protected void Button16_Click(object sender, EventArgs e)
{
try
{
DateTime date = DateTime.Now;
string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString();
DataWorksClass dw = new DataWorksClass(constring);
dw.SetCommand("SELECT MAX(Prescription_ID) FROM Prescription");
int preid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("INSERT INTO Prescription(Prescription_ID,Medical_officer,Issue_date,Issue_month,Issue_year,Medicine,Dosage,Notes,Patient_ID,date) VALUES(@Prescription_ID,@Medical_officer,@Issue_date,@Issue_month,@Issue_year,@Medicine,@Dosage,@Notes,@Patient_ID,@date)");
dw.SetSqlCommandParameters("Prescription_ID", preid);
dw.SetSqlCommandParameters("Medical_officer", DropDownList17.SelectedValue);
dw.SetSqlCommandParameters("Issue_date", DropDownList18.SelectedValue);
dw.SetSqlCommandParameters("Issue_month", DropDownList19.SelectedValue);
dw.SetSqlCommandParameters("Issue_year", DropDownList20.SelectedValue);
dw.SetSqlCommandParameters("Medicine", DropDownList21.SelectedValue.Trim());
dw.SetSqlCommandParameters("Dosage", TextBox22.Text.Trim());
dw.SetSqlCommandParameters("Notes", TextBox27.Text.Trim());
dw.SetSqlCommandParameters("Patient_ID", ApptP_ID);
dw.SetSqlCommandParameters("date", date);
dw.Insert();
DropDownList21.SelectedIndex = 0;
TextBox22.Text = "";
TextBox27.Text = "";
this.Button14_ModalPopupExtender.Show();
}
catch
{
}
}
protected void Button10_Click1(object sender, EventArgs e)
{
try
{
string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString();
DataWorksClass dw = new DataWorksClass(constring);
dw.SetCommand("SELECT MAX(Lab_report_ID) FROM Labreport");
int labid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("SELECT MAX(Colestoroll_ID) FROM Colestoroll");
int cholid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("INSERT INTO Labreport(Lab_report_ID,Medical_officer,Patient_ID ,Issue_date,Issue_month,Issue_year,Report_type) VALUES(@lid,@moff,@pid,@isd,@ism,@isy,@rtype)");
dw.SetSqlCommandParameters("lid", labid);
dw.SetSqlCommandParameters("moff", DropDownList7.SelectedValue);
dw.SetSqlCommandParameters("pid", ApptP_ID);
dw.SetSqlCommandParameters("isd", DropDownList10.SelectedValue);
dw.SetSqlCommandParameters("ism", DropDownList11.SelectedValue);
dw.SetSqlCommandParameters("isy", DropDownList12.SelectedValue);
dw.SetSqlCommandParameters("rtype", "Cholestrol");
dw.Insert();
dw.SetCommand("INSERT INTO Colestoroll(Lab_report_ID ,Colestoroll_ID,LDL,HDL,Triglicerides,VLDL_Cholesterol,Total_Cholesterol,Pat_ID,Other) VALUES(@Lab_report_ID,@Colestoroll_ID,@LDL,@HDL ,@Triglicerides,@VLDL_Cholesterol,@Total_Cholesterol,@Pat_ID,@Other)");
dw.SetSqlCommandParameters("Lab_report_ID", labid);
dw.SetSqlCommandParameters("Colestoroll_ID", cholid);
dw.SetSqlCommandParameters("LDL", TextBox9.Text.Trim());
dw.SetSqlCommandParameters("HDL", TextBox10.Text.Trim());
dw.SetSqlCommandParameters("Triglicerides", TextBox11.Text.Trim());
dw.SetSqlCommandParameters("VLDL_Cholesterol", TextBox12.Text.Trim());
dw.SetSqlCommandParameters("Total_Cholesterol", TextBox13.Text.Trim());
dw.SetSqlCommandParameters("Pat_ID", TextBox4.Text.Trim());
dw.SetSqlCommandParameters("Other", TextBox19.Text.Trim());
dw.Insert();
Response.Redirect("~/User/Doctor/Dashboard.aspx");
}
catch
{
}
}
protected void Button12_Click(object sender, EventArgs e)
{
try
{
string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString();
DataWorksClass dw = new DataWorksClass(constring);
dw.SetCommand("SELECT MAX(Lab_report_ID) FROM Labreport");
int labid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("SELECT MAX(Urine_report_ID) FROM Urinereport");
int urid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("INSERT INTO Labreport(Lab_report_ID,Medical_officer,Patient_ID ,Issue_date,Issue_month,Issue_year,Report_type) VALUES(@lid,@moff,@pid,@isd,@ism,@isy,@rtype)");
dw.SetSqlCommandParameters("lid", labid);
dw.SetSqlCommandParameters("moff", DropDownList13.SelectedValue);
dw.SetSqlCommandParameters("pid", ApptP_ID);
dw.SetSqlCommandParameters("isd", DropDownList14.SelectedValue);
dw.SetSqlCommandParameters("ism", DropDownList15.SelectedValue);
dw.SetSqlCommandParameters("isy", DropDownList16.SelectedValue);
dw.SetSqlCommandParameters("rtype", "Urine");
dw.Insert();
dw.SetCommand("INSERT INTO Urinereport(Urine_report_ID ,Lab_report_ID,Glucose,Protein,Crystal,Acidity,Pat_ID,Other) VALUES(@Urine_report_ID,@Lab_report_ID,@Glucose,@Protein,@Crystal,@Acidity,@Pat_ID,@Other)");
dw.SetSqlCommandParameters("Urine_report_ID", urid);
dw.SetSqlCommandParameters("Lab_report_ID", labid);
dw.SetSqlCommandParameters("Glucose", TextBox16.Text.Trim());
dw.SetSqlCommandParameters("Protein", TextBox17.Text.Trim());
dw.SetSqlCommandParameters("Crystal", TextBox18.Text.Trim());
dw.SetSqlCommandParameters("Acidity", TextBox20.Text.Trim());
dw.SetSqlCommandParameters("Pat_ID", TextBox15.Text.Trim());
dw.SetSqlCommandParameters("Other", TextBox13.Text.Trim());
dw.Insert();
Response.Redirect("~/User/Doctor/Dashboard.aspx");
}
catch
{
}
}
protected void Button10_Click(object sender, EventArgs e)
{
try
{
string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString();
DataWorksClass dw = new DataWorksClass(constring);
dw.SetCommand("SELECT MAX(Lab_report_ID) FROM Labreport");
int labid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("SELECT MAX(Blood_report_ID) FROM Bloodreport");
int bloodrepid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("INSERT INTO Labreport(Lab_report_ID,Medical_officer,Patient_ID ,Issue_date,Issue_month,Issue_year,Report_type) VALUES(@lid,@moff,@pid,@isd,@ism,@isy,@rtype)");
dw.SetSqlCommandParameters("lid", labid);
dw.SetSqlCommandParameters("moff", DropDownList1.SelectedValue);
dw.SetSqlCommandParameters("pid", ApptP_ID);
dw.SetSqlCommandParameters("isd", DropDownList3.SelectedValue);
dw.SetSqlCommandParameters("ism", DropDownList4.SelectedValue);
dw.SetSqlCommandParameters("isy", DropDownList6.SelectedValue);
dw.SetSqlCommandParameters("rtype", "Blood");
dw.Insert();
dw.SetCommand("INSERT INTO Bloodreport(Blood_report_ID ,Lab_report_ID,Red_blood_cells,White_blood_cells,Glucose,Blood_type,Hemoglobin,Platelets,Other) VALUES(@bid,@lid,@redbcell,@whitebcell ,@glu,@btype,@hemog,@plate,@other)");
dw.SetSqlCommandParameters("bid", bloodrepid);
dw.SetSqlCommandParameters("lid", labid);
dw.SetSqlCommandParameters("redbcell", TextBox2.Text.Trim());
dw.SetSqlCommandParameters("whitebcell", TextBox3.Text.Trim());
dw.SetSqlCommandParameters("glu", TextBox5.Text.Trim());
dw.SetSqlCommandParameters("btype", TextBox24.Text.Trim());
dw.SetSqlCommandParameters("hemog", TextBox6.Text.Trim());
dw.SetSqlCommandParameters("plate", TextBox8.Text.Trim());
dw.SetSqlCommandParameters("other", TextBox7.Text.Trim());
dw.Insert();
Response.Redirect("~/User/Doctor/Dashboard.aspx");
}
catch {
}
}
protected void Button1_Click(object sender, EventArgs e)
{
string pid = Session["Patient_ID"].ToString();
DateTime d = DateTime.Now;
string date = d.ToString("yyyy-MM-dd");
//string date = GridView1.SelectedRow.Cells[1].Text;
dw.SetCommand("SELECT No_of_patient FROM Appointment_date WHERE Date = @date and Doctor_ID = @did");
dw.SetSqlCommandParameters("date", date);
dw.SetSqlCommandParameters("did", session1);
int count1 = Convert.ToInt32(dw.GetSingleData()) - 1;
dw.SetCommand("SELECT appointmentdate_ID from Appointment_date WHERE Date = @date and Doctor_ID = @did");
dw.SetSqlCommandParameters("date", date);
dw.SetSqlCommandParameters("did", session1);
string appointmentdateid = dw.GetSingleData().Trim();
dw.SetCommand("SELECT COUNT(Channel_no) FROM Channel WHERE Doctor_ID = @did and Patient_ID = @pid and chan_date = @date");
dw.SetSqlCommandParameters("did", session1);
dw.SetSqlCommandParameters("pid", Session["Patient_ID"].ToString().Trim());
dw.SetSqlCommandParameters("date", date);
int i = Convert.ToInt32(dw.GetSingleData());
if (i < 1)
{
dw.SetCommand("UPDATE Appointment_date SET No_of_patient = @count WHERE Date = @dte and Doctor_ID = @did");
dw.SetSqlCommandParameters("dte", date);
dw.SetSqlCommandParameters("did", session1);
dw.SetSqlCommandParameters("count", count1);
dw.Update();
dw.SetCommand("SELECT MAX(Channel_no) from Channel");
int channelno = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("INSERT INTO Channel (Channel_no,Doctor_ID,appointmentdate_ID,Patient_ID,chan_date) VALUES (@chlno,@docid,@appno,@patid,@date)");
dw.SetSqlCommandParameters("chlno", channelno);
dw.SetSqlCommandParameters("docid", Label6.Text.Trim());
dw.SetSqlCommandParameters("appno", appointmentdateid);
dw.SetSqlCommandParameters("patid", pid);
dw.SetSqlCommandParameters("date", date);
dw.Insert();
dw.SetCommand("SELECT No_of_patient FROM Appointment_date WHERE Date = @dte and Doctor_ID = @did");
if (count1 == 0)
{
dw.SetCommand("UPDATE Appointment_date SET Availability = @ava WHERE Date = @dte and Doctor_ID = @did");
dw.SetSqlCommandParameters("dte", date);
dw.SetSqlCommandParameters("did", session1);
dw.SetSqlCommandParameters("ava", "NOT AVAILABLE");
dw.Update();
}
else
{
dw.SetCommand("UPDATE Appointment_date SET Availability = @ava WHERE Date = @dte and Doctor_ID = @did");
dw.SetSqlCommandParameters("dte", date);
dw.SetSqlCommandParameters("did", session1);
dw.SetSqlCommandParameters("ava", "AVAILABLE");
dw.Update();
}
//Email Start......................................................
string uid = Session["User_ID"].ToString();
string uname = Session["User_name"].ToString();
dw.SetCommand(@"SELECT User_name FROM namal WHERE User_ID = @uid");
dw.SetSqlCommandParameters("uid", uid);
string check = dw.GetSingleData();
if (check == uname)
{
dw.SetDataAdapter(@"SELECT E_mail, User_name FROM namal WHERE User_ID = '" + uid + "' ");
DataTable dt = dw.GetDataTable();
string email = (dt.Rows[0][0].ToString()).Trim();
string username = (dt.Rows[0][1].ToString()).Trim();
//dw.SetCommand("SELECT Channel_no FROM Channel WHERE ");
//dw.SetSqlCommandParameters("uname", txtuname.Text.Trim());
//dw.SetSqlCommandParameters("email", txtemail.Text.Trim());
//dw.SetSqlCommandParameters("nic", txtnic.Text.Trim());
//string pass = dw.GetSingleData().Trim();
MailMessage mm = new MailMessage("*****@*****.**", email); //(your gmail,receiver gmail)
mm.Subject = "KDU CMS | Appintment Has Been Approved!"; //Subject
mm.Body = "<b>" + "Dear " + TextBox5.Text.Trim() + "," + "</b> <br>" + "Your appointment has been approved by KDU Online Channelling and Management System." + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "Your Channel Number " + "</td>" + "<td>" + "<b>" + channelno + "</b>" + "</td>" + "</tr>" + "<tr>" + "<td>" + "Your Reserved Date " + "</td>" + "<td>" + "<b>" + TextBox3.Text.Trim() + "</b>" + "</td>" + "</tr>" + "<tr>" + "<td>" + "Doctor " + "</td>" + "<td>" + "<b>" + TextBox2.Text.Trim() + "</b>" + "</td>" + "</tr>" + "<tr>" + "<td>" + "Specialization " + "</td>" + "<td>" + "<b>" + TextBox4.Text.Trim() + "</b>" + "</td>" + "</tr>" + "</table>" + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "<img src=\"https://preview.ibb.co/kaGrEf/logo.png\" width=\"50px\">" + " " + "</td>" + "<td>" + "<b>" + "KDU Channeling Center," + "<br>" + "General Sir John Kotelawala Defence University," + "<br>" + "Southern Campus," + "<br>" + "Sooriyawewa." + "<br>" + "+94718810575" + "</b>" + "</td>" + "</tr>" + "</table>"; //Message
//+"<table>"+
// "<tr>"+
// "<td>" + "Your Channel Number " + "</td>" +
// "<td>" + "<b>" + channelno + "</b>" + "</td>" +
// "</tr>"+
// "<tr>" +
// "<td>" + "Your Reserved Date " + "</td>" +
// "<td>" + "<b>" + TextBox3.Text.Trim() + "</b>" + "</td>" +
// "</tr>" +
// "<tr>" +
// "<td>" + "Doctor " + "</td>" +
// "<td>" + "<b>" + TextBox2.Text.Trim() + "</b>" + "</td>" +
// "</tr>" +
// "<tr>" +
// "<td>" + "Specialization " +"</td>" +
// "<td>" + "<b>" + TextBox4.Text.Trim() + "</b>" + "</td>" +
// "</tr>" +
//"</table>"+
//+"<table>" +
// "<tr>" +
// "<td>" + "<img src=\"https://preview.ibb.co/kaGrEf/logo.png\" width=\"50px\">" + " " + "</td>" +
// "<td>" + "<b>" + "KDU Channeling Center,"+"<br>"+"General Sir John Kotelawala Defence University,"+"<br>"+"Southern Campus,"+"<br>"+"Sooriyawewa."+"<br>"+"+94718810575"+"</b>" + "</td>" +
// "</tr>" +
//"</table>" +
mm.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.EnableSsl = true;
NetworkCredential networkcred = new NetworkCredential("*****@*****.**", "KDU123cms");//(your gmail & gmail password)
smtp.UseDefaultCredentials = true;
smtp.Credentials = networkcred;
smtp.Port = 587;
smtp.Send(mm);
//Response.Write("<script language=javascript>alert('BOOKING SUCCESSFULL! CHECK YOUR EMAILS!')</script>");
}
else
{
Response.Write("<script language=javascript>alert('YOUR DETAILS ARE NOT MATCH WITH YOUR ACCOUNT DETAILS !!!!')</script>");
}
}
else
{
Response.Write("<script language=javascript>alert('You have an appointment already for this date !!!!')</script>");
}
//---------------------------------End Email
Response.Write("<script language=javascript>alert('BOOKING SUCCESSFULL! CHECK YOUR EMAILS!')</script>");
Response.Redirect("~/User/Patient/Appointments.aspx");
Response.Write("<script language=javascript>alert('You have an appointment already for this date !!!!')</script>");
}
protected void btnreg_Click(object sender, EventArgs e)
{
string type = drpStaffType.SelectedValue.Trim();
// ====================================================================================================================== case 1
string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString();
DataWorksClass dw = new DataWorksClass(constring);
dw.SetCommand("SELECT count(User_ID) FROM namal WHERE User_name = @uname");
dw.SetSqlCommandParameters("uname", txtuname.Text.Trim());
int count1 = Convert.ToInt32(dw.GetSingleData().Trim());
if (count1 < 1)
{
dw.SetCommand("SELECT MAX(User_ID) FROM namal");
int count = Convert.ToInt32(dw.GetSingleData()) + 1;
if (txtpassword.Text.Trim() == txtconfirmpassword.Text.Trim())
{
const int MIN_LENGTH = 8;
const int MAX_LENGTH = 15;
if (txtpassword.Text == null)
{
throw new ArgumentNullException();
}
bool meetsLengthRequirements = txtpassword.Text.Trim().Length >= MIN_LENGTH && txtpassword.Text.Trim().Length <= MAX_LENGTH;
bool hasUpperCaseLetter = false;
bool hasLowerCaseLetter = false;
bool hasDecimalDigit = false;
if (meetsLengthRequirements)
{
foreach (char c in txtpassword.Text.Trim())
{
if (char.IsUpper(c))
{
hasUpperCaseLetter = true;
}
else if (char.IsLower(c))
{
hasLowerCaseLetter = true;
}
else if (char.IsDigit(c))
{
hasDecimalDigit = true;
}
}
bool isValid = meetsLengthRequirements &&
hasUpperCaseLetter &&
hasLowerCaseLetter &&
hasDecimalDigit
;
if (isValid == true)
{
dw.SetCommand("INSERT INTO namal(User_ID,User_name,Password,E_mail,Type) VALUES (@uid,@uname,@pass,@email,@type)");
dw.SetSqlCommandParameters("uid", count.ToString());
dw.SetSqlCommandParameters("uname", txtuname.Text.Trim());
dw.SetSqlCommandParameters("pass", txtpassword.Text.Trim());
dw.SetSqlCommandParameters("email", txtemail.Text.Trim());
dw.SetSqlCommandParameters("type", type);
dw.Insert();
switch (type)
{
case "doctor":
dw.SetCommand("select max(Doctor_ID) from Doctor");
int did = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("INSERT INTO Doctor(Doctor_ID,User_ID) VALUES (@did,@uid)");
dw.SetSqlCommandParameters("did", did);
dw.SetSqlCommandParameters("uid", count);
dw.Insert();
break;
case "nurse":
dw.SetCommand("SELECT MAX(Nurse_ID) FROM Nurse");
int nid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("insert into Nurse(Nurse_ID,User_ID) VALUES (@nid,@uid)");
dw.SetSqlCommandParameters("nid", nid);
dw.SetSqlCommandParameters("uid", count);
dw.Insert();
break;
case "admin":
dw.SetCommand("SELECT MAX(Admin_ID) FROM Admin");
int aid = Convert.ToInt32(dw.GetSingleData()) + 1;
dw.SetCommand("insert into Admin(Admin_ID,User_ID) VALUES (@aid,@uid)");
dw.SetSqlCommandParameters("aid", aid);
dw.SetSqlCommandParameters("uid", count);
dw.Insert();
break;
}
//Email Start......................................................
string email = txtemail.Text.Trim();
string pass = txtpassword.Text.Trim();
string uname = txtuname.Text.Trim();
MailMessage mm = new MailMessage("*****@*****.**", email); //(your gmail,receiver gmail)
mm.Subject = "KDU CMS | Registration Success!"; //Subject
mm.Body = "<b>" + "Dear " + txtuname.Text.Trim() + "," + "</b> <br>" + "You have registered on KDU Online Channelling and Management System." + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "Your Username " + "</td>" + "<td>" + "<b>" + uname + "</b>" + "</td>" + "</tr>" + "</table>" + "<br> <br>" + "<i>" + "Important! Keep your username and password in a secure place." + "</i>" + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "<img src=\"https://preview.ibb.co/kaGrEf/logo.png\" width=\"50px\">" + " " + "</td>" + "<td>" + "<b>" + "KDU Channeling Center," + "<br>" + "General Sir John Kotelawala Defence University," + "<br>" + "Southern Campus," + "<br>" + "Sooriyawewa." + "<br>" + "+94718810575" + "</b>" + "</td>" + "</tr>" + "</table>"; //Message
mm.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.EnableSsl = true;
NetworkCredential networkcred = new NetworkCredential("*****@*****.**", "KDU123cms"); //(your gmail & gmail password)
smtp.UseDefaultCredentials = true;
smtp.Credentials = networkcred;
smtp.Port = 587;
smtp.Send(mm);
//---------------------------------End Email
txtuname.Text = "";
txtpassword.Text = "";
txtemail.Text = "";
txtconfirmpassword.Text = "";
Response.Write("<script language=javascript>alert('SUCCESSFULLY REGISTERED!!!')</script>");
Response.Redirect("~/User/Admin/AdminDefault.aspx");
}
else
{
string ss = "PASSWORD SHOULD BE INCLUDED LOWER CASES AND UPPER CASES";
lbl1.Visible = true;
lbl1.Text = ss;
}
}
else
{
string ss = "Password Length should be in 8 to 15";
lbl1.Visible = true;
lbl1.Text = ss;
}
}
else
{
string ss = "PASSWORDS ARE NOT MATCHING!!!!";
lbl2.Visible = true;
lbl2.Text = ss;
}
}
else
{
string ss = "THIS USER NAME ALREADY IN USE";
lbl3.Visible = true;
lbl3.Text = ss;
}
}
protected void btnlogin_Click(object sender, EventArgs e)
{
string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString();
DataWorksClass dw = new DataWorksClass(constring);
dw.SetCommand(@"select count(User_ID) from namal where User_name=@username and Password = @password");
dw.SetSqlCommandParameters("username", txtuname.Text.Trim());
dw.SetSqlCommandParameters("password", txtpassword.Text.Trim());
int count = Convert.ToInt32(dw.GetSingleData());
dw.SetCommand("SELECT MAX(id) FROM loginlog");
int i = Convert.ToInt32(dw.GetSingleData()) + 1;
DateTime d = DateTime.Now;
string date = d.ToString("yyyy-MM-dd");
string time = d.ToString("hh:mm:ss");
//validating the user
if (count == 1)
{
dw.SetDataAdapter(@"select Type,User_name,User_ID from namal where User_name=@username and Password = @password");
dw.SetDataAdapterParameters("username", txtuname.Text.Trim());
dw.SetDataAdapterParameters("password", txtpassword.Text.Trim());
DataTable dt = dw.GetDataTable();
string uname = (dt.Rows[0][1].ToString()).Trim();
string type = (dt.Rows[0][0].ToString()).Trim();
string uid = (dt.Rows[0][2].ToString()).Trim();
Session["User_ID"] = uid;
Session["type"] = type;
dw.SetCommand("SELECT Patient_ID FROM Patient WHERE User_ID = @uid");
dw.SetSqlCommandParameters("uid", uid);
string pid = dw.GetSingleData().Trim();
Session["Patient_ID"] = pid;
//filling login log table
dw.SetCommand("INSERT INTO loginlog (id,username,attempt,date,time,type) VALUES (@id,@uname,@attempt,@date,@time,@type)");//,,
dw.SetSqlCommandParameters("id", i);
dw.SetSqlCommandParameters("uname", txtuname.Text.Trim());
dw.SetSqlCommandParameters("attempt", "success");
dw.SetSqlCommandParameters("date", date);
dw.SetSqlCommandParameters("time", time);
dw.SetSqlCommandParameters("type", type);
dw.Insert();
Session["User_name"] = uname;
//checking the type of users
switch (type)
{
case "doctor":
dw.SetCommand("SELECT Doctor_ID FROM Doctor WHERE User_ID = @uid");
dw.SetSqlCommandParameters("uid", uid);
string did = dw.GetSingleData().Trim();
Session["Doctor_ID"] = did;
if (CheckBox1.Checked)
{
Session["ok"] = "go";
}
else
{
Session["ok"] = null;
}
Session["User_name"] = uname;
Response.Redirect("~/User/Doctor/Appointments.aspx");
break;
case "patient":
if (CheckBox1.Checked)
{
Session["ok"] = "go";
}
else
{
Session["ok"] = null;
}
Session["User_name"] = uname;
Response.Redirect("~/Default.aspx");
break;
case "admin":
dw.SetCommand("SELECT Admin_ID FROM Admin WHERE User_ID = @uid");
dw.SetSqlCommandParameters("uid", uid);
string aid = dw.GetSingleData().Trim();
Session["Admin_ID"] = aid;
if (CheckBox1.Checked)
{
Session["ok"] = "go";
}
else
{
Session["ok"] = null;
}
Session["User_name"] = uname;
Response.Redirect("~/User/Admin/AdminDefault.aspx");
break;
case "nurse":
dw.SetCommand("SELECT Nurse_ID FROM Nurse WHERE User_ID = @uid");
dw.SetSqlCommandParameters("uid", uid);
string nid = dw.GetSingleData().Trim();
Session["Nurse_ID"] = nid;
if (CheckBox1.Checked)
{
Session["ok"] = "go";
}
else
{
Session["ok"] = null;
}
Session["User_name"] = uname;
Response.Redirect("~/User/Nurse/NurseDefault.aspx");
break;
}
}
else
{
//print a error msg when user try to login without providing user credentials and in here userlogs table not filling
if (txtuname.Text == "" || txtpassword.Text == "")
{
Response.Write("<script language=javascript>alert('PLZ FILL THE USERNAME AND PASSWORD FIELDS!!!!')</script>");
}
else if (txtuname.Text != "" || txtpassword.Text != "")
{
//filing loginlog table
dw.SetCommand("INSERT INTO loginlog (id,username,attempt,date,time,type) VALUES (@id,@uname,@attempt,@date,@time,@type)");//,,
dw.SetSqlCommandParameters("id", i);
dw.SetSqlCommandParameters("uname", txtuname.Text.Trim());
dw.SetSqlCommandParameters("attempt", "not success");
dw.SetSqlCommandParameters("date", date);
dw.SetSqlCommandParameters("time", time);
dw.SetSqlCommandParameters("type", "unbound");
dw.Insert();
Response.Write("<script language=javascript>alert('WRONG CREDENTIALS!!!!')</script>");
}
}
}
