protected void btnRegister_Click(object sender, EventArgs e) { //if (IsPostBack) //{ // return; //} if (Directory.Exists(Server.MapPath(@"Accounts\business\" + txtBusinessID.Text))) { alertlbl.Style.Remove("display"); lblsignUpBus.Text = "Sorry, the Business ID is already in use. Please log in with your email."; return; } hashPass pass = new hashPass(); string salt = pass.generateSalt(10); string hash = pass.generateHash(txtConfirmPassword.Text, salt); String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { SqlCommand insert = new SqlCommand("INSERT into business values('" + txtBusinessID.Text + "','" + txtBusinessName.Text + "','" + txtFirstName.Text + "','" + txtLastName.Text + "','" + txtEmail.Text + "','" + txtAddress.Text + ", " + txtAddress2.Text + ", " + txtCity.Text + ", " + ddProvince.Text + ", " + txtPostalCode.Text + "','" + hash + "','" + salt + "')", con); con.Open(); insert.ExecuteNonQuery(); string subPath = @"Accounts\business\"; // your code goes here Directory.CreateDirectory(Server.MapPath(subPath + txtBusinessID.Text)); } }
protected void btnUserRegister_Click(object sender, EventArgs e) { String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { SqlCommand cmd = new SqlCommand("SELECT email from users ", con); con.Open(); //SqlDataAdapter sda = new SqlDataAdapter(cmd); SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { string database_email = reader.GetString(0); if (database_email == txtUserEmail.Text) { alertlbl.Style.Remove("display"); lblsignUp.Text = "Sorry, the email is already in use. Please try again with a different Email."; return; } } reader.Close(); hashPass pass = new hashPass(); string salt = pass.generateSalt(10); string hash = pass.generateHash(txtUserConfirmPassword.Text, salt); SqlCommand insert = new SqlCommand("INSERT into users values('" + txtUserFirstName.Text + "','" + txtUserLastName.Text + "','" + txtUserEmail.Text + "','" + hash + "','" + salt + "')", con); insert.ExecuteNonQuery(); insert.Dispose(); //SqlCommand cmd3 = new SqlCommand("SELECT TOP 1 user_id FROM users ORDER BY user_id DESC",con); // SqlDataReader reader2 = cmd3.ExecuteReader(); // string ID = ""; // reader2.Read(); // ID = reader2.GetString(0); //string subPath = @"Accounts\user\"+ID; // your code goes here //Directory.CreateDirectory(Server.MapPath(subPath)); // return; } }
protected void btnEditBusiness_Click(object sender, EventArgs e) { hashPass pass = new hashPass(); string salt = pass.generateSalt(10); string hash = pass.generateHash(txtConfirmPassword.Text, salt); String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { string update = "UPDATE [business] SET [owner_Fname] = @FirstName, [business_name] = @Bname, [owner_Lname] = @LastName, [business_email] = @Email, [business_password] = @Password, [business_address] = @Address1, [business_salt] = @salt WHERE business_id = @id"; SqlCommand insert = new SqlCommand(update, con); insert.Parameters.AddWithValue("@FirstName", txtFirstName.Text); insert.Parameters.AddWithValue("@LastName", txtLastName.Text); insert.Parameters.AddWithValue("@Email", txtEmail.Text); insert.Parameters.AddWithValue("@Address1", txtAddress.Text + ", " + txtAddress2.Text + ", " + txtCity.Text + " ," + txtPostalCode.Text + ", " + ddProvince.Text); insert.Parameters.AddWithValue("@Password", hash); insert.Parameters.AddWithValue("@salt", salt); insert.Parameters.AddWithValue("@Bname", txtBusinessName.Text); insert.Parameters.AddWithValue("@id", Convert.ToInt32(Session["USERID"].ToString())); con.Open(); insert.ExecuteNonQuery(); } }