protected void btnRegister_Click(object sender, EventArgs e) { //if (IsPostBack) //{ // return; //} if (Directory.Exists(Server.MapPath(@"Accounts\business\" + txtBusinessID.Text))) { alertlbl.Style.Remove("display"); lblsignUpBus.Text = "Sorry, the Business ID is already in use. Please log in with your email."; return; } hashPass pass = new hashPass(); string salt = pass.generateSalt(10); string hash = pass.generateHash(txtConfirmPassword.Text, salt); String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { SqlCommand insert = new SqlCommand("INSERT into business values('" + txtBusinessID.Text + "','" + txtBusinessName.Text + "','" + txtFirstName.Text + "','" + txtLastName.Text + "','" + txtEmail.Text + "','" + txtAddress.Text + ", " + txtAddress2.Text + ", " + txtCity.Text + ", " + ddProvince.Text + ", " + txtPostalCode.Text + "','" + hash + "','" + salt + "')", con); con.Open(); insert.ExecuteNonQuery(); string subPath = @"Accounts\business\"; // your code goes here Directory.CreateDirectory(Server.MapPath(subPath + txtBusinessID.Text)); } }
protected void btnUserRegister_Click(object sender, EventArgs e) { String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { SqlCommand cmd = new SqlCommand("SELECT email from users ", con); con.Open(); //SqlDataAdapter sda = new SqlDataAdapter(cmd); SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { string database_email = reader.GetString(0); if (database_email == txtUserEmail.Text) { alertlbl.Style.Remove("display"); lblsignUp.Text = "Sorry, the email is already in use. Please try again with a different Email."; return; } } reader.Close(); hashPass pass = new hashPass(); string salt = pass.generateSalt(10); string hash = pass.generateHash(txtUserConfirmPassword.Text, salt); SqlCommand insert = new SqlCommand("INSERT into users values('" + txtUserFirstName.Text + "','" + txtUserLastName.Text + "','" + txtUserEmail.Text + "','" + hash + "','" + salt + "')", con); insert.ExecuteNonQuery(); insert.Dispose(); //SqlCommand cmd3 = new SqlCommand("SELECT TOP 1 user_id FROM users ORDER BY user_id DESC",con); // SqlDataReader reader2 = cmd3.ExecuteReader(); // string ID = ""; // reader2.Read(); // ID = reader2.GetString(0); //string subPath = @"Accounts\user\"+ID; // your code goes here //Directory.CreateDirectory(Server.MapPath(subPath)); // return; } }
protected void btnEditBusiness_Click(object sender, EventArgs e) { hashPass pass = new hashPass(); string salt = pass.generateSalt(10); string hash = pass.generateHash(txtConfirmPassword.Text, salt); String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { string update = "UPDATE [business] SET [owner_Fname] = @FirstName, [business_name] = @Bname, [owner_Lname] = @LastName, [business_email] = @Email, [business_password] = @Password, [business_address] = @Address1, [business_salt] = @salt WHERE business_id = @id"; SqlCommand insert = new SqlCommand(update, con); insert.Parameters.AddWithValue("@FirstName", txtFirstName.Text); insert.Parameters.AddWithValue("@LastName", txtLastName.Text); insert.Parameters.AddWithValue("@Email", txtEmail.Text); insert.Parameters.AddWithValue("@Address1", txtAddress.Text + ", " + txtAddress2.Text + ", " + txtCity.Text + " ," + txtPostalCode.Text + ", " + ddProvince.Text); insert.Parameters.AddWithValue("@Password", hash); insert.Parameters.AddWithValue("@salt", salt); insert.Parameters.AddWithValue("@Bname", txtBusinessName.Text); insert.Parameters.AddWithValue("@id", Convert.ToInt32(Session["USERID"].ToString())); con.Open(); insert.ExecuteNonQuery(); } }
protected void btnLogin_Click(object sender, EventArgs e) { String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; DataTable userData = new DataTable(); DataTable businessData = new DataTable(); SqlDataAdapter userAdapter; SqlDataAdapter businessAdapter; hashPass hash = new hashPass(); using (SqlConnection con = new SqlConnection(CS)) { SqlCommand cmd = new SqlCommand("SELECT * from users where email = @email", con); cmd.Parameters.AddWithValue("email", txtEmailLogin.Text); // adds the entered email to the query con.Open(); userAdapter = new SqlDataAdapter(cmd); userAdapter.Fill(userData); // fills the datatable with query result retrived from SQL if (userData.Rows.Count == 1) { string pass = userData.Rows[0]["user_password"].ToString(); string salt = userData.Rows[0]["user_salt"].ToString(); string enteredPass_HashedWithSalt = hash.generateHash(txtEnterPass.Text, salt); if (pass == enteredPass_HashedWithSalt) // if the password matches with their { Session["USERID"] = userData.Rows[0]["user_id"].ToString(); Response.Redirect("index.aspx"); return; } else { lblLogin.Text = "Incorrect Email/Password Combination"; alertlbl.Style.Remove("display"); return; } } //----------------------------CHECKING FROM THE BUSINESS TABLE------------------------------------- SqlCommand cmd2 = new SqlCommand("SELECT * from business where business_email = @email", con); cmd2.Parameters.AddWithValue("email", txtEmailLogin.Text); businessAdapter = new SqlDataAdapter(cmd2); businessAdapter.Fill(businessData); if (businessData.Rows.Count == 1) { string pass = businessData.Rows[0]["business_password"].ToString(); string salt = businessData.Rows[0]["business_salt"].ToString(); string enteredPassword_HashedWithSalt = hash.generateHash(txtEnterPass.Text, salt); if (pass == enteredPassword_HashedWithSalt) { Session["USERID"] = businessData.Rows[0]["business_id"]; Session["isBusiness"] = "true"; Server.Transfer("index.aspx"); return; } else { lblLogin.Text = "Incorrect Email/Password Combination"; alertlbl.Style.Remove("display"); return; } } lblLogin.Text = "Email not found. Did you register?"; alertlbl.Style.Remove("display"); return; } }