private void updateLikes()
{
SqlCommand objCommand = new SqlCommand();
BinaryFormatter serializer = new BinaryFormatter();
MemoryStream stream = new MemoryStream();
List <int> likesints = new List <int>();
foreach (Profile x in Likes)
{
likesints.Add(x.ProfileID);
}
Byte[] Store;
serializer.Serialize(stream, likesints);
Store = stream.ToArray();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_StoreLikes";
objCommand.Parameters.AddWithValue("@UserId", Session["UserID"].ToString());
objCommand.Parameters.AddWithValue("@Pass", Store);
objDB.DoUpdateUsingCmdObj(objCommand);
}
} // end method bind
protected void lbUnlike_Command(object sender, CommandEventArgs e)
{ // removes user from liked list
int unLikeUserID = Convert.ToInt32(e.CommandName);
memberLikes.Remove(unLikeUserID);
Session["memberLikes"] = memberLikes; // update session
BinaryFormatter bf = new BinaryFormatter(); MemoryStream mStream = new MemoryStream();
Byte[] mLikes;
bf.Serialize(mStream, memberLikes); mLikes = mStream.ToArray();
// update db
SqlCommand objUpdatePref = new SqlCommand();
objUpdatePref.CommandType = CommandType.StoredProcedure;
objUpdatePref.CommandText = "TP_UpdatePreferences";
objUpdatePref.Parameters.AddWithValue("@userID", userID);
objUpdatePref.Parameters.AddWithValue("@likes", mLikes);
obj.DoUpdateUsingCmdObj(objUpdatePref, out string error);
if (String.IsNullOrEmpty(error))
{
Boolean l = true; Boolean d = false;
bind(l,d); // rebind
} // end if
}
protected void btnApprove_Click(object sender, EventArgs e)
{
Button btn = (Button)sender;
GridViewRow row = (GridViewRow)btn.NamingContainer;
string name = row.Cells[1].Text;
//int rowIndex = e.Item.ItemIndex;
SqlCommand objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
//Login
objCommand.CommandText = "TP_ConfirmDate";
objCommand.Parameters.AddWithValue("@UserId", Convert.ToInt32(Session["UserId"].ToString()));
objCommand.Parameters.AddWithValue("@PassConfirm", 1);
objCommand.Parameters.AddWithValue("@UserName", name);
objDB.DoUpdateUsingCmdObj(objCommand);
}
protected void gvTripItems_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
int rowIndex = e.RowIndex;
string customerName = gvTripItems.Rows[rowIndex].Cells[0].Text;
string tripItemName = gvTripItems.Rows[rowIndex].Cells[2].Text;
string tripItemDescription = gvTripItems.Rows[rowIndex].Cells[3].Text;
TextBox Tbox;
Tbox = (TextBox)gvTripItems.Rows[rowIndex].FindControl("txtQtyAdd");
int quantity = int.Parse(Tbox.Text);
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "updateTripItemQuantity";
SqlParameter inputParameter = new SqlParameter("@Quantity", quantity);
inputParameter.Direction = ParameterDirection.Input;
inputParameter.SqlDbType = SqlDbType.Int;
objCommand.Parameters.Add(inputParameter);
inputParameter = new SqlParameter("@TripItemName", tripItemName);
inputParameter.Direction = ParameterDirection.Input;
inputParameter.SqlDbType = SqlDbType.VarChar;
objCommand.Parameters.Add(inputParameter);
inputParameter = new SqlParameter("@TripItemDescription", tripItemDescription);
inputParameter.Direction = ParameterDirection.Input;
inputParameter.SqlDbType = SqlDbType.VarChar;
objCommand.Parameters.Add(inputParameter);
inputParameter = new SqlParameter("@CustomerName", customerName);
inputParameter.Direction = ParameterDirection.Input;
inputParameter.SqlDbType = SqlDbType.VarChar;
objCommand.Parameters.Add(inputParameter);
objDB.DoUpdateUsingCmdObj(objCommand);
lblAlert.Text = "You have successfully updated your cart.";
lblAlert.ForeColor = System.Drawing.Color.Green;
lblAlert.Visible = true;
gvTripItems.EditIndex = -1;
ShowTripItems();
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
String plainTextPassword = txtConfirmPassword.Text;
String encryptedPassword;
UTF8Encoding encoder = new UTF8Encoding(); // used to convert bytes to characters, and back
Byte[] textBytes; // stores the plain text data as bytes
// Perform Encryption
// Convert a string to a byte array, which will be used in the encryption process.
textBytes = encoder.GetBytes(plainTextPassword);
RijndaelManaged rmEncryption = new RijndaelManaged();
MemoryStream myMemoryStream = new MemoryStream();
CryptoStream myEncryptionStream = new CryptoStream(myMemoryStream, rmEncryption.CreateEncryptor(key, vector), CryptoStreamMode.Write);
// Use the crypto stream to perform the encryption on the plain text byte array.
myEncryptionStream.Write(textBytes, 0, textBytes.Length);
myEncryptionStream.FlushFinalBlock();
// Retrieve the encrypted data from the memory stream, and write it to a separate byte array.
myMemoryStream.Position = 0;
Byte[] encryptedBytes = new Byte[myMemoryStream.Length];
myMemoryStream.Read(encryptedBytes, 0, encryptedBytes.Length);
// Close all the streams.
myEncryptionStream.Close();
myMemoryStream.Close();
// Convert the bytes to a string and display it.
encryptedPassword = Convert.ToBase64String(encryptedBytes);
if (txtNewPassword.Text == "")
{
lblPassword.Text = "Please enter your new password";
txtNewPassword.Focus();
}
else if (txtNewPassword.Text == txtConfirmPassword.Text)
{
lblPassword.Text = "";
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_ResetPassword";
objCommand.Parameters.AddWithValue("@thePassword", encryptedPassword);
objCommand.Parameters.AddWithValue("@theUsername", Session["retrieve-username"].ToString());
objDB.DoUpdateUsingCmdObj(objCommand);
lblSuccess.Visible = true;
Session.Clear();
Response.AddHeader("REFRESH", "2;URL=login.aspx");
}
else
{
txtConfirmPassword.Focus();
txtConfirmPassword.Text = "";
lblPassword.Text = "Passwords do not match. Please enter again";
}
}
protected void btnBlock_click(object sender, EventArgs e)
{
//Add current profile to block
SqlCommand objCommand = new SqlCommand();
//objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_GetBlocks";
objCommand.Parameters.AddWithValue("@UserId", Session["UserID"].ToString());
objDB.GetDataSetUsingCmdObj(objCommand);
Byte[] byteArray = (Byte[])objDB.GetField("BlockList", 0);
BinaryFormatter deSerializer = new BinaryFormatter();
MemoryStream memStream = new MemoryStream(byteArray);
List <int> BlockList;
try
{
BlockList = (List <int>)deSerializer.Deserialize(memStream);
}
catch
{
BlockList = new List <int>();
}
BlockList.Add(Convert.ToInt32(Session["CurrentUserID"]));
BinaryFormatter serializer = new BinaryFormatter();
MemoryStream stream = new MemoryStream();
Byte[] Store;
serializer.Serialize(stream, BlockList);
Store = memStream.ToArray();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_StoreBlocks";
objCommand.Parameters.AddWithValue("@UserId", Session["CurrentUserID"].ToString());
objCommand.Parameters.AddWithValue("@BlockList", Store);
objDB.DoUpdateUsingCmdObj(objCommand);
}
public void UpdateTotalSales()
{
int customerid = Convert.ToInt16(Session["customerid"].ToString());
decimal total = Convert.ToDecimal(ShowTotalPrice());
try
{
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_UpdateTotalSales";
objCommand.Parameters.AddWithValue("@id", customerid);
objCommand.Parameters.AddWithValue("@total", total);
objDB.DoUpdateUsingCmdObj(objCommand);
}
catch (Exception ex)
{
throw ex;
}
}
/* protected void btnGetProduct_Click(object sender, EventArgs e)
* {
* int departmentnumber = Int32.Parse(ddlDepartment.SelectedValue);
* url = url + "GetProductCatalog/" + departmentnumber.ToString();
*
* WebRequest request = WebRequest.Create(url);
* WebResponse response = request.GetResponse();
*
* Stream theDataStream = response.GetResponseStream();
* StreamReader reader = new StreamReader(theDataStream);
* String data = reader.ReadToEnd();
* reader.Close();
* response.Close();
*
* JavaScriptSerializer js = new JavaScriptSerializer();
* List<Product> products = js.Deserialize<List<Product>>(data);
*
* gvProducts.DataSource = products;
* gvProducts.DataBind();
* }*/
protected void gvProducts_SelectedIndexChanged(object sender, EventArgs e)
{
if (Session["count"] != null)
{
count = (int)Session["count"] + 1;
}
lbCart.Text = Session["cart"].ToString() + " (" + count.ToString() + ")";
Session["FinalCart"] = lbCart.Text;
Session["count"] = count;
int rowIndex = gvProducts.SelectedIndex;
Product product = new Product();
product.Image = gvProducts.SelectedRow.Cells[0].Text;
product.Title = gvProducts.SelectedRow.Cells[1].Text;
product.Desc = gvProducts.SelectedRow.Cells[2].Text;
product.Price = Convert.ToDouble(gvProducts.SelectedRow.Cells[3].Text);
TextBox tb = (TextBox)gvProducts.SelectedRow.FindControl("txtQuantity");
product.Product_ID = Convert.ToInt32(gvProducts.DataKeys[rowIndex].Value.ToString());
product.Quantity = Convert.ToInt32(tb.Text);
if (Session["list"] != null)
{
productlist = (ArrayList)Session["list"];
productlist.Add(product);
}
else
{
productlist.Add(product);
}
Session["list"] = productlist;
Session["Productlist"] = productlist;
lblNotify.Visible = false;
// Serialize the CreditCard object
BinaryFormatter serializer = new BinaryFormatter();
MemoryStream memStream = new MemoryStream();
Byte[] byteArray;
serializer.Serialize(memStream, productlist);
byteArray = memStream.ToArray();
// Update the account to store the serialized object (binary data) in the database
objcomm.CommandType = CommandType.StoredProcedure;
objcomm.CommandText = "TP_StoreCart";
objcomm.Parameters.AddWithValue("theID", Session["customerID"]);
objcomm.Parameters.AddWithValue("theCart", byteArray);
objDB.DoUpdateUsingCmdObj(objcomm);
}
protected void btnWipetables_Click(object sender, EventArgs e)
{
DBConnect objDB = new DBConnect();
SqlCommand objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "sp_WipeSQLtables";
objDB.DoUpdateUsingCmdObj(objCommand);
}
} // end blocked users
protected void btnUpdateUsername_Click(object sender, EventArgs e)
{ // validate user input for username
lblUsernameError.Visible = false;
Session["remain"] = 1;
if (txtNewUsername.Text=="")
{
txtNewUsername.CssClass += " is-invalid";
return;
} // end check
else
{
SqlCommand objUpdateUserName = new SqlCommand();
objUpdateUserName.CommandType = CommandType.StoredProcedure;
objUpdateUserName.CommandText = "TP_UpdateUsername";
SqlParameter outputUsernameExists = new SqlParameter("@UsernameExists", SqlDbType.Int)
{
Direction = ParameterDirection.Output
};
objUpdateUserName.Parameters.AddWithValue("@userID", userID);
objUpdateUserName.Parameters.AddWithValue("username", txtNewUsername.Text);
objUpdateUserName.Parameters.Add(outputUsernameExists);
if (obj.DoUpdateUsingCmdObj(objUpdateUserName, out string exception) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
if (Int32.Parse(outputUsernameExists.Value.ToString()) == 1)
{
lblUsernameError.Visible = true;
}
else
{
ClientScript.RegisterStartupScript(this.GetType(), "SuccessToast", "showSuccess();", true);
txtCurrentUsername.Text = txtNewUsername.Text;
txtNewUsername.CssClass = txtNewUsername.CssClass.Replace("is-invalid", "").Trim();
}
txtNewUsername.Text = "";
}
} // end update username btn click
protected void lbSendAgain_Click(object sender, EventArgs e)
{
//If send again is clicked, generate a new verification code, dump it into the database, and
// send the email containing the new code
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] random = new byte[16];
rng.GetBytes(random);
string rngString = Convert.ToBase64String(random);
string trimmed = rngString.Substring(0, rngString.Length - 2);
try {
SqlCommand commandObj = new SqlCommand();
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_InsertVerification";
commandObj.Parameters.AddWithValue("@UserID", Session["VerifyingUserID"].ToString());
commandObj.Parameters.AddWithValue("@code", trimmed);
DBConnect OBJ = new DBConnect();
if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) != -2)
{
// sends email again
string email = Session["email"].ToString(); string sendAdd = "*****@*****.**";
string link = Request.Url.Host + "'/Verification.aspx'";
// send email
MailMessage msg = new MailMessage();
msg.To.Add(new MailAddress(@email));
msg.Subject = "QUERY Welcome Email";
msg.From = new MailAddress(sendAdd);
msg.IsBodyHtml = true;
msg.Body = "<div> Thank you for signing up for Query.com! <Br><BR> You have successfully " +
"created an account. To verify, please enter the verification code: <strong>" + trimmed +
"</strong><Br><BR> <div>";
SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587);
smtp.Credentials = new System.Net.NetworkCredential(sendAdd, "CIS3342TermProject");
smtp.EnableSsl = true;
smtp.Send(msg);
Response.Redirect("Verification.aspx");
}
}
catch
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
}
private void deleteDateRequest()
{
DBConnect objDB = new DBConnect();
SqlCommand objCmd = new SqlCommand();
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandText = "TP_DeleteDateRequest";
int result = 0;
User tempUser = new User();
int userID1 = tempUser.getUserID(Session["Username"].ToString());
int userID2 = tempUser.getUserID(Session["RequestedProfile"].ToString());
UserProfile tempProfile = new UserProfile();
if (tempProfile.checkIfUserSentDateRequest(Session["Username"].ToString(), Session["RequestedProfile"].ToString()))
{
objCmd.Parameters.AddWithValue("@requestFrom", userID1);
objCmd.Parameters.AddWithValue("@requestTo", userID2);
result = objDB.DoUpdateUsingCmdObj(objCmd);
if (result == 1)
{
lblErrorMsg.Text += "Successfully deleted date request to this user. <br />";
lblErrorMsg.Visible = true;
}
}
else if (tempProfile.checkIfUserReceivedDateRequest(Session["RequestedProfile"].ToString(), Session["Username"].ToString()))
{
objCmd.Parameters.AddWithValue("@requestFrom", userID2);
objCmd.Parameters.AddWithValue("@requestTo", userID1);
result = objDB.DoUpdateUsingCmdObj(objCmd);
if (result == 1)
{
lblErrorMsg.Text += "Successfully deleted date request from this user. <br />";
lblErrorMsg.Visible = true;
}
}
}
protected void btnSendMessage_Click(object sender, EventArgs e)
{
Timer1.Enabled = true;
DBConnect objDB = new DBConnect();
SqlCommand objCmd = new SqlCommand();
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandText = "TP_GetConversation";
objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString());
objCmd.Parameters.AddWithValue("@usernameTwo", Session["MessageToUsername"].ToString());
DataSet conversationDS = objDB.GetDataSetUsingCmdObj(objCmd);
string conversation = objDB.GetField("Content", 0).ToString();
int messageID = int.Parse(objDB.GetField("MessageID", 0).ToString());
String messageText = txtSendMessage.Text;
String updateConversation = conversation + "<br />" + Session["Username"].ToString() + ": " + messageText;
DBConnect objDBConn = new DBConnect();
SqlCommand objCmdConn = new SqlCommand();
objCmdConn.CommandType = CommandType.StoredProcedure;
objCmdConn.CommandText = "TP_UpdateConversation";
objCmdConn.Parameters.AddWithValue("@messageID", messageID);
objCmdConn.Parameters.AddWithValue("@content", updateConversation);
int result = objDBConn.DoUpdateUsingCmdObj(objCmdConn);
if (result == 1)
{
DataBind();
User tempUser = new User();
string recipient = tempUser.getEmailByUsername(Session["MessageToUsername"].ToString());
Email emailObj = new Email();
string to = recipient;
string from = "*****@*****.**";
string subject = "New Message";
string message = "You have a new message from " + Session["Username"].ToString() + ". Visit the website to view the message.";
try
{
emailObj.SendMail(to, from, subject, message);
}
catch (Exception ex)
{
}
}
txtSendMessage.Text = string.Empty;
}
protected void UpdateMerchantInfo(Merchant merchant)
{
int id = int.Parse(Session["merchantID"].ToString());
try
{
objcomm.CommandType = CommandType.StoredProcedure;
objcomm.CommandText = "TP_UpdateMerchantInfo";
objcomm.Parameters.AddWithValue("@id", id);
objcomm.Parameters.AddWithValue("@address", merchant.Address);
objcomm.Parameters.AddWithValue("@city", merchant.City);
objcomm.Parameters.AddWithValue("@state", merchant.State);
objcomm.Parameters.AddWithValue("@zipcode", merchant.ZipCode);
objcomm.Parameters.AddWithValue("@phone", merchant.Phone);
objcomm.Parameters.AddWithValue("@email", merchant.Email);
objDB.DoUpdateUsingCmdObj(objcomm);
}
catch (Exception ex)
{
throw ex;
}
}
protected void btnSend_Click(object sender, EventArgs e)
{
objDB = new DBConnect();
objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_sp_SendMessage";
objCommand.Parameters.AddWithValue("@SenderID", userID);
objCommand.Parameters.AddWithValue("@Username", username);
objCommand.Parameters.AddWithValue("@ReceiverID", ddlMatches.SelectedValue);
objCommand.Parameters.AddWithValue("@Message", txtMessage.Text);
objDB.DoUpdateUsingCmdObj(objCommand);
Bind();
}
private void newConvo()
{
DBConnect objDB = new DBConnect();
SqlCommand objCmd = new SqlCommand();
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandText = "TP_NewConversation";
objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString());
objCmd.Parameters.AddWithValue("@usernameTwo", Session["RequestedProfile"].ToString());
int result = objDB.DoUpdateUsingCmdObj(objCmd);
if (result == 1)
{
Response.Redirect("Messaging.aspx");
}
}
protected void btnSubmitBankInformation_Click(object sender, EventArgs e)
{
DBConnect dbConnection = new DBConnect();
SqlCommand objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TPAddMerchantBankInformation";
objCommand.Parameters.AddWithValue("@Email", Session["userEmail"].ToString());
objCommand.Parameters.AddWithValue("@BankCompany", txtBankCompany.Text);
objCommand.Parameters.AddWithValue("@AccountType", ddlAccountType.SelectedValue);
objCommand.Parameters.AddWithValue("@AccountNumber", txtAccountNumber.Text);
int ResponseRecevied = dbConnection.DoUpdateUsingCmdObj(objCommand);
RegisterMerchantDetails.Visible = false;
BankAccount.Visible = false;
SubmitConfirmation.Visible = true;
}
private void modifyProfilePic()
{
if (IsPostBack)
{
if (fileProfilePic.HasFile)
{
int result = 0, imageSize;
string fileExt, imageName;
User tempUser = new User();
int userID = tempUser.getUserID(Session["Username"].ToString());
imageSize = fileProfilePic.PostedFile.ContentLength;
byte[] imageData = new byte[imageSize];
fileProfilePic.PostedFile.InputStream.Read(imageData, 0, imageSize);
imageName = fileProfilePic.PostedFile.FileName;
fileExt = imageName.Substring(imageName.LastIndexOf("."));
fileExt = fileExt.ToLower();
if (fileExt == ".jpg")
{
DBConnect objDB = new DBConnect();
SqlCommand objCmd = new SqlCommand();
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandText = "TP_ModifyProfilePic";
objCmd.Parameters.AddWithValue("@imageData", imageData);
objCmd.Parameters.AddWithValue("@userID", userID);
result = objDB.DoUpdateUsingCmdObj(objCmd);
if (result != 1)
{
lblErrorMsg.Text += "*There was an error updating your profile picture. <br />";
lblErrorMsg.Visible = true;
}
}
else
{
lblErrorMsg.Text += "*Only jpg file types supported. <br />";
lblErrorMsg.Visible = true;
}
}
}
}
protected void btnDateSubmit_Click(object sender, EventArgs e)
{
try
{
if (Session["UsersName"].ToString() != currentProfile.FirstName)
{
DateTime date = Convert.ToDateTime(txtDate.Text);
string location = txtLocation.Text;
string desc = txtDescription.Text;
SqlCommand objCommand = new SqlCommand();
objDB = new DBConnect();
objCommand = new SqlCommand();
int ID1 = Convert.ToInt32(Session["UserID"].ToString());
int ID2 = currentProfile.UserID;
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_CreateDate";
objCommand.Parameters.AddWithValue("@UserId1", ID1);
objCommand.Parameters.AddWithValue("@UserId2", ID2);
objCommand.Parameters.AddWithValue("@Location", location);
objCommand.Parameters.AddWithValue("@Date", date);
objCommand.Parameters.AddWithValue("@Description", desc);
objCommand.Parameters.AddWithValue("@UserName1", Session["UsersName"].ToString());
objCommand.Parameters.AddWithValue("@UserName2", currentProfile.FirstName);
objDB.DoUpdateUsingCmdObj(objCommand);
}
else
{
// MessageBox.Show("Cannot Date yourself Error");
}
pnlDateRequest.Visible = false;
}
catch
{
//MessageBox.Show("Date Request Error");
pnlDateRequest.Visible = false;
}
}
private void deleteConversation()
{
DBConnect objDB = new DBConnect();
SqlCommand objCmd = new SqlCommand();
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandText = "TP_GetConversation";
objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString());
objCmd.Parameters.AddWithValue("@usernameTwo", Session["RequestedProfile"].ToString());
DataSet conversationDS = objDB.GetDataSetUsingCmdObj(objCmd);
if (conversationDS.Tables.Count > 0)
{
if (conversationDS.Tables[0].Rows.Count > 0)
{
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandText = "TP_DeleteConversation";
objCmd.Parameters.Clear();
objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString());
objCmd.Parameters.AddWithValue("@usernameTwo", Session["RequestedProfile"].ToString());
int result = objDB.DoUpdateUsingCmdObj(objCmd);
if (result == 1)
{
lblErrorMsg.Text += "Successfully deleted conversation with this user. <br />";
lblErrorMsg.Visible = true;
}
}
else
{
lblErrorMsg.Text += "You have no conversations with this user to delete. <br />";
lblErrorMsg.Visible = true;
}
}
else
{
lblErrorMsg.Text += "You have no conversations with this user to delete. <br />";
lblErrorMsg.Visible = true;
}
}
private void BtnDelete_Click(object sender, EventArgs e)
{
Button btnDelete = (Button)sender;
int rowNum = int.Parse(btnDelete.ID.Split('_')[1]);
ProfileDisplay profileDisplay = ((ProfileDisplay)conversationsDiv.FindControl("pdProfile_" + rowNum));
DBConnect objDB = new DBConnect();
SqlCommand objCmd = new SqlCommand();
objCmd.CommandType = CommandType.StoredProcedure;
objCmd.CommandText = "TP_DeleteConversation";
objCmd.Parameters.AddWithValue("@usernameOne", Session["Username"].ToString());
objCmd.Parameters.AddWithValue("@usernameTwo", profileDisplay.Username);
int result = objDB.DoUpdateUsingCmdObj(objCmd);
if (result == 1)
{
conversationsDiv.Controls.RemoveAt(conversationsDiv.Controls.Count - 1);
loadConversations();
}
}
protected void btnSaveSettings_Click(object sender, EventArgs e)
{
DBConnect objDB = new DBConnect();
SqlCommand objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_UpdatePreferences";
objCommand.Parameters.AddWithValue("@email", Session["Email"].ToString());
objCommand.Parameters.AddWithValue("@privacy", ddlProfileView.SelectedValue);
objCommand.Parameters.AddWithValue("@theme", ddlColorStyle.SelectedValue);
objCommand.Parameters.AddWithValue("@autoSignIn", ddlAutoSignIn.SelectedValue);
if (objDB.DoUpdateUsingCmdObj(objCommand) > 0)
{
}
objDB = new DBConnect();
objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_UpdateSerialPreferences";
objCommand.Parameters.AddWithValue("@email", Session["Email"].ToString());
Preferences serialPreferences = new Preferences();
serialPreferences.AutoSignIn = Convert.ToInt32(ddlAutoSignIn.SelectedValue);
serialPreferences.Email = Session["Email"].ToString();
serialPreferences.Privacy = ddlProfileView.SelectedValue;
serialPreferences.Theme = ddlColorStyle.SelectedValue;
BinaryFormatter serializer = new BinaryFormatter();
MemoryStream memStream = new MemoryStream();
Byte[] byteArray;
serializer.Serialize(memStream, serialPreferences);
byteArray = memStream.ToArray();
objCommand.Parameters.AddWithValue("@serial", byteArray);
objCommand.Parameters.AddWithValue("@verificationToken", Session["VerificationToken"].ToString());
if (objDB.DoUpdateUsingCmdObj(objCommand) > 0)
{
}
}
protected void btnCreateAccount_Click(object sender, EventArgs e)
{
//Input Validation for new Log-in
if (txtNewName.Text == "" || txtNewEmail.Text == "" || txtNewAddress.Text == "" || txtNewState.Text == "" || txtNewZipCode.Text == "" || txtNewUsername.Text == "" || txtDesiredPassword.Text == "" || txtDesiredPassword1.Text == "")
{
lblMessage.Text = "Please make sure all fields are filled out";
return;
}
if (txtDesiredPassword.Text != txtDesiredPassword1.Text)
{
lblMessage.Text = "Desired password and desired password confirmation do not match.";
return;
}
if (txtNewState.Text.Length > 2)
{
lblMessage.Text = "State must be written in 2 letter format, i.e. New Jersey = NJ";
return;
}
bool zip = checkIfDigits(txtNewZipCode.Text);
if (zip == false)
{
lblMessage.Text = "Only numbers can be inputed as your zipcode.";
return;
}
//If they make it past input validation then check if a cookie needs to be made
string username = txtNewUsername.Text;
string password = txtDesiredPassword.Text;
string name = txtNewName.Text;
string address = txtNewAddress.Text + ", " + txtNewCity.Text + ", " + txtNewState.Text + " " + txtNewZipCode.Text;
string email = txtNewEmail.Text;
if (rdoRememberMe.Checked) //Remember Me is checked so make a cookie and create account
{
HttpCookie myCookie = new HttpCookie("theCookie");
myCookie.Value = "CIS3342 Website";
myCookie.Expires = new DateTime(2016, 1, 1);
myCookie.Values["Username"] = txtUsername.Text;
Response.Cookies.Add(myCookie);
}
else //Remember me is not checked so create account without using a cookie
{
SqlCommand objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "CreateNewUser";
objCommand.Parameters.AddWithValue("@inputUsername", username);
objCommand.Parameters.AddWithValue("@inputPassword", password);
objCommand.Parameters.AddWithValue("@inputName", name);
objCommand.Parameters.AddWithValue("@inputEmail", email);
objCommand.Parameters.AddWithValue("@inputAddress", address);
DBConnect objDB = new DBConnect();
objDB.DoUpdateUsingCmdObj(objCommand); //adds user to DB using stored procedure
//add code here to make a new customer object and create a session
}
}
protected void btnChangePass_Click(object sender, EventArgs e)
{
string password = txtNewPass.Text;
string passwordConfirm = txtConfirmPass.Text;
Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");
bool trigger = false;
//Validate password; Make sure it passes regex and matches the confirm password input
if (password.Length <= 0 || !regexPassword.IsMatch(password))
{
trigger = true;
txtNewPass.CssClass += " is-invalid";
txtNewPass.Text = "";
}
if (password != passwordConfirm)
{
trigger = true;
txtConfirmPass.CssClass += " is-invalid";
txtConfirmPass.Text = "";
}
if (!trigger)
{
//Salt the password and update it in the db
//Password Salting & Hashing
byte[] saltArray = CryptoUtilities.GenerateSalt();
byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password);
try
{
SqlCommand commandObj = new SqlCommand();
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_UpdatePassword";
commandObj.Parameters.AddWithValue("@userID", Session["VerifyingID"].ToString());
commandObj.Parameters.AddWithValue("@pass", hashPassword);
commandObj.Parameters.AddWithValue("@salt", saltArray);
DBConnect OBJ = new DBConnect();
if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
else
{
divSuccess.Visible = true;
divChangePassword.Visible = false;
}
}
catch
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
}
else
{
divInvalidPassword.Visible = true;
}
}
protected void btnCreateAccount_Click(object sender, EventArgs e)
{
//Basic validation
divUsernameExists.Visible = false;
divEmailExists.Visible = false;
string username = txtUsername.Text;
string email = txtEmail.Text.Trim();
string password = txtPassword.Text;
string passwordConfirm = txtConfirmPassword.Text;
string firstName = txtFName.Text;
string lastName = txtLName.Text;
string AddressOne = txtAddressOne.Text;
string AddressTwo = txtAddressTwo.Text;
string city = txtCity.Text;
string state = ddlState.SelectedValue;
string zip = txtZip.Text;
string SQOne = txtSecurityQOne.Text;
string SQTwo = txtSecurityQTwo.Text;
string SQThree = txtSecurityQThree.Text;
//
//Regular Expressions sourced from http://regexlib.com
//
Regex regexEmail = new Regex(@"^([\w\d\-\.]+)@{1}(([\w\d\-]{1,67})|([\w\d\-]+\.[\w\d\-]{1,67}))\.(([a-zA-Z\d]{2,4})(\.[a-zA-Z\d]{2})?)$");
Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");
Regex regexZip = new Regex(@"(^\d{5}$)|(^\d{5}-\d{4}$)");
txtUsername.CssClass = txtUsername.CssClass.Replace("is-invalid", "").Trim();
txtEmail.CssClass = txtEmail.CssClass.Replace("is-invalid", "").Trim();
txtPassword.CssClass = txtPassword.CssClass.Replace("is-invalid", "").Trim();
txtConfirmPassword.CssClass = txtConfirmPassword.CssClass.Replace("is-invalid", "").Trim();
txtFName.CssClass = txtFName.CssClass.Replace("is-invalid", "").Trim();
txtLName.CssClass = txtLName.CssClass.Replace("is-invalid", "").Trim();
txtAddressOne.CssClass = txtAddressOne.CssClass.Replace("is-invalid", "").Trim();
txtAddressTwo.CssClass = txtAddressTwo.CssClass.Replace("is-invalid", "").Trim();
txtCity.CssClass = txtCity.CssClass.Replace("is-invalid", "").Trim();
ddlState.CssClass = ddlState.CssClass.Replace("is-invalid", "").Trim();
txtZip.CssClass = txtZip.CssClass.Replace("is-invalid", "").Trim();
txtSecurityQOne.CssClass = txtSecurityQOne.CssClass.Replace("is-invalid", "").Trim();
txtSecurityQTwo.CssClass = txtSecurityQTwo.CssClass.Replace("is-invalid", "").Trim();
txtSecurityQThree.CssClass = txtSecurityQThree.CssClass.Replace("is-invalid", "").Trim();
ddlSecurityQOne.CssClass = ddlSecurityQOne.CssClass.Replace("is-invalid", "").Trim();
ddlSecurityQTwo.CssClass = ddlSecurityQTwo.CssClass.Replace("is-invalid", "").Trim();
ddlSecurityQThree.CssClass = ddlSecurityQThree.CssClass.Replace("is-invalid", "").Trim();
Boolean trigger = false;
if (username.Length <= 0)
{
trigger = true;
txtUsername.CssClass += " is-invalid";
}
if (email.Length <= 0 || !regexEmail.IsMatch(email))
{
trigger = true;
txtEmail.CssClass += " is-invalid";
}
if (password.Length <= 0 || !regexPassword.IsMatch(password))
{
trigger = true;
txtPassword.CssClass += " is-invalid";
txtPassword.Text = "";
}
if (password != passwordConfirm)
{
txtConfirmPassword.CssClass += " is-invalid";
txtConfirmPassword.Text = "";
}
if (firstName.Length <= 0)
{
trigger = true;
txtFName.CssClass += " is-invalid";
}
if (lastName.Length <= 0)
{
trigger = true;
txtLName.CssClass += " is-invalid";
}
if (AddressOne.Length <= 0)
{
trigger = true;
txtAddressOne.CssClass += " is-invalid";
}
if (city.Length <= 0)
{
trigger = true;
txtCity.CssClass += " is-invalid";
}
if (state.Length <= 0)
{
trigger = true;
ddlState.CssClass += " is-invalid";
}
if (zip.Length <= 0 || !regexZip.IsMatch(zip))
{
trigger = true;
txtZip.CssClass += " is-invalid";
}
if (SQOne.Length <= 0)
{
trigger = true;
txtSecurityQOne.CssClass += " is-invalid";
}
if (SQTwo.Length <= 0)
{
trigger = true;
txtSecurityQTwo.CssClass += " is-invalid";
}
if (SQThree.Length <= 0)
{
trigger = true;
txtSecurityQThree.CssClass += " is-invalid";
}
if (ddlSecurityQOne.SelectedValue == "")
{
trigger = true;
ddlSecurityQOne.CssClass += " is-invalid";
}
if (ddlSecurityQTwo.SelectedValue == "")
{
trigger = true;
ddlSecurityQTwo.CssClass += " is-invalid";
}
if (ddlSecurityQThree.SelectedValue == "")
{
trigger = true;
ddlSecurityQThree.CssClass += " is-invalid";
}
if (trigger)
{
}
else
{
//Password Salting & Hashing
byte [] saltArray = CryptoUtilities.GenerateSalt();
byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password);
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_CreateUser";
SqlParameter inputUsername = new SqlParameter("@username", username)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputPassword = new SqlParameter("@password", hashPassword)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarBinary
};
SqlParameter inputSalt = new SqlParameter("@salt", saltArray)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarBinary
};
SqlParameter inputEmail = new SqlParameter("@emailAddress", email)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputFirstName = new SqlParameter("@firstName", firstName)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputLastName = new SqlParameter("@lastName", lastName)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputBilling = new SqlParameter("@billing", AddressOne)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputCity = new SqlParameter("@city", city)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputState = new SqlParameter("@state", state)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputZip = new SqlParameter("@zip", Convert.ToInt32(zip))
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter outputUsernameExists = new SqlParameter("@UsernameExists", SqlDbType.Int)
{
Direction = ParameterDirection.Output
};
SqlParameter outputEmailExists = new SqlParameter("@EmailExists", SqlDbType.Int)
{
Direction = ParameterDirection.Output
};
SqlParameter outputNewUserID = new SqlParameter("@NewUserID", SqlDbType.Int)
{
Direction = ParameterDirection.Output
};
commandObj.Parameters.Add(inputUsername);
commandObj.Parameters.Add(inputPassword);
commandObj.Parameters.Add(inputSalt);
commandObj.Parameters.Add(inputEmail);
commandObj.Parameters.Add(inputFirstName);
commandObj.Parameters.Add(inputLastName);
commandObj.Parameters.Add(inputBilling);
commandObj.Parameters.Add(inputCity);
commandObj.Parameters.Add(inputState);
commandObj.Parameters.Add(inputZip);
commandObj.Parameters.Add(outputNewUserID);
commandObj.Parameters.Add(outputEmailExists);
commandObj.Parameters.Add(outputUsernameExists);
if (dbConnection.DoUpdateUsingCmdObj(commandObj, out string exception) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
else
{
//Two output parameters tell us if the username or email exists
if (Int32.Parse(outputUsernameExists.Value.ToString()) == 1)
{
divUsernameExists.Visible = true;
}
if (Int32.Parse(outputEmailExists.Value.ToString()) == 1)
{
divEmailExists.Visible = true;
}
if (!(Int32.Parse(outputUsernameExists.Value.ToString()) == 1 && (Int32.Parse(outputEmailExists.Value.ToString()) == 1)))
{
//If we pass the checks, then also update the security questions
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_UpdateSecurityQuestions";
DataTable dtSecurityQuestions = new DataTable();
dtSecurityQuestions.Columns.Add("UserId", typeof(int));
dtSecurityQuestions.Columns.Add("QuestionID", typeof(int));
dtSecurityQuestions.Columns.Add("QuestionAnswer", typeof(string));
DataRow newRow = dtSecurityQuestions.NewRow();
newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString());
newRow["QuestionId"] = Int32.Parse(ddlSecurityQOne.SelectedValue);
newRow["QuestionAnswer"] = txtSecurityQOne.Text;
dtSecurityQuestions.Rows.Add(newRow);
newRow = dtSecurityQuestions.NewRow();
newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString());
newRow["QuestionId"] = Int32.Parse(ddlSecurityQTwo.SelectedValue);
newRow["QuestionAnswer"] = txtSecurityQTwo.Text;
dtSecurityQuestions.Rows.Add(newRow);
newRow = dtSecurityQuestions.NewRow();
newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString());
newRow["QuestionId"] = Int32.Parse(ddlSecurityQThree.SelectedValue);
newRow["QuestionAnswer"] = txtSecurityQThree.Text;
dtSecurityQuestions.Rows.Add(newRow);
commandObj.Parameters.AddWithValue("@SecurityQuestions", dtSecurityQuestions);
commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString());
if (dbConnection.DoUpdateUsingCmdObj(commandObj, out exception) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
else
{
// insert empty list of prefs
insertPreferences(Convert.ToInt32(outputNewUserID.Value.ToString()));
Session["RegisteringUserID"] = outputNewUserID;
//Generate a random verification code using the crypto provider
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] random = new byte[16];
rng.GetBytes(random);
string rngString = Convert.ToBase64String(random);
string trimmed = rngString.Substring(0, rngString.Length - 2);
// send email
string sendAdd = "*****@*****.**";
MailMessage msg = new MailMessage();
msg.To.Add(new MailAddress(@email));
msg.Subject = "QUERY Welcome Email";
msg.From = new MailAddress(sendAdd);
msg.IsBodyHtml = true;
msg.Body = "<div> Thank you for signing up for Query.com! <Br><BR> You have successfully " +
"created an account. To verify, please enter the verification code: <strong>" + trimmed +
"</strong><Br><BR> <div>";
SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587);
smtp.Credentials = new System.Net.NetworkCredential(sendAdd, "CIS3342TermProject");
smtp.EnableSsl = true;
smtp.Send(msg);
Session["email"] = email;
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_InsertVerification";
commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString());
commandObj.Parameters.AddWithValue("@code", trimmed);
DBConnect OBJ = new DBConnect();
if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) != -2)
{
Response.Redirect("Verification.aspx");
}
else
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
} // end inner else
} // end outter else
} // end inner if
} // end outter else
} // end outermose else
} // end button click - create account
protected void btnPurchase_Click(object sender, EventArgs e)
{
string customerName = Session["LoginID"].ToString();
int totalQuantity = 0;
double total = 0;
Trip objTrip = new Trip();
for (int i = 0; i < gvPurchase.Rows.Count; i++)
{
if (gvPurchase.Rows[i].Cells[0].Text == "Car")
{
objTrip.CarService = gvPurchase.Rows[i].Cells[1].Text;
objTrip.CarServiceDescription = gvPurchase.Rows[i].Cells[2].Text;
}
else if (gvPurchase.Rows[i].Cells[0].Text == "Air")
{
objTrip.AirService = gvPurchase.Rows[i].Cells[1].Text;
objTrip.AirServiceDescription = gvPurchase.Rows[i].Cells[2].Text;
}
else if (gvPurchase.Rows[i].Cells[0].Text == "Hotel")
{
objTrip.HotelService = gvPurchase.Rows[i].Cells[1].Text;
objTrip.HotelServiceDescription = gvPurchase.Rows[i].Cells[2].Text;
}
else if (gvPurchase.Rows[i].Cells[0].Text == "Activity")
{
objTrip.ActivityService = gvPurchase.Rows[i].Cells[1].Text;
objTrip.ActivityServiceDescription = gvPurchase.Rows[i].Cells[2].Text;
}
totalQuantity = totalQuantity + int.Parse(gvPurchase.Rows[i].Cells[4].Text);
total = total + double.Parse(gvPurchase.Rows[i].Cells[5].Text, NumberStyles.Currency);
objTrip.Quantity = totalQuantity;
objTrip.TotalSales = total;
objTrip.CustomerName = customerName;
}
BinaryFormatter serializer = new BinaryFormatter();
MemoryStream memStream = new MemoryStream();
Byte[] byteArray;
serializer.Serialize(memStream, objTrip);
byteArray = memStream.ToArray();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "addVacation";
objCommand.Parameters.AddWithValue("@CustomerName", customerName);
objCommand.Parameters.AddWithValue("@VacationPackage", byteArray);
int retVal = objDB.DoUpdateUsingCmdObj(objCommand);
if (retVal > 0)
{
lblDisplay.Text = "You have successfully purchased a vacation package";
lblDisplay.Visible = true;
btnViewPurchase.Visible = true;
btnPurchase.Visible = false;
gvPurchase.Visible = false;
//clears cart
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "clearTripItems";
objCommand.Parameters.Clear();
SqlParameter inputParameter = new SqlParameter("@CustomerName", customerName);
inputParameter.Direction = ParameterDirection.Input;
inputParameter.SqlDbType = SqlDbType.VarChar;
objCommand.Parameters.Add(inputParameter);
objDB.DoUpdateUsingCmdObj(objCommand);
}
else
{
lblDisplay.Text = "Unable to purchase vacation package";
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
objcommand.CommandType = CommandType.StoredProcedure;
objcommand.CommandText = "TP_GetUsernameAndEmail";
objcommand.Parameters.AddWithValue("@username", txtUsername.Text);
objcommand.Parameters.AddWithValue("@email", txtEmail.Text);
DataSet ds = objconn.GetDataSetUsingCmdObj(objcommand);
if (ds.Tables[0].Rows.Count == 0)
{
String plainTextPassword = txtPassword.Text;
String encryptedPassword;
UTF8Encoding encoder = new UTF8Encoding(); // used to convert bytes to characters, and back
Byte[] textBytes; // stores the plain text data as bytes
// Perform Encryption
// Convert a string to a byte array, which will be used in the encryption process.
textBytes = encoder.GetBytes(plainTextPassword);
RijndaelManaged rmEncryption = new RijndaelManaged();
MemoryStream myMemoryStream = new MemoryStream();
CryptoStream myEncryptionStream = new CryptoStream(myMemoryStream, rmEncryption.CreateEncryptor(key, vector), CryptoStreamMode.Write);
// Use the crypto stream to perform the encryption on the plain text byte array.
myEncryptionStream.Write(textBytes, 0, textBytes.Length);
myEncryptionStream.FlushFinalBlock();
// Retrieve the encrypted data from the memory stream, and write it to a separate byte array.
myMemoryStream.Position = 0;
Byte[] encryptedBytes = new Byte[myMemoryStream.Length];
myMemoryStream.Read(encryptedBytes, 0, encryptedBytes.Length);
// Close all the streams.
myEncryptionStream.Close();
myMemoryStream.Close();
// Convert the bytes to a string and display it.
encryptedPassword = Convert.ToBase64String(encryptedBytes);
Customer customer = new Customer();
if (txtName.Text != "" && txtUsername.Text != "" && txtPassword.Text != "" && txtEmail.Text != "" && txtAddress.Text != "" && txtCity.Text != "" && txtState.Text != "" && txtZipcode.Text != "" &&
txtPhone.Text != "" && txtSq1.Text != "" && txtSq2.Text != "" && txtSq3.Text != "")
{
customer.Name = txtName.Text;
customer.Username = txtUsername.Text;
customer.Password = encryptedPassword;
customer.Email = txtEmail.Text;
customer.Address = txtAddress.Text;
customer.City = txtCity.Text;
customer.State = txtState.Text;
customer.ZipCode = txtZipcode.Text;
customer.Phone = txtPhone.Text;
customer.Sq1 = txtSq1.Text;
customer.Sq2 = txtSq2.Text;
customer.Sq3 = txtSq3.Text;
lblDisplay.Text = "";
}
else
{
lblDisplay.Text = "Please do not leave any field empty";
}
if (customer != null)
{
try
{
objcommand.Parameters.Clear();
objcommand.CommandType = CommandType.StoredProcedure;
objcommand.CommandText = "TP_AddCustomer";
objcommand.Parameters.AddWithValue("@name", customer.Name);
objcommand.Parameters.AddWithValue("@username", customer.Username);
objcommand.Parameters.AddWithValue("@password", customer.Password);
objcommand.Parameters.AddWithValue("@address", customer.Address);
objcommand.Parameters.AddWithValue("@city", customer.City);
objcommand.Parameters.AddWithValue("@state", customer.State);
objcommand.Parameters.AddWithValue("@zipcode", customer.ZipCode);
objcommand.Parameters.AddWithValue("@phone", customer.Phone);
objcommand.Parameters.AddWithValue("@email", customer.Email);
objcommand.Parameters.AddWithValue("@sq1", customer.Sq1);
objcommand.Parameters.AddWithValue("@sq2", customer.Sq2);
objcommand.Parameters.AddWithValue("@sq3", customer.Sq3);
int result = objconn.DoUpdateUsingCmdObj(objcommand);
if (result == -1)
{
lblNotif.Text = "An error occurred. Please try again!";
lblNotif.Visible = false;
}
else
{
lblSuccess.Text = "Successfully created an account";
if (lblNotif.Visible == true)
{
lblNotif.Visible = false;
}
lblSuccess.Visible = true;
btnSubmit.Visible = false;
}
}
catch (Exception ex)
{
throw ex;
}
}
}
else
{
lblNotif.Text = "The username or email is already taken";
lblNotif.Visible = true;
}
}
protected void btnSubmit_Click1(object sender, EventArgs e)
{
string strEmail = txtEmail.Text;
string strConfirmEmail = txtConfirmEmail.Text;
string strPassword = txtPassword.Text;
string strConfirmPassword = txtConfirmPassword.Text;
string strQuestion = ddlSecurityQuestion.SelectedValue;
string strQuestion2 = ddlSecurityQuestion2.SelectedValue;
string strQuestion3 = ddlSecurityQuestion3.SelectedValue;
int val = 0;
if (txtUsername.Text.All(char.IsLetterOrDigit))
{
if (strPassword == strConfirmPassword && validate.IsNotNull(strPassword)) // Validate password
{
if (validate.IsValidEmail(strEmail) && strEmail == strConfirmEmail && validate.IsNotNull(strEmail)) // validate email
{
if (strQuestion != strQuestion2 && strQuestion2 != strQuestion3 && strQuestion3 != strQuestion) // validate questions
{
objDB = new DBConnect();
objCommand = new SqlCommand();
Random random = new Random();
code = random.Next(10001, 99999);
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_sp_addNewUser";
objCommand.Parameters.AddWithValue("@username", txtUsername.Text);
objCommand.Parameters.AddWithValue("@password", txtPassword.Text);
objCommand.Parameters.AddWithValue("@email", txtEmail.Text);
objCommand.Parameters.AddWithValue("@ConfirmationCode", code.ToString());
objCommand.Parameters.AddWithValue("@SecurityQuestion", ddlSecurityQuestion.SelectedValue);
objCommand.Parameters.AddWithValue("@SecurityResponse", txtSecurityResponse.Text);
objCommand.Parameters.AddWithValue("@SecurityQuestion2", ddlSecurityQuestion2.SelectedValue);
objCommand.Parameters.AddWithValue("@SecurityResponse2", txtSecurityResponse2.Text);
objCommand.Parameters.AddWithValue("@SecurityQuestion3", ddlSecurityQuestion3.SelectedValue);
objCommand.Parameters.AddWithValue("@SecurityResponse3", txtSecurityResponse3.Text);
val = objDB.DoUpdateUsingCmdObj(objCommand);
if (val < 0)
{
lblStatus.ForeColor = Color.Red;
lblStatus.Text = "[Server:Error]";
}
else
{
Session["Username"] = txtUsername.Text;
lblStatus.ForeColor = Color.Green;
lblStatus.Text = "Success: New user was created";
if (EmailVerification(txtEmail.Text))
{ // get user ID and sen it to send the verification email
Response.Redirect("/CreateProfile.aspx");
}
}
}
else
{
lblSecQuestion.ForeColor = Color.Red;
lblSecQuestion2.ForeColor = Color.Red;
lblSecQuestion3.ForeColor = Color.Red;
lblSecQuestion.Text = "Please pick three different questions and respond each one:";
}
}
else
{
lblEmail.ForeColor = Color.Red;
lblEmail.Text = "Email wont match please verify:";
}
}
else
{
lblPassword.ForeColor = Color.Red;
lblPassword.Text = "Password wont match please verify:";
}
}
else
{
lblPassword.ForeColor = Color.Red;
lblPassword.Text = "Username is only allow to have numbers and letters:";
}
}
