protected void butLogin_Click(object sender, EventArgs e)
{
string connectionString = ConfigurationManager.AppSettings.Get("connString");
//Response.Redirect("Links.aspx");
AuthTable user = new AuthTable();
user.Username = txtUsername.Text;
if (txtUsername.Text!="Admin")
{
user.Password = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1");
}
else
{
user.Password = txtPassword.Text;
}
BusinessLayer businessLayerObj = new BusinessLayer();
bool isRegistered = businessLayerObj.IsRegisteredUser(user, connectionString);
if (isRegistered)
{
Session["Username"] = user.Username;
Session["SignedIn"] = true;
user.Role = businessLayerObj.GetUser(user, connectionString).Role;
Session["Role"] = user.Role;
FormsAuthentication.RedirectFromLoginPage(user.Username, false);
//Response.Redirect("index.aspx");
//if (Session["Role"].ToString() == "0")
//{
// Response.Redirect("UserHome.aspx");
//}
//else if (Session["Role"].ToString() == "1")
//{
// Response.Redirect("DoctorHome.aspx");
//}
//else if (Session["Role"].ToString() == "2")
//{
// Response.Redirect("AdminHome.aspx");
//}
}
}
private bool IsUsernamePresent(AuthTable authUser, string connString)
{
SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
SqlParameter pResult = new SqlParameter("@Result", SqlDbType.Bit);
pResult.Direction = ParameterDirection.Output;
pUsername.Value = authUser.Username;
SqlCommand cmdSQL = new SqlCommand();
cmdSQL.CommandType = CommandType.StoredProcedure;
cmdSQL.CommandText = "usp_IsUsernamePresent";
cmdSQL.Parameters.Add(pUsername);
cmdSQL.Parameters.Add(pResult);
DataLayer dataLayerObj = new DataLayer();
cmdSQL = dataLayerObj.Select(cmdSQL, connString);
bool numUser = bool.Parse(pResult.Value.ToString());
return numUser;
}
private bool IsValidUserData(Users user, AuthTable authUser, out string message)
{
bool isValidUser = true;
string errorMessage = string.Empty;
if (string.IsNullOrEmpty(user.Username.Trim()))
{
isValidUser = false;
errorMessage += "Please enter Username." + "<br />";
}
else if (user.Username.Length > 50)
{
isValidUser = false;
errorMessage += "Username can be upto 50 characters." + "<br />";
}
if (string.IsNullOrEmpty(user.UserFullName.Trim()))
{
isValidUser = false;
errorMessage += "Please enter valid Full Name." + "<br />";
}
else if (user.UserFullName.Length > 100)
{
isValidUser = false;
errorMessage += "Full name can be upto 100 characters." + "<br />";
}
DateTime date;
bool isValidDate = DateTime.TryParse(user.UserDOB.ToString(), out date);
if (!isValidDate)
{
isValidUser = false;
errorMessage += "Please enter valid Date of Birth." + "<br />";
}
else if (date.CompareTo(DateTime.Now) >= 0)
{
isValidUser = false;
errorMessage += "Please enter valid Date of Birth." + "<br />";
}
string emailRegex = @"^(?("")("".+?""@)|(([0-9a-zA-Z]((\.(?!\.))|[-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*)(?<=[0-9a-zA-Z])@))(?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])|(([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,6}))$";
if(!Regex.IsMatch(user.UserEmailId,emailRegex))
{
isValidUser = false;
errorMessage += "Please enter valid email-id ([email protected])" + "<br />";
}
if (string.IsNullOrEmpty(authUser.Password))
{
isValidUser = false;
errorMessage += "Please enter valid Password." + "<br />";
}
message = errorMessage;
return isValidUser;
}
private DataSet GetUserData(AuthTable user, string connString)
{
SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
pUsername.Value = user.Username;
SqlCommand cmdSQL = new SqlCommand();
cmdSQL.CommandType = CommandType.StoredProcedure;
cmdSQL.CommandText = "usp_SelectUserByUsername";
cmdSQL.Parameters.Add(pUsername);
DataLayer dataLayerObj = new DataLayer();
DataSet ds = dataLayerObj.GetQuery(cmdSQL, connString);
return ds;
}
public bool IsRegisteredUser(AuthTable user, string connString)
{
SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
SqlParameter pPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
SqlParameter pResult = new SqlParameter("@Result", SqlDbType.Bit);
pUsername.Value = user.Username;
pPassword.Value = user.Password;
pResult.Direction = ParameterDirection.Output;
SqlCommand cmdSQL = new SqlCommand();
cmdSQL.CommandType = CommandType.StoredProcedure;
cmdSQL.CommandText = "usp_ValidateUserPassword";
cmdSQL.Parameters.Add(pUsername);
cmdSQL.Parameters.Add(pPassword);
cmdSQL.Parameters.Add(pResult);
DataLayer dataLayerObj = new DataLayer();
cmdSQL = dataLayerObj.Select(cmdSQL, connString);
return bool.Parse(pResult.Value.ToString());
}
public Users InsertUsers(Users user, AuthTable authUser, string connString)
{
string errorMessage = string.Empty;
if (IsValidUserData(user, authUser, out errorMessage))
{
SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
SqlParameter pUserFullName = new SqlParameter("@UserFullName", SqlDbType.NVarChar, 100);
SqlParameter pUserEmailId = new SqlParameter("@UserEmailId", SqlDbType.NVarChar, 100);
SqlParameter pUserGender = new SqlParameter("@UserGender", SqlDbType.Bit);
SqlParameter pUserDOB = new SqlParameter("@UserDOB", SqlDbType.SmallDateTime);
SqlParameter pUserAreaOfInterest = new SqlParameter("@UserAreaOfInterest", SqlDbType.NVarChar, 100);
SqlParameter pUsernameAuth = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
SqlParameter pPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
SqlParameter pRole = new SqlParameter("@Role", SqlDbType.Int);
pUsername.Value = user.Username;
pUserFullName.Value = user.UserFullName;
pUserEmailId.Value = user.UserEmailId;
pUserGender.Value = user.UserGender;
pUserDOB.Value = user.UserDOB;
pUserAreaOfInterest.Value = user.UserAreaOfInterest;
pUsernameAuth.Value = user.Username;
pPassword.Value = authUser.Password;
pRole.Value = authUser.Role;
SqlCommand cmdSQL = new SqlCommand();
cmdSQL.CommandType = CommandType.StoredProcedure;
cmdSQL.CommandText = "usp_InsertAuthTable";
cmdSQL.Parameters.Add(pUsernameAuth);
cmdSQL.Parameters.Add(pPassword);
cmdSQL.Parameters.Add(pRole);
bool isUsernamePresent = IsUsernamePresent(authUser, connString);
DataLayer dataLayerObj = new DataLayer();
if (!isUsernamePresent)
{
cmdSQL = dataLayerObj.Insert(cmdSQL, connString);
}
else
{
errorMessage = "Username already Present." + "<br/>" + errorMessage;
}
cmdSQL = new SqlCommand();
cmdSQL.CommandType = CommandType.StoredProcedure;
cmdSQL.CommandText = "usp_InsertUser";
cmdSQL.Parameters.Add(pUsername);
cmdSQL.Parameters.Add(pUserFullName);
cmdSQL.Parameters.Add(pUserEmailId);
cmdSQL.Parameters.Add(pUserGender);
cmdSQL.Parameters.Add(pUserDOB);
cmdSQL.Parameters.Add(pUserAreaOfInterest);
if (!isUsernamePresent)
{
cmdSQL = dataLayerObj.Insert(cmdSQL, connString);
}
else
{
throw new Exception(errorMessage); ;
}
}
else
{
throw new Exception(errorMessage);
}
return user;
}
public AuthTable GetUser(AuthTable user, string connString)
{
DataSet dsUser = GetUserData(user, connString);
user.Role = int.Parse(dsUser.Tables[0].Rows[0][0].ToString());
user.UserId = int.Parse(dsUser.Tables[0].Rows[0][1].ToString());
return user;
}
protected void butSubmit_Click(object sender, EventArgs e)
{
string connString = ConfigurationManager.AppSettings.Get("connString");
BusinessLayer bussinessLayerObj = new BusinessLayer();
AuthTable authUser = new AuthTable();
if (txtPassword.Text.Trim() != string.Empty)
{
authUser.Password = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1");
}
else
{
authUser.Password = txtPassword.Text.Trim();
}
if (cblIsDoctor.SelectedValue!="true")
{
authUser.Role = (int)Role.User;
Users user = new Users();
user.Username = txtUsername.Text.Trim();
authUser.Username = txtUsername.Text.Trim();
user.UserFullName = txtUserFullName.Text.Trim();
DateTime dob;
user.UserDOB = !DateTime.TryParse(txtDoB.Value, out dob) ? null : (DateTime?)DateTime.Parse(txtDoB.Value);
user.UserGender = bool.Parse(rblGender.SelectedValue);
user.UserEmailId = txtEmailId.Text.Trim();
user.UserAreaOfInterest = ddlInterestList.SelectedValue;
try
{
bussinessLayerObj.InsertUsers(user, authUser, connString);
Response.Redirect("Login.aspx");
}
catch (Exception ex)
{
lblErrors.Text = ex.Message;
}
}
else
{
authUser.Role = (int)Role.Doctor;
Doctor doctor = new Doctor();
doctor.DocName = txtUserFullName.Text.Trim();
doctor.Username = txtUsername.Text.Trim();
authUser.Username = txtUsername.Text.Trim();
DateTime dob;
doctor.DocDateOfBirth = !DateTime.TryParse(txtDoB.Value, out dob) ? null : (DateTime?)DateTime.Parse(txtDoB.Value);
doctor.DocGender = bool.Parse(rblGender.SelectedValue);
doctor.DocEmailId = txtEmailId.Text.Trim();
doctor.DocAreaOfInterest = ddlInterestList.SelectedValue;
doctor.DocIsApproved = false;
doctor.DocLicenseNo = int.Parse(txtLicNo.Text.Trim());
try
{
bussinessLayerObj.InsertDoctor(doctor, authUser, connString);
Response.Redirect("Login.aspx");
}
catch (Exception ex)
{
lblErrors.Text = ex.Message;
}
}
}