protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { if (Request.FilePath != "/Login.aspx") { Auth.Helpers.Logout(Page); Response.End(); } return; } if (Session["ShowPermissionError"] != null && (bool)Session["ShowPermissionError"] == true) { ErrorText.Visible = true; ErrorText.Text = "You do not have the permissions to do that."; Session["ShowPermissionError"] = null; } // Only administrators can view the admin panel if (UserInfo.PermissionLevel >= 2) { LoginView1.FindControl("AdminPanel").Visible = true; } }
protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { Response.Redirect("~/Login.aspx", true); return; } if (UserInfo.PermissionLevel <= 1) { Session["ShowPermissionError"] = true; Response.Redirect("~/Default.aspx", true); return; } if (Session["ShowUserAddedMessage"] != null && (bool)Session["ShowUserAddedMessage"] == true) { UserAddedMessage.Visible = true; Session["ShowUserAddedMessage"] = null; } if (!Page.IsPostBack) { // Populate the GridView with the users in the database try { var connString = ConfigurationManager.ConnectionStrings["CineQuilla"].ConnectionString; using (SqlConnection connection = new SqlConnection(connString)) { connection.Open(); using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = "SELECT id, username, first_name, last_name, permission_level FROM users"; SqlDataAdapter adapter = new SqlDataAdapter(command); DataSet dataset = new DataSet(); int rows = adapter.Fill(dataset); if (rows == 0) { UsersTable.Visible = false; NoUsers.Visible = true; } else { UsersTable.DataSource = dataset; UsersTable.DataBind(); } } } } catch (SqlException ex) { ErrorLabel.Visible = true; return; } } }
protected void LoginButton_Click(object sender, EventArgs e) { if (!Page.IsValid) return; try { var connString = ConfigurationManager.ConnectionStrings["CineQuilla"].ConnectionString; using (SqlConnection connection = new SqlConnection(connString)) { connection.Open(); using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = "SELECT TOP 1 id, username, first_name, last_name, permission_level FROM users WHERE username = @user AND password_hash = HASHBYTES('SHA2_256', @pass)"; SqlParameter userParam = new SqlParameter("@user", SqlDbType.VarChar, 255); SqlParameter passParam = new SqlParameter("@pass", SqlDbType.VarChar, 255); userParam.Value = UsernameBox.Text; passParam.Value = PasswordBox.Text; command.Parameters.Add(userParam); command.Parameters.Add(passParam); command.Prepare(); var reader = command.ExecuteReader(); if (!reader.HasRows) { // There's no matching user LoginError.Visible = true; return; } else { reader.Read(); Session["UserInfo"] = new UserInfo { Id = reader.GetInt32(0), Username = reader.GetString(1), FirstName = reader.GetString(2), LastName = reader.GetString(3), PermissionLevel = reader.GetInt32(4) }; // Login success! FormsAuthentication.RedirectFromLoginPage(reader.GetInt32(0).ToString(), true); } } } } catch (SqlException ex) { throw; } }
protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { Response.Redirect("~/Login.aspx", true); return; } if (UserInfo.PermissionLevel <= 1) { Session["ShowPermissionError"] = true; Response.Redirect("~/Default.aspx", true); return; } if (!Page.IsPostBack) { // Populate the GridView with the users in the database try { var connString = ConfigurationManager.ConnectionStrings["CineQuilla"].ConnectionString; using (SqlConnection connection = new SqlConnection(connString)) { connection.Open(); using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = "SELECT t.id, t.date, t.client_id, CONCAT(c.first_name, ' ', c.last_name) as client_name, t.cashier_id, CONCAT(u.first_name, ' ', u.last_name) as cashier_name, t.quantity, t.amount, CASE t.payment_method WHEN 1 THEN 'Tarjeta Debito' WHEN 2 THEN 'Tarjeta CineQuilla' END as payment_method, t.debit_number, t.points_card_id FROM transactions t LEFT JOIN clients c ON c.id = t.client_id LEFT JOIN users u ON u.id = t.cashier_id"; SqlDataAdapter adapter = new SqlDataAdapter(command); DataSet dataset = new DataSet(); int rows = adapter.Fill(dataset); if (rows == 0) { TransactionsTable.Visible = false; NoTransactions.Visible = true; } else { TransactionsTable.DataSource = dataset; TransactionsTable.DataBind(); } } } } catch (SqlException ex) { ErrorLabel.Visible = true; } } }
protected void Session_Start(object sender, EventArgs e) { if (!Request.IsAuthenticated) return; // Fill the needed session information try { var connString = ConfigurationManager.ConnectionStrings["CineQuilla"].ConnectionString; using (SqlConnection connection = new SqlConnection(connString)) { connection.Open(); using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = "SELECT TOP 1 id, username, first_name, last_name, permission_level FROM users WHERE id = @id"; SqlParameter idParam = new SqlParameter("@id", SqlDbType.Int); idParam.Value = HttpContext.Current.User.Identity.Name; command.Parameters.Add(idParam); command.Prepare(); var reader = command.ExecuteReader(); if (!reader.HasRows) { // There's no matching user Auth.Helpers.Logout(null); return; } else { reader.Read(); Session["UserInfo"] = new UserInfo { Id = reader.GetInt32(0), Username = reader.GetString(1), FirstName = reader.GetString(2), LastName = reader.GetString(3), PermissionLevel = reader.GetInt32(4) }; } } } } catch (SqlException ex) { throw; } }
protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { Response.Redirect("~/Login.aspx", true); return; } if (!Page.IsPostBack) { if (Session["ShowDefaultError"] != null) { Session["ShowDefaultError"] = null; ErrorLabel.Visible = true; } try { var connString = ConfigurationManager.ConnectionStrings["CineQuilla"].ConnectionString; using (SqlConnection connection = new SqlConnection(connString)) { connection.Open(); using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = "SELECT id, name, image FROM movies WHERE id IN (SELECT movie_id FROM shows WHERE CAST(end_date as DateTime) + CAST(end_time AS DateTime) > CURRENT_TIMESTAMP)"; SqlDataAdapter adapter = new SqlDataAdapter(command); DataSet dataset = new DataSet(); int rows = adapter.Fill(dataset); if (rows == 0) { ShowingGridView.Visible = false; NoShows.Visible = true; } else { ShowingGridView.DataSource = dataset; ShowingGridView.DataBind(); } } } } catch (SqlException ex) { ErrorLabel.Visible = true; } } }
protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { Response.Redirect("~/Login.aspx", true); return; } if (UserInfo.PermissionLevel <= 1) { Session["ShowPermissionError"] = true; Response.Redirect("~/Default.aspx", true); return; } if (Session["ShowShowAddedMessage"] != null && (bool)Session["ShowShowAddedMessage"] == true) { ShowAddedMessage.Visible = true; Session["ShowShowAddedMessage"] = null; } }
protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { Response.Redirect("~/Login.aspx", true); return; } if (Session["PurchaseDate"] == null || Session["PurchaseMovieId"] == null || Session["PurchaseShowId"] == null || Session["PurchaseSelectedChairs"] == null || Session["PurchasePrice"] == null) { Session["PurchaseDate"] = null; Session["PurchaseMovieId"] = null; Session["PurchaseShowId"] = null; Session["PurchaseSelectedChairs"] = null; Session["PurchasePrice"] = null; Session["ShowDefaultError"] = true; Response.Redirect("~/Default.aspx", true); return; } PriceToPayBox.Text = Session["PurchasePrice"].ToString(); RewardPointsLabel.Text = ((int)Session["PurchasePrice"] / 10).ToString(); }
protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { Response.Redirect("~/Login.aspx", true); return; } if (Session["PurchaseDate"] == null || Session["PurchaseMovieId"] == null || Session["PurchaseShowId"] == null) { Session["PurchaseDate"] = null; Session["PurchaseMovieId"] = null; Session["PurchaseShowId"] = null; Session["ShowDefaultError"] = true; Response.Redirect("~/Default.aspx", true); return; } try { var connString = ConfigurationManager.ConnectionStrings["CineQuilla"].ConnectionString; using (SqlConnection connection = new SqlConnection(connString)) { connection.Open(); using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = @"SELECT sr.rows, sr.columns, price FROM shows s LEFT JOIN (SELECT show_id, COUNT(*) as num_chairs FROM chairs WHERE date = @date GROUP BY chairs.show_id) ch ON ch.show_id = s.id LEFT JOIN showroom sr ON sr.id = s.showroom_id WHERE movie_id = @mov_id AND start_date <= @date AND end_date >= @date AND (sr.rows * sr.columns) - ISNULL(ch.num_chairs, 0) > 0 AND s.id = @show_id"; SqlParameter dateParam = new SqlParameter("@date", SqlDbType.Date); SqlParameter movieParam = new SqlParameter("@mov_id", SqlDbType.Int); SqlParameter showParam = new SqlParameter("@show_id", SqlDbType.Int); dateParam.Value = Session["PurchaseDate"]; movieParam.Value = Session["PurchaseMovieId"]; showParam.Value = Session["PurchaseShowId"]; command.Parameters.Add(dateParam); command.Parameters.Add(movieParam); command.Parameters.Add(showParam); var reader = command.ExecuteReader(); if (!reader.HasRows) { Session["PurchaseDate"] = null; Session["PurchaseMovieId"] = null; Session["PurchaseShowId"] = null; Session["ShowDefaultError"] = true; Response.Redirect("~/Default.aspx", true); return; } reader.Read(); int rows = reader.GetInt32(0); int columns = reader.GetInt32(1); TicketPrice = reader.GetInt32(2); reader.Close(); command.CommandText = "SELECT row, [column] FROM chairs WHERE show_id = @show_id AND date = @date"; var chairsReader = command.ExecuteReader(); List<ChairPosition> bought_chairs = new List<ChairPosition>(); while (chairsReader.Read()) { bought_chairs.Add(new ChairPosition { Row = chairsReader.GetInt32(0), Column = chairsReader.GetInt32(1) }); } for (int i = 0; i < rows; ++i) { var tr = new TableRow(); for (int j = 0; j < columns; ++j) { var td = new TableCell(); var chair = new ChairPosition { Row = i, Column = j }; CheckBox checkbox = new CheckBox(); checkbox.ID = i + "," + j; if (bought_chairs.Contains(chair)) { checkbox.Checked = true; checkbox.Enabled = false; } else checkbox.Checked = false; checkbox.CausesValidation = false; checkbox.CheckedChanged += Checkbox_CheckedChanged; td.Controls.Add(checkbox); tr.Cells.Add(td); } ChairsTable.Rows.Add(tr); } } } } catch (SqlException ex) { ErrorLabel.Visible = true; return; } }
protected void Page_Load(object sender, EventArgs e) { UserInfo = Session["UserInfo"] as Auth.UserInfo; if (UserInfo == null) { Response.Redirect("~/Login.aspx", true); return; } if (UserInfo.PermissionLevel <= 1) { Session["ShowPermissionError"] = true; Response.Redirect("~/Default.aspx", true); return; } if (!Page.IsPostBack) { try { var connString = ConfigurationManager.ConnectionStrings["CineQuilla"].ConnectionString; using (SqlConnection connection = new SqlConnection(connString)) { connection.Open(); using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = @"SELECT id, name, image, views FROM movies m INNER JOIN (SELECT TOP 10 s.movie_id, COUNT(c.show_id) as views FROM shows s INNER JOIN chairs c ON c.show_id = s.id GROUP BY s.movie_id ORDER BY COUNT(c.show_id)) counts ON counts.movie_id = m.id ORDER BY views DESC"; SqlDataAdapter da = new SqlDataAdapter(command); DataTable dt = new DataTable(); int rows = da.Fill(dt); if (rows == 0) { MostViewedMoviesGrid.DataSource = null; NoPopularMovies.Visible = true; } else { MostViewedMoviesGrid.DataSource = dt; MostViewedMoviesGrid.DataBind(); } } using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = @"SELECT TOP 10 first_name, last_name, email, views FROM clients c RIGHT JOIN (SELECT client_id, SUM(bb.bought) AS views FROM transactions t INNER JOIN (SELECT transaction_id, COUNT(transaction_id) as bought FROM chairs GROUP BY transaction_id) bb ON bb.transaction_id = t.id GROUP BY client_id) vv ON vv.client_id = c.id ORDER BY views DESC"; SqlDataAdapter da = new SqlDataAdapter(command); DataTable dt = new DataTable(); int rows = da.Fill(dt); if (rows == 0) { MostBuyersGrid.DataSource = null; NoMostBuyers.Visible = true; } else { MostBuyersGrid.DataSource = dt; MostBuyersGrid.DataBind(); } } using (SqlCommand command = new SqlCommand(null, connection)) { command.CommandText = @"SELECT dia, AVG(sells) as promedio, COUNT(sells) as muestras FROM (SELECT (CASE DATEPART(WeekDay, date) WHEN 1 THEN 'Lunes' WHEN 2 THEN 'Martes' WHEN 3 THEN 'Miercoles' WHEN 4 THEN 'Jueves' WHEN 5 THEN 'Viernes' WHEN 6 THEN 'Sabado' WHEN 7 THEN 'Domingo' END) as dia, date, COUNT(*) as sells FROM chairs GROUP BY date) s GROUP BY dia ORDER BY promedio DESC"; SqlDataAdapter da = new SqlDataAdapter(command); DataTable dt = new DataTable(); int rows = da.Fill(dt); if (rows == 0) { WeekdayMeansGrid.DataSource = null; NoMeans.Visible = true; } else { WeekdayMeansGrid.DataSource = dt; WeekdayMeansGrid.DataBind(); } } } } catch (SqlException ex) { ErrorLabel.Visible = true; } } }