public string[] GetCompletionList(string prefixText, int count)
{
//ADO.Net
DBController db = new DBController();
string connectionString = db.getConnectionString();
List <string> resultsList = new List <string>();
string result;
//Compare String From Textbox(searchTerm) AND String From
//Column in DataBase(CompanyName)
//If String from DataBase is equal to String from TextBox(searchTerm)
//then add it to return ItemList
string Query = "SELECT username FROM users WHERE username LIKE '%' @username '%' AND userID not in (@userID, 1)";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@username", prefixText);
cmd.Parameters.AddWithValue("@userID", Session["userID"]);
MySqlDataReader dr = cmd.ExecuteReader();
if (dr.Read() == true)
{
result = dr["username"].ToString();
resultsList.Add(result);
}
try
{
while (dr.Read() == true)
{
result = dr["username"].ToString();
resultsList.Add(result);
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
string Query2 = "SELECT productName FROM products WHERE productName LIKE '%' @productName '%'";
MySqlConnection conn2 = new MySqlConnection(connectionString);
MySqlCommand cmd2 = new MySqlCommand(Query2, conn2);
conn2.Open();
cmd2.Parameters.AddWithValue("@productName", prefixText);
MySqlDataReader dr2 = cmd2.ExecuteReader();
if (dr2.Read() == true)
{
result = dr2["productName"].ToString();
resultsList.Add(result);
}
try
{
while (dr2.Read() == true)
{
result = dr2["productName"].ToString();
resultsList.Add(result);
}
}
catch (Exception)
{
}
finally
{
dr2.Close();
conn2.Close();
}
//Then return List of string(resultsList) as result
return(resultsList.ToArray());
}
protected void Page_Load(object sender, EventArgs e)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
}
protected void ButtonLogin_Click(object sender, EventArgs e)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "SELECT * FROM users WHERE username = @username";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@username", TextBoxLogin1.Text);
MySqlDataReader dr = cmd.ExecuteReader();
string username = "";
string pwHash = "";
string genPwHash;
genPwHash = CreatePasswordHash(TextBoxLogin2.Text);
int userID = 0;
Boolean ban = false;
try
{
while (dr.Read() == true)
{
userID = (int)dr["userID"];
username = dr["username"].ToString();
pwHash = dr["passwordHash"].ToString();
ban = Convert.ToBoolean(dr["ban"]);
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
string Query2 = "SELECT * FROM verifications WHERE userID = @userid";
MySqlConnection conn2 = new MySqlConnection(connectionString);
MySqlCommand cmd2 = new MySqlCommand(Query2, conn2);
conn2.Open();
cmd2.Parameters.AddWithValue("@userid", userID);
MySqlDataReader dr2 = cmd2.ExecuteReader();
Boolean activationSuccess = false;
try
{
while (dr2.Read() == true)
{
activationSuccess = Convert.ToBoolean(dr2["activationSuccess"]);
}
}
catch (Exception)
{
}
finally
{
dr2.Close();
conn2.Close();
}
if (pwHash.Equals(genPwHash) && username.Equals(TextBoxLogin1.Text) && ban == false && activationSuccess == true)
{
Random rand = new Random((int)DateTime.Now.Ticks);
int RandomNumber;
RandomNumber = rand.Next(100000, 999999);
insertOtp(userID, RandomNumber);
string temp = "~/LoginVerification.aspx?@=" + HttpUtility.HtmlEncode(userID);
Response.Redirect(temp);
}
else if (ban == true)
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "ThanksPopScript", "alert('The account is banned');", true);
}
else if (activationSuccess == false)
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "ThanksPopScript", "alert('The account has not been activated');", true);
}
else
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "ThanksPopScript", "alert('Incorrect username or password');", true);
}
}
