protected void ChangeButton_Click(object sender, EventArgs e)
{
try
{
string checkPassword = DataProvider.ChangePassword.getPassword(Session["User"].ToString()); //get the former password and check
DataTable dt = HospitalClass.getDataTable(checkPassword);
if (dt.Rows[0][0].ToString() == HospitalClass.Encrypt(OldPasswordBox.Text) && OldPasswordBox.Text != NewPasswordBox.Text)
{
string updaterId = "",
updateCode = "PWD_CHG";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = (string)Session["User"];
}
List <string> values = new List <string>();
values.Add(HospitalClass.Encrypt(NewPasswordBox.Text));
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add((string)Session["User"]);
int status = DataConsumer.executeProcedure("pwd_change", values);
UserStatusLabel.CssClass = "success paraNormal";
UserStatusLabel.Text = "Password was successfully changed";
}
else
{
UserStatusLabel.CssClass = "error normal";
if (OldPasswordBox.Text == NewPasswordBox.Text)
{
UserStatusLabel.Text = "Same password entered";
}
else
{
UserStatusLabel.Text = "Wrong password entered.<br/>Meet the system administrator for assistance";
}
}
}
catch (Exception ex)
{
UserStatusLabel.CssClass = "error paraNormal";
UserStatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void ValidateButton_Click(object sender, EventArgs e)
{
try
{
//check if the user id is within the necessary bounds
string lastIdQuery = DataProvider.RegAdminSup.LastIdQuery(UserIdBox.Text.Trim().Substring(0, 3));
DataTable lastDt = HospitalClass.getDataTable(lastIdQuery);
string lastPossibleId = getNewSuperuserAdminId(lastDt);
if (GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 && TypeList.SelectedIndex != 0 &&
GroupList.SelectedIndex != 0 && PriList.SelectedIndex != 0 && SecList.SelectedIndex != 0 && UniList.SelectedIndex != 0 &&
int.Parse(lastPossibleId.Substring(3, 3)) >= int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
{
string userId = UserIdBox.Text;
string updaterId = (string)Session["SuperUser"];
string updateCode = "";
string operation = "";
bool execute = true;
if (int.Parse(lastPossibleId.Substring(3, 3)) == int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
{
operation = "insert";
if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP"))
{
updateCode = "SUP_REG";
}
else
{
updateCode = "ADM_REG";
}
string existQuery = DataProvider.RegAdminSup.ExistQuery(EmailBox.Text.ToUpper().Trim());
DataTable emailDt = HospitalClass.getDataTable(existQuery);
if (emailDt.Rows.Count > 0)
{
execute = false;
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "This email address is already registered";
}
}
else
{
operation = "update";
if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP"))
{
updateCode = "SUP_UPD";
}
else
{
updateCode = "ADM_UPD";
}
if (UserIdBox.Text.StartsWith("SUP") && UserIdBox.Text != Session["SuperUser"].ToString())
{
execute = false;
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "You cannot update this user's information";
}
}
if (execute)
{
List <string> values = new List <string>();
values.Add(GroupList.SelectedItem.Text); //1
values.Add(TypeList.SelectedItem.Text);
values.Add(CountryOriBox.Text);
values.Add(CountryResBox.Text);
values.Add(DobBox.Text);
values.Add(EmailBox.Text.Trim()); //6
values.Add(FirstNameBox.Text.Trim());
values.Add(GenderList.SelectedItem.Text);
values.Add(HomeAdrBox.Text);
values.Add(IdNoBox.Text);
values.Add(IdTypeList.SelectedItem.Text); //11
values.Add(LastNameBox.Text);
values.Add(LocalOriBox.Text);
values.Add(LocalResBox.Text);
values.Add(MaritalList.SelectedItem.Text);
values.Add(NextAdrBox.Text); //16
values.Add(NextEmailBox.Text);
values.Add(NextNameBox.Text);
values.Add(NextRelBox.Text);
values.Add(NextPhoneBox.Text);
values.Add(OtherNameBox.Text); //21
values.Add(PhoneBox.Text);
values.Add(SchoolIdBox.Text);
values.Add(StateOriBox.Text);
values.Add(StateResBox.Text);
values.Add(OtherInfoBox.Text); //26
values.Add(PriBox.Text);
values.Add(PriList.SelectedItem.Text);
values.Add(SecBox.Text);
values.Add(SecList.SelectedItem.Text);
values.Add(UniBox.Text); //31
values.Add(UniList.SelectedItem.Text);
values.Add(OtherBox1.Text);
values.Add(OtherCert1.Text);
values.Add(OtherBox2.Text);
values.Add(OtherCert2.Text); //36
values.Add(RefNameBox1.Text);
values.Add(RefRelBox1.Text);
values.Add(RefPhoneBox1.Text);
values.Add(RefEmailBox1.Text);
values.Add(RefAdrBox1.Text); //41
values.Add(RefNameBox2.Text);
values.Add(RefRelBox2.Text);
values.Add(RefPhoneBox2.Text);
values.Add(RefEmailBox2.Text);
values.Add(RefAdrBox2.Text); //46
values.Add(updateCode);
values.Add(updaterId);
values.Add(userId.ToUpper().Trim());
values.Add(HospitalClass.Encrypt(PasswordBox.Text));
values.Add(HospitalClass.getTransactionId());
values.Add(operation); //52
int status = DataConsumer.executeProcedure("superuser_admin_val", values);
Session["FirstName"] = FirstNameBox.Text;
StatusLabel.Text = "Operation Successful.<br/>Performer: " + updaterId + ".<br/>Operation: " + operation;
StatusLabel.CssClass = "success paraNormal";
}
}
else
{
StatusLabel.CssClass = "error paraNormal";
if (int.Parse(lastPossibleId.Substring(3, 3)) < int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
{
StatusLabel.Text = "Invalid User Id. Perform a new registration";
}
else if (GenderList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your gender";
}
else if (MaritalList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your marital status";
}
else if (IdTypeList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your Identificaton type";
}
else if (TypeList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your blood type";
}
else if (GroupList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your blood group";
}
else if (PriList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your primary school certificate. (Select none if unavailable)";
}
else if (SecList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your secondary school certificate. (Select none if unavailable)";
}
else
{
StatusLabel.Text = "Please select your university certificate grade. (Select none if unavailable)";
}
}
}
catch (Exception ex)
{
StatusLabel.CssClass = "error normal";
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
StatusDiv.Visible = true;
StatusLabel.Visible = true;
bool buttonChk;
if (DocRadioButton.Checked)
{
buttonChk = DocRoleList.SelectedIndex != 0;
}
else if (StfRadioButton.Checked)
{
buttonChk = StfRoleList.SelectedIndex != 0;
}
else
{
buttonChk = true;
}
string existQuery = DataProvider.RegistrationPage.ExistQuery(EmailBox.Text.ToUpper().Trim());
DataTable dt = HospitalClass.getDataTable(existQuery);
bool checkName = HospitalClass.sqlProtect(FirstNameBox.Text);
bool checkPassword = HospitalClass.sqlProtect(PasswordBox.Text);
if (buttonChk && GenderList.SelectedIndex != 0 && dt.Rows.Count == 0 && checkName && checkPassword) //validate selection of drop down list values
{
if (DocRadioButton.Checked == true)
{
role = DocRoleList.SelectedItem.Value;
updateCode = "DOC_REG";
}
else if (StfRadioButton.Checked == true)
{
role = StfRoleList.SelectedItem.Value;
updateCode = "STF_REG";
}
else
{
role = "PAT";
updateCode = "PAT_REG";;
}
string month,
year;
if (DateTime.Now.Month < 10)
{
month = "0" + DateTime.Now.Month;
}
else
{
month = DateTime.Now.Month.ToString();
}
year = (DateTime.Now.Year.ToString()).Remove(0, 2);
string lastIdQuery = DataProvider.RegistrationPage.LastIdQuery(role.Remove(2));
DataTable lastDt = HospitalClass.getDataTable(lastIdQuery);
if (lastDt.Rows.Count == 0) //first role user registration
{
if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
{
userId = role + month + year + "0001";
}
else
{
userId = role + month + year + "001";
}
}
else //generate new id for patient, doctor or staff
{
string lastId = (string)lastDt.Rows[0][0];
string editId;
if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
{
editId = lastId.Remove(0, lastId.Length - 4);
}
else
{
editId = lastId.Remove(0, lastId.Length - 3);
}
int newIdInt = int.Parse(editId) + 1;
string newId;
if (newIdInt < 10)
{
newId = editId.Remove(editId.Length - 1) + newIdInt.ToString();
}
else if (newIdInt < 100)
{
newId = editId.Remove(editId.Length - 2) + newIdInt.ToString();
}
else if (newIdInt < 1000)
{
newId = editId.Remove(editId.Length - 3) + newIdInt.ToString();
}
else
{
newId = newIdInt.ToString();
}
userId = role + month + year + newId;
}
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = userId;
}
List <string> values = new List <string>();
values.Add(EmailBox.Text.Trim());
values.Add(FirstNameBox.Text.Trim());
values.Add(GenderList.SelectedItem.Text);
values.Add(LastnameBox.Text.Trim());
values.Add(OtherNameBox.Text.Trim());
values.Add(HospitalClass.Encrypt(PasswordBox.Text));
values.Add(PhoneBox.Text);
values.Add(updateCode);
values.Add(updaterId);
values.Add(userId);
values.Add(HospitalClass.getTransactionId());
int status = DataConsumer.executeProcedure("initial_reg", values);
StatusLabel.CssClass = "success big";
StatusLabel.Text = "You have been successfully registered.<br/>Your ID is: " + userId + ".<br/>";
goToLogin.Visible = true;
InfoDiv.Visible = false;
RegLabel.Visible = false;
CheckBoxDiv.Visible = false;
}
else
{
if (!checkName)
{
StatusLabel.Text = "Unsecure name entry. Please remove all ' and -- symbols";
}
else if (!checkPassword)
{
StatusLabel.Text = "Unsecure password choice. Please remove all ' and -- symbols";
}
else if (GenderList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your sex";
}
else if (dt.Rows.Count > 0)
{
StatusLabel.Text = "This email address has already been registered";
}
else
{
StatusLabel.Text = "Please choose a classification/role";
}
}
}
catch (Exception ex)
{
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
bool checkId = HospitalClass.sqlProtect(UserIdBox.Text); //security for user id input against sqlInjection
bool checkPwd = HospitalClass.sqlProtect(PasswordBox.Text); //security for password input against sqlInjection
if (UserIdBox.Text.Length != 0 && checkId && checkPwd)
{
string passwordQuery = DataProvider.LoginPage.PasswordQuery(UserIdBox.Text.ToUpper().Trim());
DataTable dt = HospitalClass.getDataTable(passwordQuery);
if (dt.Rows.Count > 0)
{
string encryptPassword = HospitalClass.Encrypt(PasswordBox.Text);
int checkPassword = 0;
string userIdPass = "";
foreach (DataRow row in dt.Rows)
{
if (encryptPassword == row[0].ToString()) //check if password correlate
{
checkPassword = 1;
userIdPass = row[1].ToString(); //check first name repetition
}
userId = row[1].ToString();
if (userIdPass.Length > 0)
{
userId = userIdPass;
}
}
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = userId;
}
bool rights;
if (userId.StartsWith("ADM") || userId.StartsWith("SUP"))
{
rights = false;
}
else
{
rights = true;
}
//for either a basic user or a privileged user
if ((Session["SuperUser"] != null || Session["Admin"] != null || (checkPassword == 1 && rights)) || (!rights && checkPassword == 1))
{
bool auditTrailValidator = false;
string oldUser = ""; //to check the access of an administrator or a superuser
if (Session["SuperUser"] != null)
{
oldUser = Session["SuperUser"].ToString();
}
else if (Session["Admin"] != null)
{
oldUser = Session["Admin"].ToString();
}
Session["User"] = userId;
//using linq to datasets to query the datatable (to guard against two users with the same first name)
Session["FirstName"] = (from FirstName in dt.AsEnumerable()
where FirstName.Field <string>("USER_ID") == userId
select FirstName.Field <string>("FIRST_NAME")).First().ToString();
Session["RegStatus"] = (from Status in dt.AsEnumerable()
where Status.Field <string>("USER_ID") == userId
select Status.Field <string>("STATUS")).First().ToString();
//login for users
if ((Session["SuperUser"] != null || Session["Admin"] != null || checkPassword == 1) && rights)
{
if (userId.StartsWith("PAT"))
{
updateCode = "PAT_LGN";
}
else if (userId.StartsWith("DC"))
{
updateCode = "DOC_LGN";
}
else
{
updateCode = "STF_LGN";
};
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
//login for admin and superuser
else if (!rights && checkPassword == 1)
{
if (userId.StartsWith("SUP"))
{
Session["SuperUser"] = userId;
updateCode = "SUP_LGN";
}
else
{
Session["Admin"] = userId;
updateCode = "ADM_LGN";
}
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
//extraneous login for superuser and administrator
else
{
//to catch unauthorized access to another privileged user's account
if ((Session["SuperUser"] != null && !userId.StartsWith("SUP")) || oldUser == userId) //for privileged user relogin
{
Session["User"] = userId;
if (oldUser == userId)
{
Session["Info"] = "Welcome Back";
}
if (userId.ToUpper().StartsWith("ADM"))
{
updateCode = "ADM_LGN";
}
else
{
updateCode = "SUP_LGN";
}
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
else
{
StatusLabel.Text = "You do not have access to this profile";
if (oldUser.StartsWith("SUP"))
{
Session["User"] = Session["SuperUser"].ToString();
}
else
{
Session["User"] = Session["Admin"].ToString();
}
auditTrailValidator = false;
}
}
if (auditTrailValidator)
{
object[] values = new object[4];
values[0] = (HospitalClass.getTransactionId());
values[1] = (updateCode);
values[2] = (updaterId);
values[3] = (userId);
int status = DataConsumer.executeProc("audit_trail_proc", values);
}
}
else
{
if (PasswordBox.Text.Length == 0)
{
StatusLabel.Text = "Please enter your password";
}
else
{
StatusLabel.Text = "Wrong user Id/password combination.<br/>Note: Password is case-sensitive.";
}
}
}
else
{
StatusLabel.Text = "You are not a user on our database. Please register.";
}
}
else
{
if (UserIdBox.Text.Length == 0)
{
StatusLabel.Text = "Please enter your user id, first name or email address";
}
else if (!checkId)
{
StatusLabel.Text = "Unsecure user Id";
}
else
{
StatusLabel.Text = "Unsecure password";
}
}
}
catch (Exception ex)
{
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
//ex.Logger();
}
}