Esempio n. 1
0
        public bool doLogin(string user, string pass, bool remember)
        {
            authen x   = new authen();
            bool   ret = false;

            setCookie("lastUser", (remember)?user:"");

            SqlConnection myConnection = new SqlConnection(connString);

            try {
                myConnection.Open();
                try {
                    SqlDataReader myReader = null;
                    string        strSql   = "SELECT userID FROM [dbo].[user] WHERE email = '" + user + "' AND password = '******'";

                    SqlCommand myCommand = new SqlCommand(strSql, myConnection);
                    myReader = myCommand.ExecuteReader();
                    while (myReader.Read())
                    {
                        HttpContext.Current.Session["uid"] = myReader[0].ToString();
                        userID = myReader[0].ToString();
                        ret    = true;
                    }
                    myReader.Close();
                    myConnection.Close();
                } catch (Exception ex1) {
                    err = "Ex1:" + ex1.Message;
                }
            }catch (Exception ex2) {
                err = "Ex2:" + ex2.Message;
            }

            /*if (!ret) HttpContext.Current.Session["uid"]="";*/
            return(ret);
        }
Esempio n. 2
0
        public static int changePass(string oldPass, string newPass)
        {
            int ret = -1;

            authen x = new authen();

            if (x.validUser())
            {
                string uid = (string)HttpContext.Current.Session["uid"];

                SqlConnection myConnection = new SqlConnection(connString);
                try {
                    myConnection.Open();
                    try {
                        string strSql = "UPDATE [dbo].[user]" +
                                        "SET password = '******'" +
                                        "WHERE userID = " + uid + " AND password='******'";
                        SqlCommand myCommand = new SqlCommand(strSql, myConnection);
                        ret = myCommand.ExecuteNonQuery();
                        myConnection.Close();
                    } catch (Exception ex1) {
                    }
                } catch (Exception ex2) {
                }
            }

            return(ret);            /*-1: failed, 0: old pass mismatch, >1: success*/
        }
Esempio n. 3
0
        public static void redirIfNotAdmin()
        {
            authen x = new authen();

            if (!x.isAnAdmin)
            {
                HttpContext.Current.Response.Redirect("./default.aspx");
            }
        }
Esempio n. 4
0
        public static void logoutIfNotValid()
        {
            authen x = new authen();

            if (!x.validUser())
            {
                HttpContext.Current.Response.Redirect("./login.aspx");
            }
        }
Esempio n. 5
0
        public static string isAdmin()
        {
            //do some admin stuff
            authen x   = new authen();
            string ret = "<style type='text/css'>.admin{display:none;}</style>";

            if (x.isAnAdmin)               //is admin
            {
                ret = "<style type='text/css'>.useronly{display:none;}</style>";
            }
            return(ret);
        }
Esempio n. 6
0
        public static string autocomplete()
        {
            //do some admin stuff
            string ret = "";
            authen x   = new authen();

            SqlConnection myConnection = new SqlConnection(x.getConnectionString());

            try {
                myConnection.Open();
                try {
                    SqlDataReader myReader = null;
                    string        strSql   = "SELECT DISTINCT businessName AS aText, businessID AS aID, 1 AS aType FROM [business] " +
                                             "UNION " +
                                             "SELECT DISTINCT businessTypeName, bt.businessTypeID, 2 " +
                                             "FROM [business] as b, [businessType] as bt,[business_businessType] as bbt " +
                                             "WHERE bt.businessTypeID = bbt.businessTypeID " +
                                             "AND b.businessID = bbt.businessID " +
                                             "UNION " +
                                             "SELECT DISTINCT tubeName, t.tubeID, 3 " +
                                             "FROM [tube] as t " +
                                             "WHERE convert(varbinary(50), UPPER(tubeName)) != convert(varbinary(50), tubeName) " +
                                             "UNION " +
                                             "SELECT DISTINCT countyName, c.countyID, 4 " +
                                             "FROM [county] as c " +
                                             "WHERE convert(varbinary(50), UPPER(countyName)) != convert(varbinary(50), countyName) " +
                                             "ORDER BY aText";



                    SqlCommand myCommand = new SqlCommand(strSql, myConnection);
                    myReader = myCommand.ExecuteReader();
                    while (myReader.Read())
                    {
                        ret += (ret.Length > 0) ? "|" : "";
                        ret += myReader["aText"].ToString() + ";" + myReader["aID"].ToString() + ";" + myReader["aType"].ToString();
                    }
                    myReader.Close();
                    myConnection.Close();
                } catch (Exception ex1) {}
            } catch (Exception ex2) {}
            return(ret);
        }
Esempio n. 7
0
        // end of 3rd copy
        public static bool getuserpass(int userid, out string email, out string pass)
        {
            bool ret = false;

            email = "";
            pass  = "";

            authen x = new authen();

            if (x.validUser())
            {
                SqlConnection myConnection = new SqlConnection(x.getConnectionString());
                try {
                    myConnection.Open();
                    try {
                        string        strSql    = @"SELECT [email], [password] FROM [user]
											WHERE userID = '"                                             + userid + "'";
                        SqlCommand    myCommand = new SqlCommand(strSql, myConnection);
                        SqlDataReader myReader  = null;
                        myReader = myCommand.ExecuteReader();
                        if (myReader.Read())
                        {
                            email = myReader["email"].ToString();
                            pass  = myReader["password"].ToString();
                            ret   = true;
                        }
                        myReader.Close();
                        myConnection.Close();
                    } catch (Exception ex1) {
                    }
                } catch (Exception ex2) {
                }
            }

            return(ret);
        }
Esempio n. 8
0
        public static string getConn()
        {
            authen x = new authen();

            return(x.getConnectionString());
        }
Esempio n. 9
0
        public static bool isUserAdmin()
        {
            authen x = new authen();

            return(x.isAnAdmin);
        }