protected void butLogin_Click(object sender, EventArgs e) { string connectionString = ConfigurationManager.AppSettings.Get("connString"); //Response.Redirect("Links.aspx"); AuthTable user = new AuthTable(); user.Username = txtUsername.Text; if (txtUsername.Text!="Admin") { user.Password = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1"); } else { user.Password = txtPassword.Text; } BusinessLayer businessLayerObj = new BusinessLayer(); bool isRegistered = businessLayerObj.IsRegisteredUser(user, connectionString); if (isRegistered) { Session["Username"] = user.Username; Session["SignedIn"] = true; user.Role = businessLayerObj.GetUser(user, connectionString).Role; Session["Role"] = user.Role; FormsAuthentication.RedirectFromLoginPage(user.Username, false); //Response.Redirect("index.aspx"); //if (Session["Role"].ToString() == "0") //{ // Response.Redirect("UserHome.aspx"); //} //else if (Session["Role"].ToString() == "1") //{ // Response.Redirect("DoctorHome.aspx"); //} //else if (Session["Role"].ToString() == "2") //{ // Response.Redirect("AdminHome.aspx"); //} } }
private bool IsUsernamePresent(AuthTable authUser, string connString) { SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50); SqlParameter pResult = new SqlParameter("@Result", SqlDbType.Bit); pResult.Direction = ParameterDirection.Output; pUsername.Value = authUser.Username; SqlCommand cmdSQL = new SqlCommand(); cmdSQL.CommandType = CommandType.StoredProcedure; cmdSQL.CommandText = "usp_IsUsernamePresent"; cmdSQL.Parameters.Add(pUsername); cmdSQL.Parameters.Add(pResult); DataLayer dataLayerObj = new DataLayer(); cmdSQL = dataLayerObj.Select(cmdSQL, connString); bool numUser = bool.Parse(pResult.Value.ToString()); return numUser; }
private bool IsValidUserData(Users user, AuthTable authUser, out string message) { bool isValidUser = true; string errorMessage = string.Empty; if (string.IsNullOrEmpty(user.Username.Trim())) { isValidUser = false; errorMessage += "Please enter Username." + "<br />"; } else if (user.Username.Length > 50) { isValidUser = false; errorMessage += "Username can be upto 50 characters." + "<br />"; } if (string.IsNullOrEmpty(user.UserFullName.Trim())) { isValidUser = false; errorMessage += "Please enter valid Full Name." + "<br />"; } else if (user.UserFullName.Length > 100) { isValidUser = false; errorMessage += "Full name can be upto 100 characters." + "<br />"; } DateTime date; bool isValidDate = DateTime.TryParse(user.UserDOB.ToString(), out date); if (!isValidDate) { isValidUser = false; errorMessage += "Please enter valid Date of Birth." + "<br />"; } else if (date.CompareTo(DateTime.Now) >= 0) { isValidUser = false; errorMessage += "Please enter valid Date of Birth." + "<br />"; } string emailRegex = @"^(?("")("".+?""@)|(([0-9a-zA-Z]((\.(?!\.))|[-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*)(?<=[0-9a-zA-Z])@))(?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])|(([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,6}))$"; if(!Regex.IsMatch(user.UserEmailId,emailRegex)) { isValidUser = false; errorMessage += "Please enter valid email-id ([email protected])" + "<br />"; } if (string.IsNullOrEmpty(authUser.Password)) { isValidUser = false; errorMessage += "Please enter valid Password." + "<br />"; } message = errorMessage; return isValidUser; }
private DataSet GetUserData(AuthTable user, string connString) { SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50); pUsername.Value = user.Username; SqlCommand cmdSQL = new SqlCommand(); cmdSQL.CommandType = CommandType.StoredProcedure; cmdSQL.CommandText = "usp_SelectUserByUsername"; cmdSQL.Parameters.Add(pUsername); DataLayer dataLayerObj = new DataLayer(); DataSet ds = dataLayerObj.GetQuery(cmdSQL, connString); return ds; }
public bool IsRegisteredUser(AuthTable user, string connString) { SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50); SqlParameter pPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50); SqlParameter pResult = new SqlParameter("@Result", SqlDbType.Bit); pUsername.Value = user.Username; pPassword.Value = user.Password; pResult.Direction = ParameterDirection.Output; SqlCommand cmdSQL = new SqlCommand(); cmdSQL.CommandType = CommandType.StoredProcedure; cmdSQL.CommandText = "usp_ValidateUserPassword"; cmdSQL.Parameters.Add(pUsername); cmdSQL.Parameters.Add(pPassword); cmdSQL.Parameters.Add(pResult); DataLayer dataLayerObj = new DataLayer(); cmdSQL = dataLayerObj.Select(cmdSQL, connString); return bool.Parse(pResult.Value.ToString()); }
public Users InsertUsers(Users user, AuthTable authUser, string connString) { string errorMessage = string.Empty; if (IsValidUserData(user, authUser, out errorMessage)) { SqlParameter pUsername = new SqlParameter("@Username", SqlDbType.NVarChar, 50); SqlParameter pUserFullName = new SqlParameter("@UserFullName", SqlDbType.NVarChar, 100); SqlParameter pUserEmailId = new SqlParameter("@UserEmailId", SqlDbType.NVarChar, 100); SqlParameter pUserGender = new SqlParameter("@UserGender", SqlDbType.Bit); SqlParameter pUserDOB = new SqlParameter("@UserDOB", SqlDbType.SmallDateTime); SqlParameter pUserAreaOfInterest = new SqlParameter("@UserAreaOfInterest", SqlDbType.NVarChar, 100); SqlParameter pUsernameAuth = new SqlParameter("@Username", SqlDbType.NVarChar, 50); SqlParameter pPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50); SqlParameter pRole = new SqlParameter("@Role", SqlDbType.Int); pUsername.Value = user.Username; pUserFullName.Value = user.UserFullName; pUserEmailId.Value = user.UserEmailId; pUserGender.Value = user.UserGender; pUserDOB.Value = user.UserDOB; pUserAreaOfInterest.Value = user.UserAreaOfInterest; pUsernameAuth.Value = user.Username; pPassword.Value = authUser.Password; pRole.Value = authUser.Role; SqlCommand cmdSQL = new SqlCommand(); cmdSQL.CommandType = CommandType.StoredProcedure; cmdSQL.CommandText = "usp_InsertAuthTable"; cmdSQL.Parameters.Add(pUsernameAuth); cmdSQL.Parameters.Add(pPassword); cmdSQL.Parameters.Add(pRole); bool isUsernamePresent = IsUsernamePresent(authUser, connString); DataLayer dataLayerObj = new DataLayer(); if (!isUsernamePresent) { cmdSQL = dataLayerObj.Insert(cmdSQL, connString); } else { errorMessage = "Username already Present." + "<br/>" + errorMessage; } cmdSQL = new SqlCommand(); cmdSQL.CommandType = CommandType.StoredProcedure; cmdSQL.CommandText = "usp_InsertUser"; cmdSQL.Parameters.Add(pUsername); cmdSQL.Parameters.Add(pUserFullName); cmdSQL.Parameters.Add(pUserEmailId); cmdSQL.Parameters.Add(pUserGender); cmdSQL.Parameters.Add(pUserDOB); cmdSQL.Parameters.Add(pUserAreaOfInterest); if (!isUsernamePresent) { cmdSQL = dataLayerObj.Insert(cmdSQL, connString); } else { throw new Exception(errorMessage); ; } } else { throw new Exception(errorMessage); } return user; }
public AuthTable GetUser(AuthTable user, string connString) { DataSet dsUser = GetUserData(user, connString); user.Role = int.Parse(dsUser.Tables[0].Rows[0][0].ToString()); user.UserId = int.Parse(dsUser.Tables[0].Rows[0][1].ToString()); return user; }
protected void butSubmit_Click(object sender, EventArgs e) { string connString = ConfigurationManager.AppSettings.Get("connString"); BusinessLayer bussinessLayerObj = new BusinessLayer(); AuthTable authUser = new AuthTable(); if (txtPassword.Text.Trim() != string.Empty) { authUser.Password = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1"); } else { authUser.Password = txtPassword.Text.Trim(); } if (cblIsDoctor.SelectedValue!="true") { authUser.Role = (int)Role.User; Users user = new Users(); user.Username = txtUsername.Text.Trim(); authUser.Username = txtUsername.Text.Trim(); user.UserFullName = txtUserFullName.Text.Trim(); DateTime dob; user.UserDOB = !DateTime.TryParse(txtDoB.Value, out dob) ? null : (DateTime?)DateTime.Parse(txtDoB.Value); user.UserGender = bool.Parse(rblGender.SelectedValue); user.UserEmailId = txtEmailId.Text.Trim(); user.UserAreaOfInterest = ddlInterestList.SelectedValue; try { bussinessLayerObj.InsertUsers(user, authUser, connString); Response.Redirect("Login.aspx"); } catch (Exception ex) { lblErrors.Text = ex.Message; } } else { authUser.Role = (int)Role.Doctor; Doctor doctor = new Doctor(); doctor.DocName = txtUserFullName.Text.Trim(); doctor.Username = txtUsername.Text.Trim(); authUser.Username = txtUsername.Text.Trim(); DateTime dob; doctor.DocDateOfBirth = !DateTime.TryParse(txtDoB.Value, out dob) ? null : (DateTime?)DateTime.Parse(txtDoB.Value); doctor.DocGender = bool.Parse(rblGender.SelectedValue); doctor.DocEmailId = txtEmailId.Text.Trim(); doctor.DocAreaOfInterest = ddlInterestList.SelectedValue; doctor.DocIsApproved = false; doctor.DocLicenseNo = int.Parse(txtLicNo.Text.Trim()); try { bussinessLayerObj.InsertDoctor(doctor, authUser, connString); Response.Redirect("Login.aspx"); } catch (Exception ex) { lblErrors.Text = ex.Message; } } }