// Note this is complicated by password, so needs special handling.
void insert()
{
string s = this.check_error();
if (s != "")
{
throw new Exception(s);
}
string strQuery = @"INSERT INTO [User] (first_name, last_name, email, login, passwd, note, gid, disabled,
[create_user_id], [create_datetime]) VALUES (" +
ClsDB.sqlEncode(this.user.first_name) + ", " +
ClsDB.sqlEncode(this.user.last_name) + ", " +
ClsDB.sqlEncode(this.user.email) + ", " +
ClsDB.sqlEncode(this.user.login) + ", " +
"HASHBYTES('MD5', " + ClsDB.sqlEncode(Request["txtPwd"]) + "), " +
ClsDB.sqlEncode(this.user.note) + ", " +
ClsDB.sqlEncode(this.user.gid) + ", " +
ClsDB.sqlEncode(this.user.disabled) + ", " +
ClsDB.sqlEncode(Session["userid"].ToString()) + ", " +
ClsDB.sqlEncode(DateTime.Now.ToString()) +
")";
if (ClsDB.DEBUG())
{
Response.Write(strQuery);
}
new ClsDB().ExecuteNonQuery(strQuery);
}
protected void Page_Load(object sender, EventArgs e)
{
if (this.IsPostBack)
{
this.form1.Text = "";
try
{
this.client.retrieveRequest(this.IsPostBack, Request);
this.client.insert(Session["userid"].ToString());
this.msg.Text = "<font color='green'>The new client has been added.</font> <br/><br/><a href='client_new.aspx'>Add Another New Client</a>";
if (ClsDB.DEBUG())
{
this.msg.Text += "<br/>" + this.client.strQuery();
}
}
catch (Exception ex) {
this.msg.Text = "<p><font color='red'>" + ex.Message + "</font></p>";
this.form1.Text = ShowNewForm();
}
}
else
{
this.msg.Text = "";
this.client.Case_Id = this.getNextCaseId().ToString();
this.form1.Text = ShowNewForm();
}
}
void update(string ID)
{
if (ID == "")
{
return;
}
string strQuery = "UPDATE [User] SET passwd = HASHBYTES('MD5', " + ClsDB.sqlEncode(this.new_pwd) + ") WHERE ID = " + ID;
if (ClsDB.DEBUG())
{
Response.Write(strQuery);
}
new ClsDB().ExecuteNonQuery(strQuery);
}
protected void Page_Load(object sender, EventArgs e)
{
if (Request["ID"] == null)
{
this.msg.Text = "No valid ID is provided.";
this.form1.Text = "";
}
else
{
this.client.retrieveDB(Request["ID"]);
this.msg.Text = "";
if (ClsDB.DEBUG())
{
this.msg.Text += this.client.strQuery();
}
this.form1.Text = ShowViewForm();
}
}
/// <summary>
/// Use data reader, read the first row. Don't check whether there are extra rows.
/// </summary>
/// <param name="UserName"></param>
/// <param name="Password"></param>
/// <returns></returns>
private bool doLogin(string UserName, string Password)
{
bool ok = false;
try
{
string strConn = new ClsDB().strConn();
using (SqlConnection conn = new SqlConnection(strConn))
{
string strQuery = "SELECT ID, login, gid, email FROM [User] WHERE login = @login AND passwd=HASHBYTES('MD5', @pwd) AND disabled = '0'";
SqlCommand comm = new SqlCommand(strQuery, conn);
comm.Parameters.Add("@login", SqlDbType.VarChar, 50).Value = UserName;
comm.Parameters.Add("@pwd", SqlDbType.VarChar, 50).Value = Password;
if (ClsDB.DEBUG())
{
Response.Write("query: " + strQuery);
}
conn.Open();
using (SqlDataReader sdr = comm.ExecuteReader())
{
if (sdr.Read())
{
Session["userid"] = sdr["ID"].ToString();
Session["username"] = sdr["login"].ToString();
Session["role"] = getUserRole(sdr["gid"].ToString());
Session["email"] = sdr["email"].ToString();
ok = true;
}
}
}
}
catch (Exception ex)
{
if (ClsUtil.DEBUG())
{
Response.Write("Error: " + ex.Message);
}
}
return(ok);
}
protected void Page_Load(object sender, EventArgs e)
{
ClsAuth.check_auth_admin();
string ID = ClsUtil.getStrVal(Request["id"]);
if (ID == "")
{
this.msg.Text = "Not a valid user.";
this.form1.Text = "";
return;
}
if (this.IsPostBack)
{
this.form1.Text = "";
try
{
this.user.retrieveRequest(this.IsPostBack, Request);
this.user.update(ID, Session["userid"].ToString());
this.msg.Text = "<p><font color='green'>This profile has been updated.</font> </p>";
if (ClsDB.DEBUG())
{
Response.Write(this.user.strQuery());
}
}
catch (Exception ex)
{
this.msg.Text = "<p><font color='red'>" + ex.Message + "</font></p>";
}
this.user.retrieveDB(ID);
this.form1.Text = ShowEditForm();
}
else
{
this.user.retrieveDB(ID);
this.msg.Text = "";
this.form1.Text = ShowEditForm();
}
}
// This also works and is secure.
private bool doLogin_bak(string UserName, string Password)
{
bool ok = false;
try {
string strConn = new ClsDB().strConn();
using (SqlConnection conn = new SqlConnection(strConn))
{
string strQuery = "SELECT ID, login, gid, email FROM [User] WHERE login="******" AND passwd=HASHBYTES('MD5', " + ClsDB.sqlEncode(Password) + ") AND disabled = '0'";
SqlCommand comm = new SqlCommand(strQuery, conn);
if (ClsDB.DEBUG())
{
Response.Write("query: " + strQuery);
}
conn.Open();
using (SqlDataReader sdr = comm.ExecuteReader())
{
if (sdr.Read())
{
Session["userid"] = ClsUtil.getStrVal(sdr["ID"]);
Session["username"] = ClsUtil.getStrVal(sdr["login"]);
Session["role"] = getUserRole(ClsUtil.getStrVal(sdr["gid"]));
Session["email"] = ClsUtil.getStrVal(sdr["email"]);
ok = true;
}
}
}
}
catch (Exception ex)
{
if (ClsUtil.DEBUG())
{
Response.Write("Error: " + ex.Message);
}
}
return(ok);
}
protected void Page_Load(object sender, EventArgs e)
{
if (this.IsPostBack)
{
this.form1.Text = "";
this.client.retrieveRequest(this.IsPostBack, Request);
try
{
this.client.update(Request["id"], Session["userid"].ToString());
this.msg.Text = "<p><font color='green'>The client has been updated.</font> </p>";
}
catch (Exception ex) {
this.msg.Text = "<p><font color='red'>" + ex.Message + "</font></p>";
}
if (ClsDB.DEBUG())
{
this.msg.Text += this.client.strQuery();
}
this.form1.Text = ShowEditForm();
}
else
{
if (Request["ID"] == null)
{
this.msg.Text = "No valid ID is provided.";
this.form1.Text = "";
}
else
{
this.client.retrieveDB(Request["ID"]);
this.msg.Text = "";
this.form1.Text = ShowEditForm();
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["userid"] == null || Session["userid"] == "")
{
this.msg.Text = "Not a valid user.";
this.form1.Text = "";
return;
}
string ID = Session["userid"].ToString();
if (this.IsPostBack)
{
this.form1.Text = "";
this.p.retrieveRequest(this.IsPostBack, Request);
try
{
this.p.update(ID, ID);
this.msg.Text = "<p><font color='green'>Your profile has been updated.</font> </p>";
if (ClsDB.DEBUG())
{
Response.Write(this.p.strQuery());
}
}
catch (Exception ex)
{
this.msg.Text = "<p><font color='red'>" + ex.Message + "</font></p>";
}
this.form1.Text = ShowEditForm();
}
else
{
this.p.retrieveDB(ID);
this.msg.Text = "";
this.form1.Text = ShowEditForm();
}
}