protected void btnLogin_Click(object sender, EventArgs e)
{
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.btnResendValidationEmail.Visible = false;
this.txtEmail.CssClass = this.txtEmail.CssClass.Replace("has-error", "");
this.txtPassword.CssClass = this.txtPassword.CssClass.Replace("has-error", "");
this.fgtxtEmail.CssClass = this.fgtxtEmail.CssClass.Replace("has-error", "");
this.fgtxtPassword.CssClass = this.fgtxtPassword.CssClass.Replace("has-error", "");
if (string.IsNullOrEmpty(this.txtEmail.Text.ToString()))
{
this.lblError.Text = "Please enter your email address";
this.lblError.Visible = true;
this.fgtxtEmail.CssClass = this.fgtxtEmail.CssClass.Replace("form-group", "form-group has-error");
return;
}
if (string.IsNullOrEmpty(this.txtPassword.Text.ToString()))
{
this.lblError.Text = "Please enter your password";
this.lblError.Visible = true;
this.fgtxtPassword.CssClass = this.fgtxtPassword.CssClass.Replace("form-group", "form-group has-error");
return;
}
string IPAddress = "";
try
{
IPAddress = GetIPAddress();
}
catch { }
string sql = "SELECT * FROM app_user WHERE emailaddress = @email AND userpassword = crypt(@password, userpassword);";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("email", this.txtEmail.Text),
new KeyValuePair <string, string>("password", this.txtPassword.Text)
};
DataSet ds = DataServices.DataSetFromSQL(sql, paramList);
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
//Valid User
Session["UserDetailsSxn"] = dt;
//Record Login
string userid = "0";
try
{
userid = dt.Rows[0]["userid"].ToString();
}
catch { }
Session["userID"] = userid;
string emailconfirmed = "False";
try
{
emailconfirmed = dt.Rows[0]["emailconfirmed"].ToString();
}
catch { }
string userFullName = "";
try
{
userFullName = dt.Rows[0]["firstname"].ToString() + " " + dt.Rows[0]["lastname"].ToString();
}
catch { }
Session["userFullName"] = userFullName;
string userType = "";
try
{
userType = dt.Rows[0]["usertype"].ToString();
}
catch
{
//Response.Redirect("Login.aspx");
}
Session["userType"] = userType;
string matchedclinicianid = "";
try
{
matchedclinicianid = dt.Rows[0]["matchedclinicianid"].ToString();
}
catch
{
//Response.Redirect("Login.aspx");
}
Session["matchedclinicianid"] = matchedclinicianid;
this.hdnEmail.Value = this.txtEmail.Text;
if (emailconfirmed == "False")
{
this.lblError.Text = "Your account has been created but you have not confirmed your email address yet.<br /><br />Please check your spam folder for the email containing the link to confirm your account";
this.btnResendValidationEmail.Visible = true;
this.lblError.Visible = true;
return;
}
string isauthorised = "False";
try
{
isauthorised = dt.Rows[0]["isauthorised"].ToString();
}
catch { }
if (isauthorised == "False")
{
this.lblError.Text = "Your account hasnot been authorised yet";
this.lblError.Visible = true;
return;
}
sql = "INSERT INTO loginhistory (userid, emailaddress, ipaddress) VALUES (CAST(@userid AS INT), @emailaddress, @ipaddress);";
var paramListHistory = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("userid", userid),
new KeyValuePair <string, string>("emailaddress", this.txtEmail.Text),
new KeyValuePair <string, string>("ipaddress", IPAddress)
};
DataServices.executeSQLStatement(sql, paramListHistory);
Response.Redirect(this.lblRedirect.Text);
}
else
{
//Invalid User
sql = "INSERT INTO failedlogin(emailaddress, ipaddress) VALUES ( @emailaddress, @ipaddress); ";
var paramListFail = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("emailaddress", this.txtEmail.Text),
new KeyValuePair <string, string>("ipaddress", IPAddress)
};
DataServices.executeSQLStatement(sql, paramListFail);
this.lblError.Text = "Invalid Username or Password";
this.lblError.Visible = true;
}
}
protected void btnRegister_Click(object sender, EventArgs e)
{
string haserr = "form-group has-error";
string noerr = "form-group";
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgConfirmPassword.CssClass = noerr;
this.fgMatchedOrganisation.CssClass = noerr;
this.fgMatchedClinician.CssClass = noerr;
this.fgFirstName.CssClass = noerr;
this.fgLastName.CssClass = noerr;
this.fgDOB.CssClass = noerr;
this.fgTnCs.CssClass = noerr;
if (this.ddlMatchedOrganisation.SelectedIndex == 0)
{
this.lblError.Text = "Please select an organisation";
this.lblError.Visible = true;
this.fgMatchedOrganisation.CssClass = haserr;
return;
}
if (this.ddlMatchedClinician.SelectedIndex == 0)
{
this.lblError.Text = "Please select a clinician";
this.lblError.Visible = true;
this.fgMatchedClinician.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtFirstName.Text.ToString()))
{
this.lblError.Text = "Please enter your first name";
this.lblError.Visible = true;
this.fgFirstName.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtLastName.Text.ToString()))
{
this.lblError.Text = "Please enter your last name";
this.lblError.Visible = true;
this.fgLastName.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtDOB.Text.ToString()))
{
this.lblError.Text = "Please enter your date of birth";
this.lblError.Visible = true;
this.fgDOB.CssClass = haserr;
return;
}
else
{
DateTime DTm;
try
{
DTm = Convert.ToDateTime(this.txtDOB.Text);
}
catch
{
this.lblError.Text = "Please enter your date of birth in the format dd/mm/yyyy";
this.lblError.Visible = true;
this.fgDOB.CssClass = haserr;
return;
}
}
if (string.IsNullOrEmpty(this.txtRegistrationEmail.Text.ToString()))
{
this.lblError.Text = "Please enter your email address";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (CheckEmailAddress() == 1)
{
this.lblError.Text = "This email address has already been registered";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtRegistrationPassword.Text.ToString()))
{
this.lblError.Text = "Please enter a password";
this.lblError.Visible = true;
this.fgPassword.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtConfirmPassword.Text.ToString()))
{
this.lblError.Text = "Please confirm your password";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
return;
}
if (this.txtRegistrationPassword.Text != this.txtConfirmPassword.Text)
{
this.lblError.Text = "Passwords do not match";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
this.fgPassword.CssClass = haserr;
return;
}
if (!this.chkAcceptTnCs.Checked)
{
this.lblError.Text = "Please accept the terms and conditions";
this.lblError.Visible = true;
this.fgTnCs.CssClass = haserr;
return;
}
string sql = "INSERT INTO app_user(usertype, userpassword, matchedorganisationid, matchedclinicianid, nhsnumber, emailaddress, firstname, lastname, dateofbirth, acceptedtermsandconditions)";
sql += " VALUES (@usertype, crypt(@userpassword, gen_salt('bf', 8)), CAST(@matchedorganisationid AS INT), CAST(@matchedclinicianid AS INT), @nhsnumber, @emailaddress, @firstname, @lastname, CAST(@dateofbirth AS date), CAST(@acceptedtermsandconditions AS BOOL))";
string acceptedtermsandconditions = "False";
if (this.chkAcceptTnCs.Checked)
{
acceptedtermsandconditions = "True";
}
var paramListSave = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("usertype", this.ddlUserType.SelectedValue),
new KeyValuePair <string, string>("userpassword", this.txtRegistrationPassword.Text),
new KeyValuePair <string, string>("matchedorganisationid", this.ddlMatchedOrganisation.SelectedValue),
new KeyValuePair <string, string>("matchedclinicianid", this.ddlMatchedClinician.SelectedValue),
new KeyValuePair <string, string>("nhsnumber", this.txtNHSNo.Text),
new KeyValuePair <string, string>("emailaddress", this.txtRegistrationEmail.Text),
new KeyValuePair <string, string>("firstname", this.txtFirstName.Text),
new KeyValuePair <string, string>("lastname", this.txtLastName.Text),
new KeyValuePair <string, string>("dateofbirth", this.txtDOB.Text),
new KeyValuePair <string, string>("acceptedtermsandconditions", acceptedtermsandconditions)
};
DataServices.executeSQLStatement(sql, paramListSave);
this.hdnEmail.Value = this.txtRegistrationEmail.Text;
sendConfirmationEmail();
Response.Redirect("RegistrationThankYou.aspx?id=patient");
}
private void GetUserData(string id)
{
string sql = "SELECT * FROM app_user WHERE userid = CAST(@userid AS INT);";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("userid", id)
};
DataSet ds = DataServices.DataSetFromSQL(sql, paramList);
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
string userFullName = dt.Rows[0]["firstname"].ToString() + " " + dt.Rows[0]["lastname"].ToString();
try
{
this.lblUserFullName.Text = userFullName.ToUpper();
}
catch { }
switch (Session["userType"].ToString().ToLower())
{
case "patient":
break;
case "clinician":
try
{
this.lblUniqueID.Text = dt.Rows[0]["nhsnumber"].ToString();
}
catch { }
break;
case "super user":
try
{
this.lblUniqueID.Text = dt.Rows[0]["nhsnumber"].ToString();
}
catch { }
break;
}
try
{
this.lblDoB.Text = dt.Rows[0]["dateofbirth"].ToString().Substring(0, 10);;
}
catch { }
try
{
this.lblUserType.Text = dt.Rows[0]["usertype"].ToString();
}
catch { }
try
{
this.hdnEmail.Value = dt.Rows[0]["emailaddress"].ToString();
}
catch { }
try
{
this.hdnMatchedclinicianid.Value = dt.Rows[0]["matchedclinicianid"].ToString();
}
catch { }
string currentStatus = "Currently Unauthorised";
string currentStatusClass = "alert alert-info";
bool isAuthorised = false;
try
{
isAuthorised = System.Convert.ToBoolean(dt.Rows[0]["isauthorised"].ToString());
}
catch { }
bool isRejected = false;
try
{
isRejected = System.Convert.ToBoolean(dt.Rows[0]["isrejected"].ToString());
}
catch { }
if (isAuthorised)
{
currentStatus = "Currently Authorised";
currentStatusClass = "alert alert-success";
this.btnAuthorise.Visible = false;
//this.btnReject.Visible = false;
}
if (isRejected)
{
currentStatus = "Currently Rejected";
currentStatusClass = "alert alert-danger";
this.btnReject.Visible = false;
}
this.lblCurrentStatus.Text = currentStatus;
this.pnlCurrentStatus.CssClass = currentStatusClass;
}
}
public static int SendMail(string messageBody, string messageSubject, string emailTo, out string msg)
{
string emailhost = "";
string emailuser = "";
string emailpassword = "";
Int16 emailport = 0;
bool emailusetls = false;
string emailfromaddress = "";
string emailfromname = "Physical Health App";
string sql = "SELECT * FROM systemsetup WHERE systemsetupid = 1;";
DataSet ds = DataServices.DataSetFromSQL(sql, null);
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
try { emailhost = dt.Rows[0]["emailhost"].ToString(); } catch { }
try { emailuser = dt.Rows[0]["emailuser"].ToString(); } catch { }
try { emailpassword = dt.Rows[0]["emailpassword"].ToString(); } catch { }
try { emailport = System.Convert.ToInt16(dt.Rows[0]["emailport"].ToString()); } catch { }
try { emailusetls = System.Convert.ToBoolean(dt.Rows[0]["emailusetls"].ToString()); } catch { }
try { emailfromaddress = dt.Rows[0]["emailfromaddress"].ToString(); } catch { }
try { emailfromname = dt.Rows[0]["emailfromname"].ToString(); } catch { }
}
if (string.IsNullOrEmpty(emailhost))
{
msg = "Email not configured";
return(0);
}
MailMessage Message = new MailMessage();
Message.Subject = messageSubject;
Message.Body = messageBody;
Message.From = new System.Net.Mail.MailAddress(emailfromaddress, emailfromname);
Message.ReplyToList.Add(Message.From);
Message.IsBodyHtml = true;
Message.To.Add(new MailAddress(emailTo));
SmtpClient client = new SmtpClient();
client.Host = emailhost;
client.Port = emailport;
client.UseDefaultCredentials = true;
client.DeliveryMethod = SmtpDeliveryMethod.Network;
client.EnableSsl = emailusetls;
client.Credentials = new NetworkCredential(emailuser, emailpassword);
try
{
client.Send(Message);
msg = "Email sent successfully";
return(1);
}
catch (Exception ex)
{
msg = "Problem with email account: " + ex.ToString();
return(0);
}
}
protected void btnRegister_Click(object sender, EventArgs e)
{
string haserr = "form-group has-error";
string noerr = "form-group";
this.lblError.Text = string.Empty;
this.lblError.Visible = false;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgEmail.CssClass = noerr;
this.fgPassword.CssClass = noerr;
this.fgConfirmPassword.CssClass = noerr;
this.fgMatchedOrganisation.CssClass = noerr;
this.fgFirstName.CssClass = noerr;
this.fgLastName.CssClass = noerr;
this.fgGMCCode.CssClass = noerr;
//if (this.ddlMatchedOrganisation.SelectedIndex == 0)
//{
// this.lblError.Text = "Please select an organisation";
// this.lblError.Visible = true;
// this.fgMatchedOrganisation.CssClass = haserr;
// return;
//}
if (string.IsNullOrEmpty(this.txtFirstName.Text.ToString()))
{
this.lblError.Text = "Please enter your first name";
this.lblError.Visible = true;
this.fgFirstName.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtLastName.Text.ToString()))
{
this.lblError.Text = "Please enter your last name";
this.lblError.Visible = true;
this.fgLastName.CssClass = haserr;
return;
}
//if (string.IsNullOrEmpty(this.txtGMCCode.Text.ToString()))
//{
// this.lblError.Text = "Please enter your GMC Number";
// this.lblError.Visible = true;
// this.fgGMCCode.CssClass = haserr;
// return;
//}
if (string.IsNullOrEmpty(this.txtRegistrationEmail.Text.ToString()))
{
this.lblError.Text = "Please enter your email address";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (CheckEmailAddress() == 1)
{
this.lblError.Text = "This email address has already been registered";
this.lblError.Visible = true;
this.fgEmail.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtRegistrationPassword.Text.ToString()))
{
this.lblError.Text = "Please enter a password";
this.lblError.Visible = true;
this.fgPassword.CssClass = haserr;
return;
}
if (string.IsNullOrEmpty(this.txtConfirmPassword.Text.ToString()))
{
this.lblError.Text = "Please confirm your password";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
return;
}
if (this.txtRegistrationPassword.Text != this.txtConfirmPassword.Text)
{
this.lblError.Text = "Passwords do not match";
this.lblError.Visible = true;
this.fgConfirmPassword.CssClass = haserr;
this.fgPassword.CssClass = haserr;
return;
}
string sql = "INSERT INTO app_user(usertype, userpassword, gmccode, matchedorganisationid, emailaddress, firstname, lastname, organisationid, isclinician, isactive, emailconfirmed, issysadmin, isauthorised)";
sql += " VALUES (@usertype, crypt(@userpassword, gen_salt('bf', 8)), @gmccode, CAST(@matchedorganisationid AS INT), @emailaddress, @firstname, @lastname, CAST(@organisationid AS INT), true, true, true, true, true)";
var paramListSave = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("usertype", this.ddlUserType.SelectedValue),
new KeyValuePair <string, string>("userpassword", this.txtRegistrationPassword.Text),
new KeyValuePair <string, string>("matchedorganisationid", this.ddlMatchedOrganisation.SelectedValue),
new KeyValuePair <string, string>("organisationid", this.ddlMatchedOrganisation.SelectedValue),
new KeyValuePair <string, string>("gmccode", this.txtGMCCode.Text),
new KeyValuePair <string, string>("emailaddress", this.txtRegistrationEmail.Text),
new KeyValuePair <string, string>("firstname", this.txtFirstName.Text),
new KeyValuePair <string, string>("lastname", this.txtLastName.Text)
};
DataServices.executeSQLStatement(sql, paramListSave);
Response.Redirect("RegistrationThankYou.aspx?id=patient");
}
private void GetTestData(string id)
{
string sql = "SELECT * FROM app_test WHERE testid = CAST(@testid AS INT);";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("testid", id)
};
DataSet ds = DataServices.DataSetFromSQL(sql, paramList);
DataTable dt = ds.Tables[0];
if (dt.Rows.Count > 0)
{
string patientid = "";
try
{
patientid = dt.Rows[0]["patientid"].ToString();
this.hdnPatientID.Value = patientid;
GetPatientData(patientid);
}
catch { }
string testtypeid = "";
try
{
testtypeid = dt.Rows[0]["testtypeid"].ToString();
GetTestType(testtypeid);
}
catch { }
try
{
this.lbltestnumericresult.Text = dt.Rows[0]["testnumericresult"].ToString();
}
catch { }
try
{
this.lblunitstext.Text = dt.Rows[0]["unitstext"].ToString();
}
catch { }
try
{
this.lbllowerreferencerange.Text = dt.Rows[0]["lowerreferencerange"].ToString();
}
catch { }
try
{
this.lblupperreferencerange.Text = dt.Rows[0]["upperreferencerange"].ToString();
}
catch { }
try
{
this.lblclinicianmessage.Text = dt.Rows[0]["clinicianmessage"].ToString();
}
catch { }
try
{
this.lblnexttestdate.Text = dt.Rows[0]["nexttestdate"].ToString().Substring(0, 10);;
}
catch { }
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
string id = "";
try
{
id = Request.QueryString["id"].ToString();
}
catch
{
Response.Redirect("Default.aspx");
return;
}
this.hdnTestId.Value = id;
GetTestData(id);
//this.lblError.Visible = false;
switch (Session["userType"].ToString().ToLower())
{
case "patient":
//Response.Redirect("Unauthorised.aspx");
//this.lblSummaryType.Text = "My Summary";
if (this.hdnPatientID.Value != Session["userID"].ToString())
{
Response.Redirect("Unauthorised.aspx");
}
else
{
//Update test to viewed by patient
string sql = "UPDATE app_test SET patienthasviewed = true, patientvieweddate = NOW() WHERE testid = CAST(@testid AS INT) AND COALESCE(patienthasviewed, false) = false;";
var paramList = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("testid", id)
};
DataServices.executeSQLStatement(sql, paramList);
}
break;
case "clinician":
//this.lblSummaryType.Text = "New Result";
if (Session["userID"].ToString() != this.hdnMatchedclinicianid.Value)
{
Response.Redirect("Unauthorised.aspx");
}
break;
case "super user":
Response.Redirect("Unauthorised.aspx");
break;
}
this.hdnUserId.Value = Session["userID"].ToString();
}
}
