protected void UserGridViewBind()
{
try
{
using (Storage db = new Storage())
{
var users = db.Users.Select(u => new
{
Login = u.Login,
Name = u.Name,
Surname = u.Surname,
Password = u.Password,
Role = u.UserRole.Name,
Status = u.Status
}).ToList();
UserGridView.DataSource = users;
UserGridView.DataBind();
}
}
catch (Exception ex)
{
Loger.Log(Response, ex);
}
}
protected void UserGridView_SelectedIndexChanged(object sender, GridViewCommandEventArgs e)
{
try
{
int rowIndex = Convert.ToInt32(e.CommandArgument);
string Login = UserGridView.Rows[rowIndex].Cells[0].Text;
using (Storage db = new Storage())
{
DAL.User cu = db.Users.Include("UserRole").Where(u => u.Login == Login).FirstOrDefault();
if (cu != null)
{
cu.Status = (cu.Status) ? false : true;
db.SaveChanges();
}
UserGridView.DataBind();
}
}
catch (Exception ex)
{
Loger.Log(Response, ex);
}
}
void deleteUser()
{
if (checkUserExist())
{
try
{
SqlConnection conn = new SqlConnection(strConn);
if (conn.State == ConnectionState.Closed)
{
conn.Open();
}
//DELETE 語法
SqlCommand sqlCmd = new SqlCommand("DELETE FROM user_master_table WHERE user_id = @user_id", conn);
//接收TextBox值寫入@user_id參數
sqlCmd.Parameters.AddWithValue("@user_id", UserIDTextBox.Text.Trim()); //Trim 移除前後空白
sqlCmd.ExecuteNonQuery();
conn.Close();
Response.Write("<script>alert('User delete successful!');</script>");
clearForm();
UserGridView.DataBind();
}
catch (Exception ex)
{
Response.Write("<script>alert('" + ex.Message + "');</script>");
}
}
else
{
Response.Write("<script>alert('Invalid User ID');</script>");
}
}
public void PopulateGridview()
{
DataTable dtbl = new DataTable();
using (SqlConnection sqlCon = new SqlConnection(connectionString))
{
string UserQuery = @"SELECT [Patient_ID],[Patient_Name],[Patient_Mobile],[Patient_Address] FROM [dbo].[Patient]";
sqlCon.Open();
SqlDataAdapter sqlDa = new SqlDataAdapter(UserQuery, sqlCon);
sqlDa.Fill(dtbl);
}
if (dtbl.Rows.Count > 0)
{
UserGridView.DataSource = dtbl;
UserGridView.DataBind();
}
else
{
dtbl.Rows.Add(dtbl.NewRow());
UserGridView.DataSource = dtbl;
UserGridView.DataBind();
UserGridView.Rows[0].Cells.Clear();
UserGridView.Rows[0].Cells.Add(new TableCell());
UserGridView.Rows[0].Cells[0].ColumnSpan = dtbl.Columns.Count;
UserGridView.Rows[0].Cells[0].Text = "No Data Found ..!";
UserGridView.Rows[0].Cells[0].HorizontalAlign = HorizontalAlign.Center;
}
}
protected void loadUser()
{
var conn = new MySqlConnection(strcon);
conn.Open();
string getdata = "SELECT * FROM Users WHERE UserId = '" + UserIdHF.Value + "'";
var cmd = new MySqlCommand(getdata, conn);
MySqlDataAdapter da = new MySqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
int count = ds.Tables[0].Rows.Count;
if (ds.Tables[0].Rows.Count > 0)
{
UserGridView.DataSource = ds;
UserGridView.DataBind();
}
else
{
ds.Tables[0].Rows.Add(ds.Tables[0].NewRow());
UserGridView.DataSource = ds;
UserGridView.DataBind();
int columncount = UserGridView.Rows[0].Cells.Count;
lblmsg.Text = " No data found !!!";
}
conn.Close();
}
public void loadGrid()
{
string UserQuery = @"SELECT [Patient_ID],[Patient_Name],[Patient_Mobile],[Patient_Address] FROM [dbo].[Patient]";
UserGridView.DataSource = db.getData(UserQuery);
UserGridView.DataBind();
}
protected void Button1_Click(object sender, EventArgs e)
{
StringBuilder sb = new StringBuilder();
foreach (GridViewRow row in UserGridView.Rows)
{
if (row.RowType == DataControlRowType.DataRow)
{
var chkBox = row.Cells[0].FindControl("ChkUser") as CheckBox;
if (chkBox.Checked)
{
string ID = UserGridView.DataKeys[row.RowIndex].Value + "";
var ddl = row.Cells[row.Cells.Count - 1].FindControl("ddlRole") as DropDownList;
var val = ddl.SelectedValue;
sb.AppendLine(string.Format("update XK_User set RoleID=" + val + " where ID=" + ID));
}
}
}
if (sb.Length > 0)
{
var userBLL = new UserBLL();
var result = userBLL.UpdateByCommandString(sb.ToString(), "");
if (result > 0)
{
lbTip.Text = "修改成功!!!";
var userList = userBLL.GetAll(new User(), "");
UserGridView.DataSource = userList;
UserGridView.DataBind();
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack && !IsCallback)
{
UserGridView.DataBind();
}
}
protected void Button2_Click(object sender, EventArgs e)
{
string whereString = "";
foreach (GridViewRow row in UserGridView.Rows)
{
if (row.RowType == DataControlRowType.DataRow)
{
var chkBox = row.Cells[0].FindControl("ChkUser") as CheckBox;
if (chkBox.Checked)
{
string ID = UserGridView.DataKeys[row.RowIndex].Value + "";
whereString += ID + ",";
}
}
}
if (whereString.Length > 0)
{
whereString = " where ID in(" + whereString.TrimEnd(',') + ")";
var userBLL = new UserBLL();
var result = userBLL.UpdateByCommandString("delete from XK_User " + whereString, "");
if (result > 0)
{
lbTip.Text = "删除成功!!!";
var userList = userBLL.GetAll(new User(), "");
UserGridView.DataSource = userList;
UserGridView.DataBind();
}
}
}
private void BindUserGrid()
{
DataTable dt = GetUserRecords();
if (dt.Rows.Count > 0)
{
UserGridView.DataSource = dt;
UserGridView.DataBind();
}
}
protected void Page_Load(object sender, EventArgs e)
{
ViewState["RoleList"] = BindRole();
if (!IsPostBack)
{
var userBLL = new UserBLL();
var userList = userBLL.GetAll(new User(), "");
UserGridView.DataSource = userList;
UserGridView.DataBind();
}
}
void BindData()
{
string sql = "SELECT * FROM tbl_emp_user JOIN tbl_privilege ON emp_user_privilege=privilege_id";
MySqlDataAdapter da = dBScript.getDataSelect(sql);
DataSet ds = new DataSet();
da.Fill(ds);
UserGridView.DataSource = ds.Tables[0];
UserGridView.DataBind();
lbUserNull.Text = "พบข้อมูลจำนวน " + ds.Tables[0].Rows.Count + " แถว";
}
public void PopulateUserDetails()
{
con.Open();
cmd = new SqlCommand("select username,Roles.role from users join roles on users.role=roles.roleid where roles.roleid <> 0", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
con.Close();
UserGridView.DataSource = ds;
UserGridView.DataBind();
}
// Populate the page with entity data
private void PopulatePage()
{
List <UserDto> users = UserService.GetUsers();
if (users.Count > 0)
{
UserGridView.DataSource = UserService.GetUsers();
UserGridView.DataBind();
}
else
{
hiddenDiv.Visible = true;
}
}
protected void UserGridView_RowDeleting(object sender, DevExpress.Web.Data.ASPxDataDeletingEventArgs e)
{
try
{
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamLoginID", e.Keys[0]);
DBAgent.AddParameter("@ParamUpdatedBy", Session["LoginID"]);
DBAgent.ExecuteNonQuery("dbo.spDeleteUser");
e.Cancel = true;
UserGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("UserGridView_RowDeleting: UserManagement.aspx", ex.Message);
}
}
protected void UserGridView_CustomButtonCallback(object sender, DevExpress.Web.ASPxGridViewCustomButtonCallbackEventArgs e)
{
try
{
securityAgent = new CryptoProvider();
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamLoginID", UserGridView.GetRowValues(e.VisibleIndex, "LoginID"));
DBAgent.AddParameter("@ParamNewPassword", securityAgent.GetTemporaryPassword());
DBAgent.AddParameter("@ParamIsTempPassword", 1);
DBAgent.AddParameter("@ParamComment", "Password reset by Admin");
DBAgent.ExecuteNonQuery("dbo.spUpdatePassword");
UserGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("UserGridView_CustomButtonCallback: UserManagement.aspx", ex.Message);
}
}
protected void editUserButton_Click(object sender, EventArgs e)
{
string edit = "Update [dbo].[User] set FirstName = @FirstName, LastName = @LastName, PersonEmail = @Email, PersonPhone=@Phone, JobLevel = @JobLevel, Permission = @Permission, LastUpdatedBy = @LastUpdatedBy, LastUpdated = @LastUpdated where UserID = @user";
sc.Open();
SqlCommand edituser = new SqlCommand(edit, sc);
edituser.Parameters.AddWithValue("@FirstName", HttpUtility.HtmlEncode(txtFirstName.Text));
edituser.Parameters.AddWithValue("@LastName", HttpUtility.HtmlEncode(txtLastName.Text));
edituser.Parameters.AddWithValue("@Email", HttpUtility.HtmlEncode(txtEmail.Text));
edituser.Parameters.AddWithValue("@Phone", HttpUtility.HtmlEncode(txtPhone.Text));
edituser.Parameters.AddWithValue("@JobLevel", txtJobLevel.SelectedItem.Text);
edituser.Parameters.AddWithValue("@Permission", txtPermission.SelectedItem.Text);
edituser.Parameters.AddWithValue("@LastUpdatedBy", Session["User"]);
edituser.Parameters.AddWithValue("@LastUpdated", DateTime.Now);
edituser.Parameters.AddWithValue("@user", UserGridView.SelectedRow.Cells[8].Text);
edituser.ExecuteNonQuery();
UserGridView.DataBind();
sc.Close();
}
protected void UserGridView_RowInserting(object sender, DevExpress.Web.Data.ASPxDataInsertingEventArgs e)
{
try
{
securityAgent = new CryptoProvider();
DBAgent = new DataAccessProvider(DataAccessProvider.ParamType.ServerCredentials, ConfigurationManager.AppSettings["DBServerName"], ConfigurationManager.AppSettings["DBUserName"], ConfigurationManager.AppSettings["DBPassword"]);
DBAgent.AddParameter("@ParamUserName", e.NewValues["UserName"]);
DBAgent.AddParameter("@ParamFirstName", e.NewValues["FirstName"]);
DBAgent.AddParameter("@ParamLastName", e.NewValues["LastName"]);
DBAgent.AddParameter("@ParamPassword", securityAgent.GetTemporaryPassword());
DBAgent.AddParameter("@ParamModifiedBy", Session["LoginID"]);
DBAgent.ExecuteNonQuery("dbo.spAddUser");
e.Cancel = true;
UserGridView.CancelEdit();
UserGridView.DataBind();
}
catch (Exception ex)
{
CommonHelpers.writeLogToFile("UserGridView_RowInserting: UserManagement.aspx", ex.Message);
}
}
protected void CreateUserBtn_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
try
{
using (Storage db = new Storage())
{
if (!db.Users.Where(u => u.Login == LoginTb.Text).Any())
{
DAL.User new_user = new User();
new_user.Login = LoginTb.Text;
new_user.Name = (string.IsNullOrEmpty(NameTb.Text) || string.IsNullOrWhiteSpace(NameTb.Text)) ? null : NameTb.Text;
new_user.Surname = (string.IsNullOrEmpty(SurnameTb.Text) || string.IsNullOrWhiteSpace(SurnameTb.Text)) ? null : SurnameTb.Text;
new_user.Password = CryptoProvider.GetMD5Hash(PasswordTb.Text);
new_user.Status = StatusList.SelectedValue == "0" ? false : true;
new_user.UserRole = db.Roles.Where(r => r.Name == RoleList.SelectedValue).First();
db.Users.Add(new_user);
db.SaveChanges();
ResetUserCreateForm();
UserGridView.DataBind();
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Пользователь был успешно добавлен')", true);
}
else
{
ScriptManager.RegisterClientScriptBlock(this, this.GetType(), "alertMessage", "alert('Пользователь с таким логином уже существует')", true);
}
}
}
catch (Exception ex)
{
Loger.Log(Response, ex);
}
}
}
protected void page_load(object sender, EventArgs e)
{
if (Session["Logged"].Equals("Yes") && Session["IS_ADMIN"].Equals("true"))
{
if (!this.IsPostBack)
{
try
{
using (MySqlConnection con = new MySqlConnection(cString))
{
using (MySqlCommand cmd = new MySqlCommand("SELECT * FROM USERS"))
{
using (MySqlDataAdapter da = new MySqlDataAdapter())
{
cmd.Connection = con;
da.SelectCommand = cmd;
using (DataTable dt = new DataTable())
{
da.Fill(dt);
UserGridView.DataSource = dt;
UserGridView.DataBind();
}
}
}
}
}
catch (MySqlException ex)
{
msgTxt.ForeColor = System.Drawing.Color.Red;
msgTxt.Text = "Inventory could not be displayed; refer to below error message:" + "<br />" + ex.ToString();
}
}
}
else
{
Response.Redirect("~/sign_in.aspx");
}
}
void updateUserStatusByID(string userStatus)
{
try
{
SqlConnection conn = new SqlConnection(strConn);
if (conn.State == ConnectionState.Closed)
{
conn.Open();
}
//Update account status to active
SqlCommand sqlCmd = new SqlCommand("UPDATE user_master_table SET account_status = '" + userStatus + "'" + "WHERE user_id = '" + UserIDTextBox.Text.Trim() + "'", conn);
sqlCmd.ExecuteNonQuery();
conn.Close();
Response.Write("<script>alert('Change user status successful!');</script>");
UserStatusTextBox.Text = userStatus;
UserGridView.DataBind(); //Grid auto refresh after insert data
}
catch (Exception ex)
{
Response.Write("<script>alert('" + ex.Message + "');</script>");
}
}
public void loadGrid()
{
string UserQuery = @"SELECT [Patient_ID],[Patient_Name],[Patient_Mobile],[Patient_Address] FROM [dbo].[Patient]";
string DoctorQuery = @"SELECT [Doctor_ID],[Doctor_Name],[Doctor_Specialist],[Patient_ID] FROM [dbo].[Doctor]";
string MediceneQuery = @"SELECT [medicine_ID],[medicine_Name],[medicine_Price], [Patient_ID] FROM [dbo].[Medicine]";
string PrescriptionQuery = @"SELECT [Pers_ID] ,[Doctor_Name] ,[Date] ,[Patient_Name] ,[Age],[Blood_Pressure],[Pulse_Rate] ,[Patient_Problem]
,[Medicines]
,[Doctor_Advice]
,[Next_Date]
FROM [dbo].[Prescription]";
PrescriptionGridView1.DataSource = db.getData(PrescriptionQuery);
PrescriptionGridView1.DataBind();
UserGridView.DataSource = db.getData(UserQuery);
UserGridView.DataBind();
DoctorGridView.DataSource = db.getData(DoctorQuery);
DoctorGridView.DataBind();
MediceneGridView.DataSource = db.getData(MediceneQuery);
MediceneGridView.DataBind();
}
void BindData()
{
txtUser.Text = "";
txtName.Text = "";
txtCodeCpoint.Text = "";
string sql = "";
//string search = "";
if (Session["UserPrivilegeId"].ToString() != "0")
{
sql = "SELECT * FROM tbl_user where level <> 0 and delete_status = '0' and username <> '" + Session["User"].ToString() + "' AND (username LIKE '%" + TextBox1.Text + "%' OR NAME LIKE '%" + TextBox1.Text + "%' OR LEVEL LIKE '%" + TextBox1.Text + "%' OR user_cpoint LIKE '%" + TextBox1.Text + "%')";
}
else
{
sql = "SELECT * FROM tbl_user where delete_status = '0' AND username <> '" + Session["User"].ToString() + "' AND (username LIKE '%" + TextBox1.Text + "%' OR NAME LIKE '%" + TextBox1.Text + "%' OR LEVEL LIKE '%" + TextBox1.Text + "%' OR user_cpoint LIKE '%" + TextBox1.Text + "%')";
}
MySqlDataAdapter da = function.MySqlSelectDataSet(sql);
System.Data.DataSet ds = new System.Data.DataSet();
da.Fill(ds);
UserGridView.DataSource = ds.Tables[0];
UserGridView.DataBind();
lbUserNull.Text = "พบข้อมูลจำนวน " + ds.Tables[0].Rows.Count + " แถว";
}
protected void UserFormView_ItemUpdated(object sender, FormViewUpdatedEventArgs e)
{
UserGridView.DataBind();
UserGridView.PagerSettings.Visible = true;
}
protected void UserGridView_SelectedIndexChanged(object sender, EventArgs e)
{
if (UserGridView.SelectedDataKey == null)
{
return;
}
string userName = (string)UserGridView.SelectedDataKey.Value;
if (string.IsNullOrEmpty(userName))
{
return;
}
if (OperationHiddenField.Value == "EDIT")
{
Session["USERID"] = userName;
Response.Redirect("~/Security/EditUser.aspx");
}
else if (OperationHiddenField.Value == "DELETE")
{
try
{
//Verificar que no sea el admin
if (!SecurityBLL.CanDeleteUser(userName))
{
SystemMessages.DisplaySystemMessage(Resources.UserData.MessageWarningDeleteAdmin);
return;
}
User theUser = UserBLL.GetUserByUsername(userName);
UserBLL.DeleteUserRecord(theUser.UserId);
Membership.DeleteUser(userName);
SystemMessages.DisplaySystemMessage(Resources.UserData.MessageDeletedUser);
}
catch (Exception exc)
{
SystemMessages.DisplaySystemErrorMessage(exc.Message);
return;
}
UserGridView.DataBind();
}
else if (OperationHiddenField.Value == "BLOCK")
{
try
{
MembershipUser theUser = Membership.GetUser(userName);
if (theUser == null)
{
SystemMessages.DisplaySystemErrorMessage(string.Format(Resources.UserData.MessageErrorGetMembership, userName));
return;
}
if (!theUser.IsLockedOut)
{
SystemMessages.DisplaySystemWarningMessage(string.Format(Resources.UserData.MessageWarningUserUnlocked, userName));
return;
}
theUser.UnlockUser();
Membership.UpdateUser(theUser);
SystemMessages.DisplaySystemMessage(string.Format(Resources.UserData.MessageUnlockedUser, userName));
UserGridView.DataBind();
}
catch (Exception exc)
{
log.Error("Error en UnlockUser para userName: "******"RESET")
{
try
{
MembershipUser theUser = Membership.GetUser(userName);
if (theUser == null)
{
SystemMessages.DisplaySystemMessage(string.Format(Resources.UserData.MessageErrorGetMembership, userName));
return;
}
string password = theUser.ResetPassword();
if (!string.IsNullOrEmpty(password))
{
string toMail = theUser.Email;
List <EmailFileParameter> theParams = new List <EmailFileParameter>();
theParams.Add(new EmailFileParameter("UserName", userName));
theParams.Add(new EmailFileParameter("Password", password));
EmailUtilities.SendEmailFile(Resources.Files.ResetPassword, Resources.UserData.SubjectResetPassword, userName, toMail, theParams);
SystemMessages.DisplaySystemMessage(string.Format(Resources.UserData.MessagePasswordReset, userName));
}
else
{
SystemMessages.DisplaySystemErrorMessage(string.Format(Resources.UserData.MessageWarningResetPassword, userName));
}
}
catch (Exception exc)
{
log.Error("Error en ResetPassword para userName: " + userName, exc);
SystemMessages.DisplaySystemErrorMessage(string.Format(Resources.UserData.MessageErrorResetPassword, userName));
}
}
}
protected void SearchButton_Click(object sender, EventArgs e)
{
UserNameHiddenField.Value = UserNameTextBox.Text.Trim();
UserGridView.DataBind();
}
protected void Page_Load(object sender, EventArgs e)
{
UserGridView.DataBind();
}
public void LoadUsers()
{
UserGridView.DataSource = _UserRepository.GetAllUsers();
UserGridView.DataBind();
}
private void RefreshGridView()
{
UserGridView.DataSourceID = "UserDataSource";
UserGridView.DataBind();
}
private void BindData()
{
UserGridView.DataBind();
}