session["Usertype"] = reader["Usertype"].ToString(); string usertypeid = Session["Usertype"].ToString(); if (usertypeid == null) { Response.Redirect("Default.aspx"); } if (usertypeid == "0") { db_backup(); Response.Redirect("Add_Hospital_admin.aspx"); } else if (usertypeid == "1") { db_backup(); Response.Redirect("AddReport.aspx"); } else if (usertypeid == "2") { Response.Redirect("ViewReport.aspx"); } else { Response.Redirect("Default.aspx"); } } else { // Username and or password not found in our database... lbMsg.Text = "Username / password incorrect. Please login again."; lbMsg.ForeColor = System.Drawing.Color.Red; lbMsg.Visible = true; } reader.Close(); }