// Method that inserts a new user into the database
protected void EntityDataSourceGeneral_Inserting(object sender, EntityDataSourceChangingEventArgs e)
{
// Hides the error-layer
msgDv.Visible = false;
int errCnter = 0;
// Checks if the username exists before in the database. If it does - then save the
// number of 1 to the errCnter variable above
TextBox usern = dbListView.InsertItem.FindControl("usrs_usrsnmeTextBox") as TextBox;
using (MindDumpsEntities db = new MindDumpsEntities())
{
var query = from user in db.minddumps_usrs
where user.mnd_usrs_usrsnme == usern.Text.Trim()
select user.mnd_usrs_usrsnme;
if (query.Count() > 0)
{
errCnter = 1;
}
}
// If the username not exists in the database - add it ...
if (errCnter == 0)
{
HashPswdGeneratorHandler hpg = new HashPswdGeneratorHandler();
string nwSalt1 = hpg.GenerateSalt();
string nwSalt2 = hpg.GenerateSalt();
minddumps_usrs dbUsrs = e.Entity as minddumps_usrs;
dbUsrs.mnd_usrs_usrssaltfrst = nwSalt1.ToString();
dbUsrs.mnd_usrs_usrssaltlst = nwSalt2.ToString();
TextBox pswrdet = dbListView.InsertItem.FindControl("usrs_usrspswdTextBox") as TextBox;
dbUsrs.mnd_usrs_usrspswd = hpg.GetHashedPassword(nwSalt1, pswrdet.Text.Trim(), nwSalt2);
}
// ... or show an error message if it does
else
{
e.Cancel = true;
msgDv.Visible = true;
msgDv.Attributes.Add("class", "errorMsg");
msgs.Attributes.Add("class", "errorMsg");
msgs.Attributes.Add("class", "whiteText");
string errTxt = "User could not be added because the username is already taken!";
msgs.Text = errTxt;
ScriptManager.RegisterStartupScript(this, this.GetType(), "key", "alert('" + errTxt + "');", true);
}
}
// Method that kicks in the viewing the list with items or when updating one item
protected void dbListView_ItemDataBound(object sender, ListViewItemEventArgs e)
{
Button updbtn = e.Item.FindControl("UpdateButton") as Button;
// If the current view is of the list with items - hide the delete-button
// for the current logged in (admin)-user - so the user cannot delete
// her-/himself
if (e.Item.ItemType == ListViewItemType.DataItem && updbtn == null)
{
Button delbtn = e.Item.FindControl("DeleteButton") as Button;
Label lblUsrnm = e.Item.FindControl("usrs_usrsnmeLabel") as Label;
if (Session["usrnme"] != null)
{
if (Session["usrnme"].ToString() == lblUsrnm.Text)
{
delbtn.Visible = false;
}
}
}
// If it only exists one admin-user in the database or
// if it only exists one user at all - disable the dropdown
// where the admin can change group (for the specific item)
else
{
using (MindDumpsEntities db = new MindDumpsEntities())
{
var query1 = from user in db.minddumps_usrs
where user.minddumps_usrsgrps.mnd_grps_grpsname == "admin"
select user.mnd_usrs_usrsid;
var query2 = from user in db.minddumps_usrs
select user.mnd_usrs_usrsid;
DropDownList dropListGrp = e.Item.FindControl("DropDownListGrp") as DropDownList;
if ((query1.Count() == 1 && dropListGrp.SelectedItem.Text == "admin") || (query2.Count() == 1))
{
dropListGrp.Enabled = false;
}
}
}
}
protected void lgnbtn_Click(object sender, EventArgs e)
{
// Connects to the database
using (MindDumpsEntities dbc = new MindDumpsEntities())
{
// Saves the entered username into a string (for later use)
string usrnmFld = usrnme.Text.Trim();
// Gets the two salt-values (for the user) from the database
var getSlt = (from user in dbc.minddumps_usrs
where user.mnd_usrs_usrsnme == usrnme.Text.Trim()
select new
{
firstsalt = user.mnd_usrs_usrssaltfrst,
lastsalt = user.mnd_usrs_usrssaltlst
});
// Checks if the above query gives any users (from the database)
if (getSlt.Count() > 0)
{
// Connect the salt to the salthandler-variable
var saltHndlr = getSlt.SingleOrDefault();
// Instantiate the class with methods
// for generating salt and hashed passwords
HashPswdGeneratorHandler hpg = new HashPswdGeneratorHandler();
// Combines the first salt with the entered password and the last salt into a hash
string hshdPswd = hpg.GetHashedPassword(saltHndlr.firstsalt, paswds.Text.Trim(), saltHndlr.lastsalt);
// Gets the usergroup for the entered username (from the database)
var getUsrGRP = from user in dbc.minddumps_usrs
where user.mnd_usrs_usrsnme == usrnme.Text.Trim()
select user.minddumps_usrsgrps.mnd_grps_grpsname;
// Saves the usergroup (for the user) into a string (for later use)
string usrnGRP = getUsrGRP.SingleOrDefault();
// Gets the userid for the entered username (from the database)
var getUsrID = from user in dbc.minddumps_usrs
where user.mnd_usrs_usrsnme == usrnme.Text.Trim()
select user.mnd_usrs_usrsid;
// Saves the userid (for the user) into a variable (for later use)
int usrnID = getUsrID.SingleOrDefault();
// Compares the entered username and password against the database
var queryCnt = from user in dbc.minddumps_usrs
where user.mnd_usrs_usrsnme == usrnme.Text.Trim()
&& user.mnd_usrs_usrspswd == hshdPswd
select user;
// If the above query (against the database) holds a user with
// the right given credentials ...
if (queryCnt.Count() > 0)
{
// ... set up some sessions and
// redirect the user to the
// "PHP"-page
usrnme.Text = null;
paswds.Text = null;
Session["usrnme"] = usrnmFld;
Session["usrnid"] = usrnID;
Session["usrngrp"] = usrnGRP;
Response.Redirect("~/Category/PHP.aspx", false);
}
}
usrnme.Text = null;
paswds.Text = null;
usrnme.Focus();
}
}
