Esempio n. 1
0
 protected void ChangeButton_Click(object sender, EventArgs e)
 {
     try
     {
         string    checkPassword = DataProvider.ChangePassword.getPassword(Session["User"].ToString()); //get the former password and check
         DataTable dt            = HospitalClass.getDataTable(checkPassword);
         if (dt.Rows[0][0].ToString() == HospitalClass.Encrypt(OldPasswordBox.Text) && OldPasswordBox.Text != NewPasswordBox.Text)
         {
             string updaterId  = "",
                    updateCode = "PWD_CHG";
             if (Session["SuperUser"] != null)
             {
                 updaterId = (string)Session["SuperUser"];
             }
             else if (Session["Admin"] != null)
             {
                 updaterId = (string)Session["Admin"];
             }
             else
             {
                 updaterId = (string)Session["User"];
             }
             List <string> values = new List <string>();
             values.Add(HospitalClass.Encrypt(NewPasswordBox.Text));
             values.Add(HospitalClass.getTransactionId());
             values.Add(updateCode);
             values.Add(updaterId);
             values.Add((string)Session["User"]);
             int status = DataConsumer.executeProcedure("pwd_change", values);
             UserStatusLabel.CssClass = "success paraNormal";
             UserStatusLabel.Text     = "Password was successfully changed";
         }
         else
         {
             UserStatusLabel.CssClass = "error normal";
             if (OldPasswordBox.Text == NewPasswordBox.Text)
             {
                 UserStatusLabel.Text = "Same password entered";
             }
             else
             {
                 UserStatusLabel.Text = "Wrong password entered.<br/>Meet the system administrator for assistance";
             }
         }
     }
     catch (Exception ex)
     {
         UserStatusLabel.CssClass = "error paraNormal";
         UserStatusLabel.Text     = "Error: " + ex.Message;
         HospitalClass.Log(ex);
     }
 }
Esempio n. 2
0
 protected void ValidateButton_Click(object sender, EventArgs e)
 {
     try
     {
         //check if the user id is within the necessary bounds
         string    lastIdQuery    = DataProvider.RegAdminSup.LastIdQuery(UserIdBox.Text.Trim().Substring(0, 3));
         DataTable lastDt         = HospitalClass.getDataTable(lastIdQuery);
         string    lastPossibleId = getNewSuperuserAdminId(lastDt);
         if (GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 && TypeList.SelectedIndex != 0 &&
             GroupList.SelectedIndex != 0 && PriList.SelectedIndex != 0 && SecList.SelectedIndex != 0 && UniList.SelectedIndex != 0 &&
             int.Parse(lastPossibleId.Substring(3, 3)) >= int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
         {
             string userId     = UserIdBox.Text;
             string updaterId  = (string)Session["SuperUser"];
             string updateCode = "";
             string operation  = "";
             bool   execute    = true;
             if (int.Parse(lastPossibleId.Substring(3, 3)) == int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
             {
                 operation = "insert";
                 if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP"))
                 {
                     updateCode = "SUP_REG";
                 }
                 else
                 {
                     updateCode = "ADM_REG";
                 }
                 string    existQuery = DataProvider.RegAdminSup.ExistQuery(EmailBox.Text.ToUpper().Trim());
                 DataTable emailDt    = HospitalClass.getDataTable(existQuery);
                 if (emailDt.Rows.Count > 0)
                 {
                     execute = false;
                     StatusLabel.CssClass = "error paraNormal";
                     StatusLabel.Text     = "This email address is already registered";
                 }
             }
             else
             {
                 operation = "update";
                 if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP"))
                 {
                     updateCode = "SUP_UPD";
                 }
                 else
                 {
                     updateCode = "ADM_UPD";
                 }
                 if (UserIdBox.Text.StartsWith("SUP") && UserIdBox.Text != Session["SuperUser"].ToString())
                 {
                     execute = false;
                     StatusLabel.CssClass = "error paraNormal";
                     StatusLabel.Text     = "You cannot update this user's information";
                 }
             }
             if (execute)
             {
                 List <string> values = new List <string>();
                 values.Add(GroupList.SelectedItem.Text);    //1
                 values.Add(TypeList.SelectedItem.Text);
                 values.Add(CountryOriBox.Text);
                 values.Add(CountryResBox.Text);
                 values.Add(DobBox.Text);
                 values.Add(EmailBox.Text.Trim());                  //6
                 values.Add(FirstNameBox.Text.Trim());
                 values.Add(GenderList.SelectedItem.Text);
                 values.Add(HomeAdrBox.Text);
                 values.Add(IdNoBox.Text);
                 values.Add(IdTypeList.SelectedItem.Text);   //11
                 values.Add(LastNameBox.Text);
                 values.Add(LocalOriBox.Text);
                 values.Add(LocalResBox.Text);
                 values.Add(MaritalList.SelectedItem.Text);
                 values.Add(NextAdrBox.Text);                //16
                 values.Add(NextEmailBox.Text);
                 values.Add(NextNameBox.Text);
                 values.Add(NextRelBox.Text);
                 values.Add(NextPhoneBox.Text);
                 values.Add(OtherNameBox.Text);              //21
                 values.Add(PhoneBox.Text);
                 values.Add(SchoolIdBox.Text);
                 values.Add(StateOriBox.Text);
                 values.Add(StateResBox.Text);
                 values.Add(OtherInfoBox.Text);              //26
                 values.Add(PriBox.Text);
                 values.Add(PriList.SelectedItem.Text);
                 values.Add(SecBox.Text);
                 values.Add(SecList.SelectedItem.Text);
                 values.Add(UniBox.Text);                    //31
                 values.Add(UniList.SelectedItem.Text);
                 values.Add(OtherBox1.Text);
                 values.Add(OtherCert1.Text);
                 values.Add(OtherBox2.Text);
                 values.Add(OtherCert2.Text);                //36
                 values.Add(RefNameBox1.Text);
                 values.Add(RefRelBox1.Text);
                 values.Add(RefPhoneBox1.Text);
                 values.Add(RefEmailBox1.Text);
                 values.Add(RefAdrBox1.Text);                //41
                 values.Add(RefNameBox2.Text);
                 values.Add(RefRelBox2.Text);
                 values.Add(RefPhoneBox2.Text);
                 values.Add(RefEmailBox2.Text);
                 values.Add(RefAdrBox2.Text);                //46
                 values.Add(updateCode);
                 values.Add(updaterId);
                 values.Add(userId.ToUpper().Trim());
                 values.Add(HospitalClass.Encrypt(PasswordBox.Text));
                 values.Add(HospitalClass.getTransactionId());
                 values.Add(operation);                             //52
                 int status = DataConsumer.executeProcedure("superuser_admin_val", values);
                 Session["FirstName"] = FirstNameBox.Text;
                 StatusLabel.Text     = "Operation Successful.<br/>Performer: " + updaterId + ".<br/>Operation: " + operation;
                 StatusLabel.CssClass = "success paraNormal";
             }
         }
         else
         {
             StatusLabel.CssClass = "error paraNormal";
             if (int.Parse(lastPossibleId.Substring(3, 3)) < int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
             {
                 StatusLabel.Text = "Invalid User Id. Perform a new registration";
             }
             else if (GenderList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your gender";
             }
             else if (MaritalList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your marital status";
             }
             else if (IdTypeList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your Identificaton type";
             }
             else if (TypeList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your blood type";
             }
             else if (GroupList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your blood group";
             }
             else if (PriList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your primary school certificate. (Select none if unavailable)";
             }
             else if (SecList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your secondary school certificate. (Select none if unavailable)";
             }
             else
             {
                 StatusLabel.Text = "Please select your university certificate grade. (Select none if unavailable)";
             }
         }
     }
     catch (Exception ex)
     {
         StatusLabel.CssClass = "error normal";
         StatusLabel.Text     = "Error: " + ex.Message;
         HospitalClass.Log(ex);
     }
 }
Esempio n. 3
0
 protected void SubmitButton_Click(object sender, EventArgs e)
 {
     try
     {
         StatusDiv.Visible   = true;
         StatusLabel.Visible = true;
         bool buttonChk;
         if (DocRadioButton.Checked)
         {
             buttonChk = DocRoleList.SelectedIndex != 0;
         }
         else if (StfRadioButton.Checked)
         {
             buttonChk = StfRoleList.SelectedIndex != 0;
         }
         else
         {
             buttonChk = true;
         }
         string    existQuery    = DataProvider.RegistrationPage.ExistQuery(EmailBox.Text.ToUpper().Trim());
         DataTable dt            = HospitalClass.getDataTable(existQuery);
         bool      checkName     = HospitalClass.sqlProtect(FirstNameBox.Text);
         bool      checkPassword = HospitalClass.sqlProtect(PasswordBox.Text);
         if (buttonChk && GenderList.SelectedIndex != 0 && dt.Rows.Count == 0 && checkName && checkPassword)  //validate selection of drop down list values
         {
             if (DocRadioButton.Checked == true)
             {
                 role       = DocRoleList.SelectedItem.Value;
                 updateCode = "DOC_REG";
             }
             else if (StfRadioButton.Checked == true)
             {
                 role       = StfRoleList.SelectedItem.Value;
                 updateCode = "STF_REG";
             }
             else
             {
                 role       = "PAT";
                 updateCode = "PAT_REG";;
             }
             string month,
                    year;
             if (DateTime.Now.Month < 10)
             {
                 month = "0" + DateTime.Now.Month;
             }
             else
             {
                 month = DateTime.Now.Month.ToString();
             }
             year = (DateTime.Now.Year.ToString()).Remove(0, 2);
             string    lastIdQuery = DataProvider.RegistrationPage.LastIdQuery(role.Remove(2));
             DataTable lastDt      = HospitalClass.getDataTable(lastIdQuery);
             if (lastDt.Rows.Count == 0)        //first role user registration
             {
                 if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
                 {
                     userId = role + month + year + "0001";
                 }
                 else
                 {
                     userId = role + month + year + "001";
                 }
             }
             else      //generate new id for patient, doctor or staff
             {
                 string lastId = (string)lastDt.Rows[0][0];
                 string editId;
                 if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
                 {
                     editId = lastId.Remove(0, lastId.Length - 4);
                 }
                 else
                 {
                     editId = lastId.Remove(0, lastId.Length - 3);
                 }
                 int    newIdInt = int.Parse(editId) + 1;
                 string newId;
                 if (newIdInt < 10)
                 {
                     newId = editId.Remove(editId.Length - 1) + newIdInt.ToString();
                 }
                 else if (newIdInt < 100)
                 {
                     newId = editId.Remove(editId.Length - 2) + newIdInt.ToString();
                 }
                 else if (newIdInt < 1000)
                 {
                     newId = editId.Remove(editId.Length - 3) + newIdInt.ToString();
                 }
                 else
                 {
                     newId = newIdInt.ToString();
                 }
                 userId = role + month + year + newId;
             }
             if (Session["SuperUser"] != null)
             {
                 updaterId = (string)Session["SuperUser"];
             }
             else if (Session["Admin"] != null)
             {
                 updaterId = (string)Session["Admin"];
             }
             else
             {
                 updaterId = userId;
             }
             List <string> values = new List <string>();
             values.Add(EmailBox.Text.Trim());
             values.Add(FirstNameBox.Text.Trim());
             values.Add(GenderList.SelectedItem.Text);
             values.Add(LastnameBox.Text.Trim());
             values.Add(OtherNameBox.Text.Trim());
             values.Add(HospitalClass.Encrypt(PasswordBox.Text));
             values.Add(PhoneBox.Text);
             values.Add(updateCode);
             values.Add(updaterId);
             values.Add(userId);
             values.Add(HospitalClass.getTransactionId());
             int status = DataConsumer.executeProcedure("initial_reg", values);
             StatusLabel.CssClass = "success big";
             StatusLabel.Text     = "You have been successfully registered.<br/>Your ID is: " + userId + ".<br/>";
             goToLogin.Visible    = true;
             InfoDiv.Visible      = false;
             RegLabel.Visible     = false;
             CheckBoxDiv.Visible  = false;
         }
         else
         {
             if (!checkName)
             {
                 StatusLabel.Text = "Unsecure name entry. Please remove all ' and -- symbols";
             }
             else if (!checkPassword)
             {
                 StatusLabel.Text = "Unsecure password choice. Please remove all ' and -- symbols";
             }
             else if (GenderList.SelectedIndex == 0)
             {
                 StatusLabel.Text = "Please select your sex";
             }
             else if (dt.Rows.Count > 0)
             {
                 StatusLabel.Text = "This email address has already been registered";
             }
             else
             {
                 StatusLabel.Text = "Please choose a classification/role";
             }
         }
     }
     catch (Exception ex)
     {
         StatusLabel.Text = "Error: " + ex.Message;
         HospitalClass.Log(ex);
     }
 }
Esempio n. 4
0
 protected void SubmitButton_Click(object sender, EventArgs e)
 {
     try
     {
         bool checkId  = HospitalClass.sqlProtect(UserIdBox.Text);    //security for user id input against sqlInjection
         bool checkPwd = HospitalClass.sqlProtect(PasswordBox.Text);  //security for password input against sqlInjection
         if (UserIdBox.Text.Length != 0 && checkId && checkPwd)
         {
             string    passwordQuery = DataProvider.LoginPage.PasswordQuery(UserIdBox.Text.ToUpper().Trim());
             DataTable dt            = HospitalClass.getDataTable(passwordQuery);
             if (dt.Rows.Count > 0)
             {
                 string encryptPassword = HospitalClass.Encrypt(PasswordBox.Text);
                 int    checkPassword   = 0;
                 string userIdPass      = "";
                 foreach (DataRow row in dt.Rows)
                 {
                     if (encryptPassword == row[0].ToString())  //check if password correlate
                     {
                         checkPassword = 1;
                         userIdPass    = row[1].ToString(); //check first name repetition
                     }
                     userId = row[1].ToString();
                     if (userIdPass.Length > 0)
                     {
                         userId = userIdPass;
                     }
                 }
                 if (Session["SuperUser"] != null)
                 {
                     updaterId = (string)Session["SuperUser"];
                 }
                 else if (Session["Admin"] != null)
                 {
                     updaterId = (string)Session["Admin"];
                 }
                 else
                 {
                     updaterId = userId;
                 }
                 bool rights;
                 if (userId.StartsWith("ADM") || userId.StartsWith("SUP"))
                 {
                     rights = false;
                 }
                 else
                 {
                     rights = true;
                 }
                 //for either a basic user or a privileged user
                 if ((Session["SuperUser"] != null || Session["Admin"] != null || (checkPassword == 1 && rights)) || (!rights && checkPassword == 1))
                 {
                     bool   auditTrailValidator = false;
                     string oldUser             = ""; //to check the access of an administrator or a superuser
                     if (Session["SuperUser"] != null)
                     {
                         oldUser = Session["SuperUser"].ToString();
                     }
                     else if (Session["Admin"] != null)
                     {
                         oldUser = Session["Admin"].ToString();
                     }
                     Session["User"] = userId;
                     //using linq to datasets to query the datatable (to guard against two users with the same first name)
                     Session["FirstName"] = (from FirstName in dt.AsEnumerable()
                                             where FirstName.Field <string>("USER_ID") == userId
                                             select FirstName.Field <string>("FIRST_NAME")).First().ToString();
                     Session["RegStatus"] = (from Status in dt.AsEnumerable()
                                             where Status.Field <string>("USER_ID") == userId
                                             select Status.Field <string>("STATUS")).First().ToString();
                     //login for users
                     if ((Session["SuperUser"] != null || Session["Admin"] != null || checkPassword == 1) && rights)
                     {
                         if (userId.StartsWith("PAT"))
                         {
                             updateCode = "PAT_LGN";
                         }
                         else if (userId.StartsWith("DC"))
                         {
                             updateCode = "DOC_LGN";
                         }
                         else
                         {
                             updateCode = "STF_LGN";
                         };
                         Response.Redirect("~/LoggedInPage.aspx", false);
                         auditTrailValidator = true;
                     }
                     //login for admin and superuser
                     else if (!rights && checkPassword == 1)
                     {
                         if (userId.StartsWith("SUP"))
                         {
                             Session["SuperUser"] = userId;
                             updateCode           = "SUP_LGN";
                         }
                         else
                         {
                             Session["Admin"] = userId;
                             updateCode       = "ADM_LGN";
                         }
                         Response.Redirect("~/LoggedInPage.aspx", false);
                         auditTrailValidator = true;
                     }
                     //extraneous login for superuser and administrator
                     else
                     {
                         //to catch unauthorized access to another privileged user's account
                         if ((Session["SuperUser"] != null && !userId.StartsWith("SUP")) || oldUser == userId) //for privileged user relogin
                         {
                             Session["User"] = userId;
                             if (oldUser == userId)
                             {
                                 Session["Info"] = "Welcome Back";
                             }
                             if (userId.ToUpper().StartsWith("ADM"))
                             {
                                 updateCode = "ADM_LGN";
                             }
                             else
                             {
                                 updateCode = "SUP_LGN";
                             }
                             Response.Redirect("~/LoggedInPage.aspx", false);
                             auditTrailValidator = true;
                         }
                         else
                         {
                             StatusLabel.Text = "You do not have access to this profile";
                             if (oldUser.StartsWith("SUP"))
                             {
                                 Session["User"] = Session["SuperUser"].ToString();
                             }
                             else
                             {
                                 Session["User"] = Session["Admin"].ToString();
                             }
                             auditTrailValidator = false;
                         }
                     }
                     if (auditTrailValidator)
                     {
                         object[] values = new object[4];
                         values[0] = (HospitalClass.getTransactionId());
                         values[1] = (updateCode);
                         values[2] = (updaterId);
                         values[3] = (userId);
                         int status = DataConsumer.executeProc("audit_trail_proc", values);
                     }
                 }
                 else
                 {
                     if (PasswordBox.Text.Length == 0)
                     {
                         StatusLabel.Text = "Please enter your password";
                     }
                     else
                     {
                         StatusLabel.Text = "Wrong user Id/password combination.<br/>Note: Password is case-sensitive.";
                     }
                 }
             }
             else
             {
                 StatusLabel.Text = "You are not a user on our database. Please register.";
             }
         }
         else
         {
             if (UserIdBox.Text.Length == 0)
             {
                 StatusLabel.Text = "Please enter your user id, first name or email address";
             }
             else if (!checkId)
             {
                 StatusLabel.Text = "Unsecure user Id";
             }
             else
             {
                 StatusLabel.Text = "Unsecure password";
             }
         }
     }
     catch (Exception ex)
     {
         StatusLabel.Text = "Error: " + ex.Message;
         HospitalClass.Log(ex);
         //ex.Logger();
     }
 }