public ActionResult LogIn(StaffLogin login)
{
if (!String.IsNullOrEmpty(login.StaffCode) || !String.IsNullOrEmpty(login.StaffPassword))
{
if (Session["iuser"] == null)
{
try
{
CustomersData data = new CustomersData();
login = data.GetStaffLogin(login);
Session["iuser"] = login.StaffID;
Session["iusername"] = login.StaffName;
Session["istaffrole"] = login.StaffRoleID;
Session["imageUrl"] = login.ImageUrl;
StaffData st = new StaffData();
List <StaffPermissionGroup> item = new List <StaffPermissionGroup>();
item = st.GetStaffMenu(login.StaffRoleID);
string menu = st.GetMenu(item);
Session["imenu"] = menu;
return(RedirectToAction("Index"));
}
catch (Exception ex)
{
TempData["error"] = ex.Message;
return(View());
}
}
else
{
return(RedirectToAction("Index"));
}
}
else
{
if (String.IsNullOrEmpty(login.StaffCode) || String.IsNullOrEmpty(login.StaffPassword))
{
TempData["error"] = "กรุณากรอกรหัสพนักงานและรหัสผ่าน";
return(View());
}
else if (String.IsNullOrEmpty(login.StaffCode))
{
TempData["error"] = "กรุณากรอกรหัสพนักงาน";
return(View());
}
else if (String.IsNullOrEmpty(login.StaffPassword))
{
TempData["error"] = "กรุณากรอกรหัสผ่าน";
return(View());
}
else
{
TempData["error"] = "ไม่มีข้อมูลพนักงาน";
return(View());
}
}
}
public ActionResult DeleteConfirmed(int id)
{
StaffLogin staffLogin = db.StaffLogins.Find(id);
db.StaffLogins.Remove(staffLogin);
db.SaveChanges();
return(RedirectToAction("Index"));
}
public ProcessPage(IClinicDB db, StaffLogin login)
{
InitializeComponent();
this.db = db;
technician = login;
uc6_showProcess = new UC6_ShowProcess(db);
procesSpec = new List <ProcesSpec>();
}
public ActionResult Login(string staffID, string staffPass)
{
string u = staffID;
string p = staffPass;
if (staffID == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
StaffLogin staffLogin = db.StaffLogins.Find(Convert.ToInt32(staffID));
Staff staff = db.Staffs.Find(Convert.ToInt32(staffID));
StudentLogin studentLogin = db.StudentLogins.Find(Convert.ToInt32(staffID));
if (studentLogin != null)
{
ViewBag.Message = "Please log in using the Student Login page.";
return(View());
}
else
{
if (staffLogin == null)
{
ViewBag.LoginSuccess = "Please Retry, please type again.";
}
else
{
if (staff.access_level == 1)
{
if (staffPass == staffLogin.staff_pwd)
{
ViewBag.LoginSuccess = "Success";
System.Web.HttpContext.Current.Session["sv_staffLogin"] = Convert.ToInt32(staffID);
return(RedirectToAction("Index", "StaffPortal", null));
}
else
{
ViewBag.LoginSuccess = "Failed";
}
}
else
{
if (staffPass == staffLogin.staff_pwd)
{
ViewBag.LoginSuccess = "Success";
System.Web.HttpContext.Current.Session["sv_staffLogin"] = Convert.ToInt32(staffID);
return(RedirectToAction("Index", "TeacherPortal", null));
}
else
{
ViewBag.LoginSuccess = "Failed";
}
}
}
}
return(View());
}
public StaffLogin GetStaffLoginOnMobile(StaffLogin login)
{
MySqlConnection ObjConn = DBHelper.ConnectDb(ref errMsg);
try
{
string strSQL = @"SELECT * FROM staff s
WHERE s.Staffcode={0}
AND s.staffpassword={1}
AND s.Deleted=0
AND s.Activated=1 ";
strSQL = string.Format(strSQL, Utility.ReplaceString(login.StaffCode.Trim()), Utility.ReplaceString(Utility.HashPassword(login.StaffPassword.Trim())));
DataTable dt = DBHelper.List(strSQL, ObjConn);
if (dt != null && dt.Rows.Count > 0)
{
string strSQL1 = @" SELECT * FROM staffrolepermission sp
WHERE sp.StaffPermissionID=22
AND staffRoleID=" + Convert.ToInt32(dt.Rows[0]["StaffRoleID"].ToString());
DataTable dt1 = DBHelper.List(strSQL1, ObjConn);
if (dt1.Rows.Count > 0)
{
login.StaffID = Convert.ToInt32(dt.Rows[0]["StaffID"].ToString());
login.StaffName = dt.Rows[0]["StaffFirstName"].ToString();
login.ImageUrl = dt.Rows[0]["StaffImagePath"].ToString();
login.StaffRoleID = Convert.ToInt32(dt.Rows[0]["StaffRoleID"].ToString());
}
}
else
{
string strSQL2 = @" SELECT s.StaffID,s.StaffCode,s.StaffFirstName,s.StaffImagePath
,s.StaffRoleID,so.Password FROM staff s
LEFT JOIN staff_otp so ON s.StaffID=so.StaffID
WHERE s.StaffRoleID=5 AND so.Deleted=0 AND s.Staffcode=" + Utility.ReplaceString(login.StaffCode.Trim()) +
" AND so.Password="******"StaffID"].ToString());
login.StaffName = dt2.Rows[0]["StaffFirstName"].ToString();
login.ImageUrl = dt2.Rows[0]["StaffImagePath"].ToString();
login.StaffRoleID = Convert.ToInt32(dt2.Rows[0]["StaffRoleID"].ToString());
}
else
{
throw new Exception("รหัสพนักงาน หรือ รหัสผ่าน ไม่ถูกต้อง,กรุณาติดต่อผู้ดูแลระบบ");
}
}
return(login);
}
catch (Exception ex)
{
throw;
}
}
public ActionResult Edit([Bind(Include = "staff_id,staff_pwd")] StaffLogin staffLogin)
{
if (ModelState.IsValid)
{
db.Entry(staffLogin).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Index"));
}
ViewBag.staff_id = new SelectList(db.Staffs, "staff_id", "first_name", staffLogin.staff_id);
return(View(staffLogin));
}
public ActionResult Create([Bind(Include = "staff_id,staff_pwd")] StaffLogin staffLogin)
{
if (ModelState.IsValid)
{
db.StaffLogins.Add(staffLogin);
db.SaveChanges();
return(RedirectToAction("Index"));
}
ViewBag.staff_id = new SelectList(db.Staffs, "staff_id", "first_name", staffLogin.staff_id);
return(View(staffLogin));
}
/// <summary>
/// Returns DTO_StaffLogin
/// </summary>
/// <param name="StaffID"> Entered in LoginWindow</param>
/// <param name="pw">Entered in LoginWindow</param>
/// <returns></returns>
public StaffLogin LoginStaff(string StaffID, string pw)
{
//DTO Init
staffLogin = new StaffLogin();
staffLogin.StaffID = Convert.ToInt32(StaffID);
staffLogin.Password = pw;
staffLogin.StaffStatus = Status.Null;
//DB connect and query
string connectionString = (@"Data Source=st-i4dab.uni.au.dk;Initial Catalog=" + DBlogin + ";Integrated Security=False;User ID=" + DBlogin + ";Password="******";Connect Timeout=15;Encrypt=False;TrustServerCertificate=False");
connection = new SqlConnection(connectionString);
command = new SqlCommand();
string queryString = "Select * from StaffLogin where StaffID = '" + StaffID + "'";
//DB Open and request
try
{
connection.Open();
using (command = new SqlCommand(queryString, connection))
{
reader = command.ExecuteReader();
while (reader.Read())
{
if (reader["StaffID"].ToString() == StaffID && reader["Password"].ToString() == pw)
{
staffLogin.Name = reader["Name"].ToString();
if (reader["StaffStatus"].ToString() == "1")
{
staffLogin.StaffStatus = Status.Clinician;
}
else if (reader["StaffStatus"].ToString() == "2")
{
staffLogin.StaffStatus = Status.Technician;
}
}
}
}
}
catch
{
Console.Write("Database not connected or data not found");
}
finally
{
connection.Close();
}
return(staffLogin);
}
// GET: StaffLogins/Details/5
public ActionResult Details(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
StaffLogin staffLogin = db.StaffLogins.Find(id);
if (staffLogin == null)
{
return(HttpNotFound());
}
return(View(staffLogin));
}
// GET: StaffLogins/Edit/5
public ActionResult Edit(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
StaffLogin staffLogin = db.StaffLogins.Find(id);
if (staffLogin == null)
{
return(HttpNotFound());
}
ViewBag.staff_id = new SelectList(db.Staffs, "staff_id", "first_name", staffLogin.staff_id);
return(View(staffLogin));
}
public StaffLogin GetStaffLogin(StaffLogin login)
{
MySqlConnection ObjConn = DBHelper.ConnectDb(ref errMsg);
try
{
string strSQL = "select * FROM staff Where Staffcode={0} and staffpassword={1} and Deleted=0 and Activated=1 ";
strSQL = string.Format(strSQL, Utility.ReplaceString(login.StaffCode), Utility.ReplaceString(Utility.HashPassword(login.StaffPassword)));
DataTable dt = DBHelper.List(strSQL, ObjConn);
if (dt != null && dt.Rows.Count > 0)
{
login.StaffID = Convert.ToInt32(dt.Rows[0]["StaffID"].ToString());
login.StaffName = dt.Rows[0]["StaffFirstName"].ToString();
login.ImageUrl = dt.Rows[0]["StaffImagePath"].ToString();
login.StaffRoleID = Convert.ToInt32(dt.Rows[0]["StaffRoleID"].ToString());
}
else
{
string strSQL2 = @" SELECT s.StaffID,s.StaffCode,s.StaffFirstName,s.StaffImagePath
,s.StaffRoleID,so.Password FROM staff s
LEFT JOIN staff_otp so ON s.StaffID=so.StaffID
WHERE s.StaffRoleID=5 AND so.Deleted=0 AND s.Staffcode=" + Utility.ReplaceString(login.StaffCode.Trim()) +
" AND so.Password="******"StaffID"].ToString());
login.StaffName = dt2.Rows[0]["StaffFirstName"].ToString();
login.ImageUrl = dt2.Rows[0]["StaffImagePath"].ToString();
login.StaffRoleID = Convert.ToInt32(dt2.Rows[0]["StaffRoleID"].ToString());
}
else
{
throw new Exception("รหัสพนักงาน หรือ รหัสผ่าน ไม่สิทธิ์เข้าใช้งานแอพพลิเคชั่นนี้ ,กรุณาตรวจสอบ");
}
}
return(login);
}
catch (Exception ex)
{
throw;
}
}
public bool CreateTechnicalSpec(Patient patient, StaffLogin ScanTechID, Ear earSide)
{
TecnicalSpec techSpec = new TecnicalSpec();
techSpec.CPR = patient.CPR;
techSpec.Patient = patient;
techSpec.StaffID = ScanTechID.StaffID;
techSpec.StaffLogin = ScanTechID;
techSpec.Printed = false;
techSpec.EarSide = earSide;
techSpec.CreateDate = DateTime.Now;
//null values
techSpec.EarPrints = new List <RawEarPrint>();
techSpec.RawEarScan = new RawEarScan();
techSpec.ScanID = 0;
return(clinicDB.SaveTechnicalSpec(techSpec));
}
