protected void btnModifica_Click(object sender, EventArgs e) { if (txtPassword.Text == "" || txtPasswordR.Text == "") { lblErrore.Text = "Password non valida"; } else if (txtPasswordR.Text != txtPassword.Text) { lblErrore.Text = "Password non corrispondenti"; } else { // Controllo campi di Input if (txtPassword.Text.Contains("'") || txtPassword.Text.Contains("\"") || txtPasswordR.Text.Contains("'") || txtPasswordR.Text.Contains("\"")) { lblErrore.Text = "Caratteri non validi."; return; } string value = Request.QueryString["url"]; if (value != null) { adoNet ado = new adoNet(); string sql = "SELECT idPersonale FROM LinkPasswordPersonale WHERE url = '" + value + "' AND DATEDIFF(hour, dataRichiesta, GETDATE()) <= 24"; string res = ado.eseguiScalar(sql, System.Data.CommandType.Text); if (res != "") { sql = "UPDATE Personale SET pwd = '" + SHA.GenerateSHA512String(txtPassword.Text) + "' WHERE id = " + res; ado.eseguiNonQuery(sql, System.Data.CommandType.Text); sql = "UPDATE LinkPasswordPersonale SET modifica = 1 WHERE idPersonale = " + res + " AND url = '" + value + "'"; ado.eseguiNonQuery(sql, System.Data.CommandType.Text); Response.Redirect("./Login.aspx"); } else { sql = "SELECT idGenitore FROM LinkPasswordGenitori WHERE url = '" + value + "' AND DATEDIFF(hour, dataRichiesta, GETDATE()) <= 24"; res = ado.eseguiScalar(sql, System.Data.CommandType.Text); if (res != "") { sql = "UPDATE Genitori SET pwd = '" + SHA.GenerateSHA512String(txtPassword.Text) + "' WHERE id = " + res; ado.eseguiNonQuery(sql, System.Data.CommandType.Text); sql = "UPDATE LinkPasswordGenitori SET modifica = 1 WHERE idGenitore = " + res + " AND url = '" + value + "'"; ado.eseguiNonQuery(sql, System.Data.CommandType.Text); Response.Redirect("./Login.aspx"); } else { Response.Redirect("./Login.aspx"); } } } else { Response.Redirect("./Login.aspx"); } } }
protected void btnRecupera_Click(object sender, EventArgs e) { adoNet.impostaConnessione(); adoNet ado = new adoNet(); string sql = "SELECT id FROM Personale WHERE email = '" + txtEmailUser.Text + "'"; string codice = ado.eseguiScalar(sql, System.Data.CommandType.Text); if (codice != "") { string rand = ""; bool newURL = false; do { rand = RandomString(49); sql = "SELECT COUNT(*) FROM LinkPasswordPersonale WHERE url = '" + rand + "'"; if (Convert.ToInt32(ado.eseguiScalar(sql, System.Data.CommandType.Text)) == 0) { newURL = true; } } while (!newURL); sql = "INSERT INTO LinkPasswordPersonale (idPersonale, url) VALUES(" + codice + ", '" + rand + "')"; ado.eseguiNonQuery(sql, System.Data.CommandType.Text); inviaEmail(txtEmailUser.Text, rand); divSucc.Visible = true; divForg.Visible = false; } else { sql = "SELECT id FROM Genitori WHERE email = '" + txtEmailUser.Text + "'"; codice = ado.eseguiScalar(sql, System.Data.CommandType.Text); if (codice != "") { string rand = ""; bool newURL = false; do { rand = RandomString(49); sql = "SELECT COUNT(*) FROM LinkPasswordGenitori WHERE url = '" + rand + "'"; if (Convert.ToInt32(ado.eseguiScalar(sql, System.Data.CommandType.Text)) == 0) { newURL = true; } } while (!newURL); sql = "INSERT INTO LinkPasswordGenitori (idGenitore, url) VALUES(" + codice + ", '" + rand + "')"; ado.eseguiNonQuery(sql, System.Data.CommandType.Text); inviaEmail(txtEmailUser.Text, rand); divSucc.Visible = true; divForg.Visible = false; } else { lblErrore.Text = "Email non trovata"; lblErrore.Visible = true; } } }
protected void salvaAnimatore_Click(object sender, EventArgs e) { adoNet ado = new adoNet(); string sql = ""; SqlCommand command = new SqlCommand(); switch (((Button)sender).Text) { case "Aggiungi": sql = "INSERT INTO Personale(nome, cognome, sesso, dataNascita, natoA, nazionalita, indirizzo, numeroCivico, idCitta, numeroTelefono, email) " + "OUTPUT Inserted.id " + "VALUES " + "(@nome, @cognome, @sesso, @dataNascita, @natoA, @nazionalita, @indirizzo, @numeroCivico, @idCitta, @numeroTelefono, @email)"; command.CommandText = sql; command.CommandType = CommandType.Text; command.Parameters.AddWithValue("@nome", nomeAnimatore.Text); command.Parameters.AddWithValue("@cognome", cognomeAnimatore.Text); command.Parameters.AddWithValue("@sesso", sessoAnimatore.SelectedValue); command.Parameters.AddWithValue("@dataNascita", dataNascitaAnimatore.Text); command.Parameters.AddWithValue("@natoA", cittaNascitaAnimatore.SelectedValue); command.Parameters.AddWithValue("@nazionalita", nazionalitaAnimatore.SelectedValue); command.Parameters.AddWithValue("@indirizzo", indirizzoAnimatore.Text); command.Parameters.AddWithValue("@numeroCivico", numeroCivicoAnimatore.Text); command.Parameters.AddWithValue("@idCitta", cittaAnimatore.SelectedValue); command.Parameters.AddWithValue("@numeroTelefono", cellulareAnimatore.Text); command.Parameters.AddWithValue("@email", emailAnimatore.Text); string idAnimatore = ado.eseguiScalar(command); sql = "INSERT INTO Genitori(nome, cognome, numeroTelefono) " + "OUTPUT Inserted.id " + "VALUES " + "(@nome, @cognome, @numeroTelefono)"; command = new SqlCommand(); command.CommandText = sql; command.CommandType = CommandType.Text; command.Parameters.AddWithValue("@nome", nomeAnimatore.Text); command.Parameters.AddWithValue("@cognome", cognomeAnimatore.Text); command.Parameters.AddWithValue("@numeroTelefono", cellulareAnimatore.Text); string idGenitore = ado.eseguiScalar(command); sql = "INSERT INTO ParenteleAnimatori(idAnimatore, idGenitore) VALUES(" + idAnimatore + ", " + idGenitore + ")"; ado.eseguiNonQuery(sql, CommandType.Text); Response.Redirect("./Visualizzazione.aspx"); break; case "Modifica": break; case "Chiudi": break; } }