protected void DiscAllButton_Click(object sender, EventArgs e)
{
string updaterId = "",
updateCode = "DISC_DWA";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(DeptNameLabel.Text);
values.Add("");
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add("all");
int status = DataConsumer.executeProcedure("dept_ward_disc", values);
StatusLabel.CssClass = "success";
StatusLabel.Text = "Successful removal.<br/>Department name: " + DeptNameLabel.Text + ".<br/>Number of wards removed: " +
ListView1.Items.Count;
BindListView();
CancelButton_Click(new object(), new EventArgs());
}
protected void EmailButton_Click(object sender, EventArgs e)
{
try
{
string emailInfo = DataProvider.ChangePassword.getEmailPassword(EmailBox.Text.Trim().ToUpper()); //get user's email
DataTable dt = HospitalClass.getDataTable(emailInfo);
if (dt.Rows.Count > 0)
{
string firstName = HospitalClass.PascalCasing(dt.Rows[0][0].ToString());
string userId = dt.Rows[0][1].ToString();
string password = HospitalClass.Decrypt(dt.Rows[0][2].ToString());
string message = string.Format("Good day user {0}.\r\n\r\nYour user Id is: {1}\r\nYour password is: {2}", firstName, userId, password);
MailMessage myMessage = new MailMessage();
myMessage.Body = message;
//myMessage.From = new MailAddress(EmailBox.Text, UsernameBox.Text); //Unneccesary, set at web.config
myMessage.To.Add(new MailAddress(EmailBox.Text.Trim()));
SmtpClient mySender = new SmtpClient();
mySender.Send(myMessage); //uses config file settings to send message
string updaterId = "",
updateCode = "PWD_SND";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = (string)Session["User"];
}
List <string> values = new List <string>();
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add((string)Session["User"]);
int status = DataConsumer.executeProcedure("audit_trail_proc", values);
EmailLabel.CssClass = "success normal";
EmailLabel.Text = "Successful.<br/>Check your E-mail box for details.";
}
else
{
EmailLabel.CssClass = "error paraNormal";
if (EmailBox.Text.Length == 0)
{
EmailLabel.Text = "Please enter an email";
}
else
{
EmailLabel.Text = "Email does not exist";
}
}
}
catch (Exception ex)
{
EmailLabel.CssClass = "error paraNormal";
EmailLabel.Text = "Error: " + ex.Message;
}
}
protected void DeletePicButton_Click(object sender, EventArgs e)
{
string chkQuery = DataProvider.LoggedInPage.getPicAddress((string)Session["User"]);
DataTable dt = HospitalClass.getDataTable(chkQuery);
if (dt.Rows.Count > 0 && dt.Rows[0][0].ToString() != "~\\Images\\UploadProfilePicture.PNG")
{
chkQuery = "delete";
string updaterId = UpdaterId();
//delete picture from server
if (dt.Rows.Count == 1)
{
System.IO.File.Delete(Server.MapPath(dt.Rows[0][0].ToString()));
}
//update information at the database
List <string> values = new List <string>();
values.Add((string)Session["User"]);
values.Add("~\\Images\\UploadProfilePicture.PNG");
values.Add(HospitalClass.getTransactionId());
values.Add("IMG_DEL");
values.Add(updaterId);
values.Add(chkQuery);
int status = DataConsumer.executeProcedure("image_upload", values);
ProfilePic.ImageUrl = "~\\Images\\UploadProfilePicture.PNG";
UploadPicLabel.CssClass = "success";
UploadPicLabel.Text = "Deleted";
}
else
{
UploadPicLabel.CssClass = "error";
UploadPicLabel.Text = "No picture exists";
}
}
protected void LogOutLinkButton_Click(object sender, EventArgs e)
{
string updateCode = "",
updaterId = "",
userId = "";
//set update code
if (Session["User"].ToString().StartsWith("SUP"))
{
updateCode = "SUP_LGO";
}
else if (Session["User"].ToString().StartsWith("ADM"))
{
updateCode = "ADM_LGO";
}
else if (Session["User"].ToString().StartsWith("DC"))
{
updateCode = "DOC_LGO";
}
else if (Session["User"].ToString().StartsWith("ST"))
{
updateCode = "STF_LGO";
}
else
{
updateCode = "PAT_LGO";
}
//set updater id
if (Session["SuperUser"] != null)
{
updaterId = Session["SuperUser"].ToString();
}
else if (Session["Admin"] != null)
{
updaterId = Session["Admin"].ToString();
}
else
{
updaterId = Session["User"].ToString();
}
//set user id
userId = Session["User"].ToString();
//dispose sessions
Session["SuperUser"] = null;
Session["Admin"] = null;
Session["User"] = null;
List <string> values = new List <string>();
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(userId);
int status = DataConsumer.executeProcedure("audit_trail_proc", values);
Response.Redirect("~/Login.aspx");
}
protected void DeleteButton_Click(object sender, EventArgs e)
{
try
{
addDelDiv.Visible = false;
if (ListView1.SelectedIndex >= 0)
{
string deptName = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text;
if (((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptWardsLabel")).Text == "0")
{
string updaterId = "",
updateCode = "DEPT_DEL";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add("");
values.Add(deptName);
values.Add("");
values.Add("");
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add("delete");
int status = DataConsumer.executeProcedure("dept_proc", values);
StatusLabel.CssClass = "success normal";
StatusLabel.Text = "Successful department deletion.<br>Department Id: " + ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptIdLabel")).Text +
"<br/>Department Name: " + deptName + ".";
SortButton_Click(new object(), new EventArgs());
}
else
{
StatusLabel.CssClass = "error normal";
StatusLabel.Text = "This department is already linked to ward(s).<br/>Disconnect/Unrelate before deleting.";
}
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "No item selected for deletion";
}
ListView1.SelectedIndex = -1;
}
catch (Exception ex)
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void DivAddButton_Click(object sender, EventArgs e)
{
if (DivOrganList.SelectedIndex != 0 && DivDescBox.Text.Length > 2 && DivStatusList.SelectedIndex != 0 && DivUserIdBox.Text.StartsWith("PAT"))
{
string updaterId = "",
updateCode = "DISB_ADD";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(DivOrganList.SelectedItem.Text);
values.Add(DivDescBox.Text);
values.Add(DivStatusList.SelectedItem.Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(DivUserIdBox.Text);
values.Add("insert");
int status = DataConsumer.executeProcedure("pat_disab_proc", values);
DivStatusLabel.CssClass = "success normal";
DivStatusLabel.Text = "Successfully added.<br/>Patient Id: " + DivUserIdBox.Text + ". <br/>Affected Organ: " + DivOrganList.SelectedItem.Text;
StatusLabel.CssClass = "success paraNormal";
StatusLabel.Text = "Done";
BindListView();
BindSearchListView();
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "User input error below";
DivStatusLabel.CssClass = "error paraNormal";
if (!DivUserIdBox.Text.StartsWith("PAT"))
{
DivStatusLabel.Text = "This user is not a patient. Please login using patient id";
}
else if (DivOrganList.SelectedIndex == 0)
{
DivStatusLabel.Text = "Please select an organ";
}
else if (DivDescBox.Text.Length <= 2)
{
DivStatusLabel.Text = "Please enter a valid description";
}
else
{
DivStatusLabel.Text = "Please select a status";
}
}
ListView1.SelectedIndex = -1;
}
protected void DeleteButton_Click(object sender, EventArgs e)
{
if (ListView1.SelectedIndex >= 0)
{
string updaterId = "",
updateCode = "";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
if (RoleList.SelectedIndex == 0)
{
updateCode = "DOC_WKDL";
}
else
{
updateCode = "STF_WKDL";
}
List <string> values = new List <string>();
values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkPlaceLabel")).Text);
values.Add("");
values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("PositionLabel")).Text);
values.Add("");
values.Add("");
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("UserIdLabel")).Text);
if (RoleList.SelectedIndex == 0)
{
values.Add("doc delete");
}
else
{
values.Add("stf delete");
}
int status = DataConsumer.executeProcedure("docstf_wk_proc", values);
StatusLabel.CssClass = "success paraNormal";
StatusLabel.Text = "Successfully deleted";
BindListView();
BindSearchListView();
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "No item selected for deletion";
}
ListView1.SelectedIndex = -1;
}
protected void ChangeButton_Click(object sender, EventArgs e)
{
try
{
string checkPassword = DataProvider.ChangePassword.getPassword(Session["User"].ToString()); //get the former password and check
DataTable dt = HospitalClass.getDataTable(checkPassword);
if (dt.Rows[0][0].ToString() == HospitalClass.Encrypt(OldPasswordBox.Text) && OldPasswordBox.Text != NewPasswordBox.Text)
{
string updaterId = "",
updateCode = "PWD_CHG";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = (string)Session["User"];
}
List <string> values = new List <string>();
values.Add(HospitalClass.Encrypt(NewPasswordBox.Text));
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add((string)Session["User"]);
int status = DataConsumer.executeProcedure("pwd_change", values);
UserStatusLabel.CssClass = "success paraNormal";
UserStatusLabel.Text = "Password was successfully changed";
}
else
{
UserStatusLabel.CssClass = "error normal";
if (OldPasswordBox.Text == NewPasswordBox.Text)
{
UserStatusLabel.Text = "Same password entered";
}
else
{
UserStatusLabel.Text = "Wrong password entered.<br/>Meet the system administrator for assistance";
}
}
}
catch (Exception ex)
{
UserStatusLabel.CssClass = "error paraNormal";
UserStatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void getPasswordButton_Click(object sender, EventArgs e)
{
try
{
string getPassword = DataProvider.ChangePassword.getPassword(UserIdBox.Text.Trim().ToUpper()); //get the user's password
DataTable dt = HospitalClass.getDataTable(getPassword);
if (UserIdBox.Text.Trim().Length == 6 || UserIdBox.Text.Trim().Length == 11 && dt.Rows.Count > 0) //unnecessary due to access restrictions
{
string updaterId = "",
updateCode = "PWD_GET";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(UserIdBox.Text.Trim().ToUpper());
int status = DataConsumer.executeProcedure("audit_trail_proc", values);
PasswordStatusLabel.CssClass = "success paraNormal";
PasswordStatusLabel.Text = "Your password is: " + HospitalClass.Decrypt(dt.Rows[0][0].ToString()); //display password
}
else
{
PasswordStatusLabel.CssClass = "error paraNormal";
if (dt.Rows.Count == 0)
{
PasswordStatusLabel.Text = UserIdBox.Text.Trim().ToUpper() + " is not a user on this system";
}
else if (UserIdBox.Text.Length == 0)
{
PasswordStatusLabel.Text = "User Id cannot be empty";
}
else
{
PasswordStatusLabel.Text = UserIdBox.Text.Trim().ToUpper() + " is not a valid id";
}
}
}
catch (Exception ex)
{
UserStatusLabel.CssClass = "error paraNormal";
UserStatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
string checkTopicExist = DataProvider.AddInformationPage.checkTopic(TopicBox.Text.Trim());
DataTable dt = HospitalClass.getDataTable(checkTopicExist);
if ((UserIdBox.Text.Length >= 3 && UserIdBox.Text.Length <= 32) && (TopicBox.Text.Trim().Length >= 2 && TopicBox.Text.Length <= 32) &&
(InfoBox.Text.Length >= 4 && InfoBox.Text.Length <= 256) && RecipientList.SelectedIndex != 0 && dt.Rows.Count == 0)
{
List <string> values = new List <string>();
values.Add(InfoBox.Text);
values.Add(RecipientList.SelectedItem.Value);
values.Add(HospitalClass.PascalCasing(TopicBox.Text.Trim()));
values.Add(HospitalClass.getTransactionId());
values.Add("INFO_ADD");
values.Add(UpdaterId());
values.Add(UserIdBox.Text);
values.Add("");
values.Add("insert");
int status = DataConsumer.executeProcedure("info_proc", values);
StatusLabel.CssClass = "success";
StatusLabel.Text = "Successful.<br/>Updater: " + UpdaterId() + ".";
}
else
{
StatusLabel.CssClass = "error";
if (dt.Rows.Count != 0)
{
StatusLabel.Text = "This topic already exists. Choose another topic name";
}
else if (RecipientList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select a recipient classification";
}
else if (!(UserIdBox.Text.Length >= 3 && UserIdBox.Text.Length <= 32))
{
StatusLabel.Text = "Please enter a valid user Id.<br/>Between 6 and 32 characters";
}
else if ((TopicBox.Text.Length >= 2 && TopicBox.Text.Length <= 32))
{
StatusLabel.Text = "Please enter a valid topic.<br/>Between 2 and 32 characters";
}
else
{
StatusLabel.Text = "Please enter valid information.<br/>Between 4 and 256 characters";
}
}
}
protected void RelateButton_Click(object sender, EventArgs e)
{
string updaterId = "",
updateCode = "DEPT_WRD";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
for (int i = 0; i < ListView1.Items.Count; i++)
{
values.Add(DeptNameLabel.Text);
values.Add(((Label)ListView1.Items[i].FindControl("WardNameLabel")).Text);
values.Add("");
values.Add("");
values.Add("");
values.Add("add");
int status = DataConsumer.executeProcedure("dept_ward_rel", values);
values.Clear();
}
values.Add(DeptNameLabel.Text);
values.Add("");
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add("final");
int statusFinal = DataConsumer.executeProcedure("dept_ward_rel", values);
StatusLabel.CssClass = "success";
StatusLabel.Text = "Successful relationship.<br/>Department Name: " + DeptNameLabel.Text + "<br/>Ward added: " +
ListView1.Items.Count.ToString() + ".";
clearWardTemp();
DeptNameLabel.Text = "";
noDeptSelected();
populateDeptList();
}
protected void DiscOneButton_Click(object sender, EventArgs e)
{
if (ListView1.SelectedIndex >= 0)
{
string updaterId = "",
updateCode = "DISC_DW1";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(DeptNameLabel.Text);
values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardNameLabel")).Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add("one");
int status = DataConsumer.executeProcedure("dept_ward_disc", values);
StatusLabel.CssClass = "success";
StatusLabel.Text = "Successful removal.<br/>Disconnected ward name: " +
((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardNameLabel")).Text;
BindListView();
if (ListView1.Items.Count <= 0)
{
CancelButton_Click(new object(), new EventArgs());
}
}
else
{
StatusLabel.CssClass = "error paraNormal";
if (ListView1.SelectedIndex < 0)
{
StatusLabel.Text = "No item selected for disconnection/unrelation";
}
}
ListView1.SelectedIndex = -1;
}
protected void DeleteButton_Click(object sender, EventArgs e)
{
if (ListView1.SelectedIndex >= 0)
{
string topic = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text;
List <string> values = new List <string>();
values.Add(topic);
values.Add(HospitalClass.getTransactionId());
values.Add("INFO_DEL");
values.Add(UpdaterId());
int status = DataConsumer.executeProcedure("info_del_proc", values);
TopicDelLabel.CssClass = "success";
TopicDelLabel.Text = "Topic Deleted: " + topic;
SortButton_Click(new object(), new EventArgs());
}
else
{
TopicDelLabel.CssClass = "error paraNormal";
TopicDelLabel.Text = "No item selected for deletion";
}
}
protected void SearchDeleteButton_Click(object sender, EventArgs e)
{
if (SearchListView.SelectedIndex >= 0)
{
string updaterId = "",
updateCode = "DISB_DEL";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add("");
values.Add(((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchDescLabel")).Text);
values.Add(((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchOrganLabel")).Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(SearchUserIdLabel.Text);
values.Add("delete");
int status = DataConsumer.executeProcedure("pat_disab_proc", values);
BindSearchListView();
BindListView();
SearchStatusLabel.CssClass = "success normal";
SearchStatusLabel.Text = "Successfully deleted";
}
else
{
SearchStatusLabel.CssClass = "error normal";
SearchStatusLabel.Text = "No item selected for deletion";
}
SearchListView.SelectedIndex = -1;
}
protected void ModifyDivButton_Click(object sender, EventArgs e)
{
string createId = "",
workPlace = "";
string dateRegex = @"^(?:0[1-9]|[12]\d|3[01])([\/.-])(?:0[1-9]|1[012])\1(?:19|20)\d\d$";
bool check = true;
if (HoldLabel.Text == "Search")
{
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("WorkPlaceLabel")).Text == DivWorkPlaceBox.Text;
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("WorkTypeLabel")).Text == DivWorkTypeBox.Text;
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("PositionLabel")).Text == DivPositionBox.Text;
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("DateStartLabel")).Text == DivStartDateBox.Text;
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("DateEndLabel")).Text == DivEndDateBox.Text;
createId = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("IdLabel")).Text;
workPlace = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("WorkPlaceLabel")).Text;
}
else
{
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkPlaceLabel")).Text == DivWorkPlaceBox.Text;
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkTypeLabel")).Text == DivWorkTypeBox.Text;
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("PositionLabel")).Text == DivPositionBox.Text;
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DateStartLabel")).Text == DivStartDateBox.Text;
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DateEndLabel")).Text == DivEndDateBox.Text;
createId = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("IdLabel")).Text;
workPlace = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkPlaceLabel")).Text;
}
if (!check && Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex) && Regex.IsMatch(DivEndDateBox.Text.Trim(), dateRegex))
{
string updaterId = "",
updateCode = "";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
if (RoleList.SelectedIndex == 0)
{
updateCode = "DOC_WKUD";
}
else
{
updateCode = "STF_WKUD";
}
List <string> values = new List <string>();
values.Add(DivWorkPlaceBox.Text);
values.Add(DivWorkTypeBox.Text);
values.Add(DivPositionBox.Text);
values.Add(DivStartDateBox.Text);
values.Add(DivEndDateBox.Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(createId);
if (RoleList.SelectedIndex == 0)
{
values.Add("doc update");
}
else
{
values.Add("stf update");
}
int status = DataConsumer.executeProcedure("docstf_wk_proc", values);
addDelDiv.Visible = false;
ListView1.SelectedIndex = -1;
SearchListView.SelectedIndex = -1;
StatusLabel.CssClass = "success normal";
StatusLabel.Text = "Successful update.<br/>User Id: " + DivUserIdBox.Text + "<br/>Work place: " + workPlace;
BindListView();
BindSearchListView();
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "User input error below";
string form = "(Format: 25/12/2000 or 25-12-2000).";
DivStatusLabel.CssClass = "error paraNormal";
if (check)
{
DivStatusLabel.Text = "No changes made";
}
else if (!Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex))
{
DivStatusLabel.Text = "Invalid start date. " + form;
}
else
{
DivStatusLabel.Text = "Invalid end date. " + form;
}
}
}
protected void UploadPicButton_Click(object sender, EventArgs e)
{
try
{
if (FileUpload1.HasFile && (FileUpload1.FileName.ToLower().EndsWith(".gif") || FileUpload1.FileName.ToLower().EndsWith(".jpg") ||
FileUpload1.FileName.ToLower().EndsWith(".bmp") || FileUpload1.FileName.ToLower().EndsWith(".png")) &&
FileUpload1.PostedFile.ContentLength <= 1048576)
{
string path = @"~\Uploads\";
string savedPath = Server.MapPath(path) + FileUpload1.FileName; //better for saving into IIS
FileUpload1.SaveAs(savedPath);
////To test image dimensions
//System.Drawing.Image i = System.Drawing.Image.FromFile(savedPath);
//if (i.PhysicalDimension.Height != 200 || i.PhysicalDimension.Width != 200)
//{
// FileUpload1.Dispose();
// i.Dispose();
// File.Delete(savedPath);
// throw new Exception("Incompatible dimensions. <br>Image must be 200px by 200px!");
//}
string chkQuery = DataProvider.LoggedInPage.getPictureAvailability((string)Session["User"]);
DataTable dt = HospitalClass.getDataTable(chkQuery);
string updateCode = "";
if (dt.Rows.Count > 0)
{
chkQuery = "update"; updateCode = "IMG_UPD";
}
else
{
chkQuery = "insert"; updateCode = "IMG_UPL";
}
string updaterId = UpdaterId();
List <string> values = new List <string>();
values.Add((string)Session["User"]);
values.Add(path + FileUpload1.FileName);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(chkQuery);
int status = DataConsumer.executeProcedure("image_upload", values);
string insertPicData = "update tobehospital.images set img=:image where user_id='" + (string)Session["User"] + "'";
status = DataConsumer.sendPictureToDatabase(insertPicData, FileUpload1.FileBytes);
ProfilePic.ImageUrl = path + FileUpload1.FileName;
UploadPicLabel.CssClass = "success";
UploadPicLabel.Text = "Done";
}
else
{
UploadPicLabel.CssClass = "error";
if (!FileUpload1.HasFile)
{
UploadPicLabel.Text = "Choose a picture";
}
else if (FileUpload1.PostedFile.ContentLength > 1048576)
{
UploadPicLabel.Text = "Too Large";
}
else
{
UploadPicLabel.Text = "Wrong Format";
}
}
}
catch (Exception ex)
{
UploadPicLabel.CssClass = "error";
UploadPicLabel.Text = "Error" + ex.Message;
HospitalClass.Log(ex);
}
}
protected void DeleteButton_Click(object sender, EventArgs e)
{
try
{
addDelDiv.Visible = false;
if (ListView1.SelectedIndex >= 0)
{
string wardName = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardNameLabel")).Text;
string wardNoQuery = DataProvider.Wards.roomDeptAvail(wardName); //check for room linkage
DataTable dt = HospitalClass.getDataTable(wardNoQuery);
if (dt.Rows[0][0].ToString() == "0" && ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardDeptLabel")).Text == "None")
{
string updaterId = "",
updateCode = "WARD_DEL";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add("");
values.Add(wardName);
values.Add("");
values.Add("");
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add("delete");
int status = DataConsumer.executeProcedure("ward_proc", values);
StatusLabel.CssClass = "success normal";
StatusLabel.Text = "Successful ward deletion.<br>Ward ID: " + ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardIdLabel")).Text +
"<br/>Ward Name: " + wardName + ".";
ListView1.SelectedIndex = -1;
SortButton_Click(new object(), new EventArgs());
}
else
{
StatusLabel.CssClass = "error normal";
if (dt.Rows[0][0].ToString() != "0")
{
StatusLabel.Text = "This ward is already linked to room(s).<br/>Disconnect/Unrelate before deleting.";
}
else
{
StatusLabel.Text = "This ward is linked to a parent department.<br/>Disconnect/Unrelate before deleting";
}
}
}
else
{
StatusLabel.CssClass = "error paraNormal";
if (ListView1.SelectedIndex < 0)
{
StatusLabel.Text = "No item selected for deletion";
}
}
}
catch (Exception ex)
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void DivModifyButton_Click(object sender, EventArgs e)
{
try
{
addDelDiv.Visible = true;
//check for changes
bool check = DivNameBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text.ToUpper();
check = check && DivIdBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptIdLabel")).Text.ToUpper();
check = check && DivDescBox.Text == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptDescLabel")).Text;
//check for existence
string checkDeptIdName = DataProvider.Departments.deptIdName(DivIdBox.Text.Trim().ToUpper(), HospitalClass.PascalCasing(DivNameBox.Text.Trim()));
DataTable dt = HospitalClass.getDataTable(checkDeptIdName);
//check fo acceptance of change
bool check2 = DivNameBox.Text.ToUpper() != ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text.ToUpper();
check2 = check2 && DivIdBox.Text.ToUpper() != ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptIdLabel")).Text.ToUpper();
if (DivNameBox.Text.Trim().Length >= 2 && DivDescBox.Text.Length >= 3 && DivIdBox.Text.Trim().Length >= 1 && !check &&
((check2 && dt.Rows.Count == 0) || (!check2 && dt.Rows.Count == 1)))
{
string updaterId = "",
updateCode = "DEPT_UPD";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(DivIdBox.Text.Trim().ToUpper());
values.Add(HospitalClass.PascalCasing(DivNameBox.Text.Trim()));
values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text);
values.Add(DivDescBox.Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add("update");
int status = DataConsumer.executeProcedure("dept_proc", values);
StatusLabel.CssClass = "success normal";
StatusLabel.Text = "Successful ward modification.<br/>Department ID: " + DivIdBox.Text.Trim().ToUpper() +
"<br/>Department Name:" + HospitalClass.PascalCasing(DivNameBox.Text.Trim()) + ".";
addDelDiv.Visible = false;
SortButton_Click(new object(), new EventArgs());
ListView1.SelectedIndex = -1;
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "User input error below";
DivStatusLabel.CssClass = "error normal";
if (DivNameBox.Text.Trim().Length < 2)
{
DivStatusLabel.Text = "Enter a valid department name";
}
else if (DivDescBox.Text.Length < 3)
{
DivStatusLabel.Text = "Enter a valid department description";
}
else if (DivIdBox.Text.Trim().Length < 1)
{
DivStatusLabel.Text = "Enter a department ID";
}
else if (check)
{
DivStatusLabel.Text = "No change made";
}
else
{
DivStatusLabel.Text = "Department ID/name already exists for another department";
}
}
}
catch (Exception ex)
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void DivAddButton_Click(object sender, EventArgs e)
{
try
{
addDelDiv.Visible = true;
if (DivNameBox.Text.Trim().Length >= 2 && DivDescBox.Text.Length >= 3 && DivIdBox.Text.Trim().Length >= 1)
{
//check for existence
string checkDeptIdName = DataProvider.Departments.deptIdName(DivIdBox.Text.Trim().ToUpper(), HospitalClass.PascalCasing(DivNameBox.Text.Trim()));
DataTable dt = HospitalClass.getDataTable(checkDeptIdName);
if (dt.Rows.Count == 0)
{
string updaterId = "",
updateCode = "DEPT_ADD";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(DivIdBox.Text.Trim().ToUpper());
values.Add(HospitalClass.PascalCasing(DivNameBox.Text.Trim()));
values.Add("");
values.Add(DivDescBox.Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add("insert");
int status = DataConsumer.executeProcedure("dept_proc", values);
DivStatusLabel.CssClass = "success normal";
DivStatusLabel.Text = "Successful ward addition. <br/>Department ID: " + DivIdBox.Text.Trim().ToUpper() +
"<br/>Department Name:" + HospitalClass.PascalCasing(DivNameBox.Text.Trim()) + ".";
StatusLabel.CssClass = "success paraNormal";
StatusLabel.Text = "Done";
SortButton_Click(new object(), new EventArgs());
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "User input error below";
DivStatusLabel.CssClass = "error normal";
if (dt.Rows[0][0].ToString() == DivIdBox.Text.Trim().ToUpper())
{
DivStatusLabel.Text = "Department ID already exists";
}
else
{
DivStatusLabel.Text = "Department name already exists";
}
}
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "User input error below";
DivStatusLabel.CssClass = "error normal";
if (DivIdBox.Text.Trim().Length < 1)
{
DivStatusLabel.Text = "Enter a valid department id";
}
else if (DivNameBox.Text.Length < 2)
{
DivStatusLabel.Text = "Enter a valid department name";
}
else
{
DivStatusLabel.Text = "Enter a valid department description";
}
}
ListView1.SelectedIndex = -1;
}
catch (Exception ex)
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void ValidateButton_Click(object sender, EventArgs e)
{
try
{
//check if the user id is within the necessary bounds
string lastIdQuery = DataProvider.RegAdminSup.LastIdQuery(UserIdBox.Text.Trim().Substring(0, 3));
DataTable lastDt = HospitalClass.getDataTable(lastIdQuery);
string lastPossibleId = getNewSuperuserAdminId(lastDt);
if (GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 && TypeList.SelectedIndex != 0 &&
GroupList.SelectedIndex != 0 && PriList.SelectedIndex != 0 && SecList.SelectedIndex != 0 && UniList.SelectedIndex != 0 &&
int.Parse(lastPossibleId.Substring(3, 3)) >= int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
{
string userId = UserIdBox.Text;
string updaterId = (string)Session["SuperUser"];
string updateCode = "";
string operation = "";
bool execute = true;
if (int.Parse(lastPossibleId.Substring(3, 3)) == int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
{
operation = "insert";
if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP"))
{
updateCode = "SUP_REG";
}
else
{
updateCode = "ADM_REG";
}
string existQuery = DataProvider.RegAdminSup.ExistQuery(EmailBox.Text.ToUpper().Trim());
DataTable emailDt = HospitalClass.getDataTable(existQuery);
if (emailDt.Rows.Count > 0)
{
execute = false;
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "This email address is already registered";
}
}
else
{
operation = "update";
if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP"))
{
updateCode = "SUP_UPD";
}
else
{
updateCode = "ADM_UPD";
}
if (UserIdBox.Text.StartsWith("SUP") && UserIdBox.Text != Session["SuperUser"].ToString())
{
execute = false;
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "You cannot update this user's information";
}
}
if (execute)
{
List <string> values = new List <string>();
values.Add(GroupList.SelectedItem.Text); //1
values.Add(TypeList.SelectedItem.Text);
values.Add(CountryOriBox.Text);
values.Add(CountryResBox.Text);
values.Add(DobBox.Text);
values.Add(EmailBox.Text.Trim()); //6
values.Add(FirstNameBox.Text.Trim());
values.Add(GenderList.SelectedItem.Text);
values.Add(HomeAdrBox.Text);
values.Add(IdNoBox.Text);
values.Add(IdTypeList.SelectedItem.Text); //11
values.Add(LastNameBox.Text);
values.Add(LocalOriBox.Text);
values.Add(LocalResBox.Text);
values.Add(MaritalList.SelectedItem.Text);
values.Add(NextAdrBox.Text); //16
values.Add(NextEmailBox.Text);
values.Add(NextNameBox.Text);
values.Add(NextRelBox.Text);
values.Add(NextPhoneBox.Text);
values.Add(OtherNameBox.Text); //21
values.Add(PhoneBox.Text);
values.Add(SchoolIdBox.Text);
values.Add(StateOriBox.Text);
values.Add(StateResBox.Text);
values.Add(OtherInfoBox.Text); //26
values.Add(PriBox.Text);
values.Add(PriList.SelectedItem.Text);
values.Add(SecBox.Text);
values.Add(SecList.SelectedItem.Text);
values.Add(UniBox.Text); //31
values.Add(UniList.SelectedItem.Text);
values.Add(OtherBox1.Text);
values.Add(OtherCert1.Text);
values.Add(OtherBox2.Text);
values.Add(OtherCert2.Text); //36
values.Add(RefNameBox1.Text);
values.Add(RefRelBox1.Text);
values.Add(RefPhoneBox1.Text);
values.Add(RefEmailBox1.Text);
values.Add(RefAdrBox1.Text); //41
values.Add(RefNameBox2.Text);
values.Add(RefRelBox2.Text);
values.Add(RefPhoneBox2.Text);
values.Add(RefEmailBox2.Text);
values.Add(RefAdrBox2.Text); //46
values.Add(updateCode);
values.Add(updaterId);
values.Add(userId.ToUpper().Trim());
values.Add(HospitalClass.Encrypt(PasswordBox.Text));
values.Add(HospitalClass.getTransactionId());
values.Add(operation); //52
int status = DataConsumer.executeProcedure("superuser_admin_val", values);
Session["FirstName"] = FirstNameBox.Text;
StatusLabel.Text = "Operation Successful.<br/>Performer: " + updaterId + ".<br/>Operation: " + operation;
StatusLabel.CssClass = "success paraNormal";
}
}
else
{
StatusLabel.CssClass = "error paraNormal";
if (int.Parse(lastPossibleId.Substring(3, 3)) < int.Parse(UserIdBox.Text.Trim().Substring(3, 3)))
{
StatusLabel.Text = "Invalid User Id. Perform a new registration";
}
else if (GenderList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your gender";
}
else if (MaritalList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your marital status";
}
else if (IdTypeList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your Identificaton type";
}
else if (TypeList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your blood type";
}
else if (GroupList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your blood group";
}
else if (PriList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your primary school certificate. (Select none if unavailable)";
}
else if (SecList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your secondary school certificate. (Select none if unavailable)";
}
else
{
StatusLabel.Text = "Please select your university certificate grade. (Select none if unavailable)";
}
}
}
catch (Exception ex)
{
StatusLabel.CssClass = "error normal";
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void ExecuteButton_Click(object sender, EventArgs e)
{
try
{
TableDiv.Visible = false; //visisbility depends on operation
if (QueryBox.Text.Trim().Length > 6)
{
StatusLabel.CssClass = "success";
string query = QueryBox.Text.Trim().Substring(0, 6).ToUpper();
string updatecode = query;
if (query == "SELECT")
{
DataTable dt = HospitalClass.getDataTable(QueryBox.Text.Trim());
TableLabel.Text = HospitalClass.drawDataTableInHtml(dt, 1036); //draw the data table on a label control as html
TableDiv.Visible = true;
StatusLabel.CssClass = "success paraNormal";
StatusLabel.Text = "Successful.";
}
else
{
int status = DataConsumer.executeQuery(QueryBox.Text.Trim());
StatusLabel.Text = "Successful.<br/>Rows affected: " + status + "Rows.";
if (System.Text.RegularExpressions.Regex.IsMatch(query, "(^(DROP)|(TRUNC)|(DELETE))"))
{
updatecode = "DELETE";
}
if (!(query == "CREATE" || query == "INSERT" || query == "UPDATE" || System.Text.RegularExpressions.Regex.IsMatch(query, "(^(DROP)|(TRUNC)|(DELETE))")))
{
updatecode = "OTHER";
}
}
TransBox.Text = HospitalClass.getTransactionId();
if (UpdCodeOverrideBox.Text.Trim().Length == 0)
{
UpdateCodeBox.Text = "A_" + updatecode;
}
else
{
UpdateCodeBox.Text = UpdCodeOverrideBox.Text;
}
UpdaterBox.Text = Session["SuperUser"].ToString();
UserIdBox.Text = Session["User"].ToString();
DateUpdBox.Text = DateTime.Now.ToShortDateString() + ", " + DateTime.Now.ToLongTimeString();
if (AuditCheckBox.Checked)
{
List <string> values = new List <string>();
values.Add(TransBox.Text);
values.Add(UpdateCodeBox.Text);
values.Add(UpdaterBox.Text);
values.Add(UserIdBox.Text);
int status = DataConsumer.executeProcedure("audit_trail_proc", values);
AuditLabel.CssClass = "success";
AuditLabel.Text = "ADDED";
}
else
{
AuditLabel.ForeColor = System.Drawing.Color.Brown;
AuditLabel.Text = "NOT ADDED";
}
}
else
{
StatusLabel.CssClass = "error";
StatusLabel.Text = "Invalid query";
}
}
catch (Exception ex)
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "Error: " + ex.Message;
if (ex.GetType().ToString() != "System.Data.OracleClient.OracleException")
{
HospitalClass.Log(ex);
}
}
}
protected void ValidateButton_Click(object sender, EventArgs e)
{
try
{
bool verify = true;
if (Session["User"].ToString().StartsWith("PAT"))
{
verify = GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 &&
TypeList.SelectedIndex != 0 && GroupList.SelectedIndex != 0;
}
else
{
verify = GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 && TypeList.SelectedIndex != 0 &&
GroupList.SelectedIndex != 0 && PriList.SelectedIndex != 0 && SecList.SelectedIndex != 0 && UniList.SelectedIndex != 0;
}
if (verify)
{
//submit values after verification
string userId = UserIdBox.Text;
string updaterId = "";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
string updateCode = "";
if (Session["User"].ToString().StartsWith("PAT"))
{
updateCode = "PAT_UPD";
}
else if (Session["User"].ToString().StartsWith("DC"))
{
updateCode = "DOC_UPD";
}
else
{
updateCode = "STF_UPD";
}
List <string> values = new List <string>();
values.Add(GroupList.SelectedItem.Text); //1
values.Add(TypeList.SelectedItem.Text);
values.Add(CountryOriBox.Text);
values.Add(CountryResBox.Text);
values.Add(DobBox.Text);
values.Add(EmailBox.Text); //6
values.Add(FirstNameBox.Text);
values.Add(GenderList.SelectedItem.Text);
values.Add(HomeAdrBox.Text);
values.Add(IdNoBox.Text);
values.Add(IdTypeList.SelectedItem.Text); //11
values.Add(LastNameBox.Text);
values.Add(LocalOriBox.Text);
values.Add(LocalResBox.Text);
values.Add(MaritalList.SelectedItem.Text);
values.Add(NextAdrBox.Text); //16
values.Add(NextEmailBox.Text);
values.Add(NextNameBox.Text);
values.Add(NextRelBox.Text);
values.Add(NextPhoneBox.Text);
values.Add(OtherNameBox.Text); //21
values.Add(PhoneBox.Text);
values.Add(SchoolIdBox.Text);
values.Add(StateOriBox.Text);
values.Add(StateResBox.Text);
values.Add(OtherInfoBox.Text); //26
values.Add(PriBox.Text);
values.Add(PriList.SelectedItem.Text);
values.Add(SecBox.Text);
values.Add(SecList.SelectedItem.Text);
values.Add(UniBox.Text); //31
values.Add(UniList.SelectedItem.Text);
values.Add(OtherBox1.Text);
values.Add(OtherCert1.Text);
values.Add(OtherBox2.Text);
values.Add(OtherCert2.Text); //36
values.Add(RefNameBox1.Text);
values.Add(RefRelBox1.Text);
values.Add(RefPhoneBox1.Text);
values.Add(RefEmailBox1.Text);
values.Add(RefAdrBox1.Text); //41
values.Add(RefNameBox2.Text);
values.Add(RefRelBox2.Text);
values.Add(RefPhoneBox2.Text);
values.Add(RefEmailBox2.Text);
values.Add(RefAdrBox2.Text); //46
values.Add(updateCode);
values.Add(updaterId);
values.Add(userId);
values.Add(HospitalClass.getTransactionId()); //50
int status = DataConsumer.executeProcedure("user_val", values);
Session["FirstName"] = FirstNameBox.Text;
Session["RegStatus"] = "Validated";
StatusLabel.Text = "Update Successful.<br/>Performer: " + updaterId;
StatusLabel.CssClass = "success paraNormal";
}
else
{
StatusLabel.CssClass = "error paraNormal";
if (GenderList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your gender";
}
else if (MaritalList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your marital status";
}
else if (IdTypeList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your Identificaton type";
}
else if (TypeList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your blood type";
}
else if (GroupList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your blood group";
}
else if (PriList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your primary school certificate. (Select none if unavailable)";
}
else if (SecList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your secondary school certificate. (Select none if unavailable)";
}
else if (UniList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your university certificate grade. (Select none if unavailable)";
}
else
{
StatusLabel.Text = "Fill all relevalt information"; //will not occur
}
}
}
catch (Exception ex)
{
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
StatusDiv.Visible = true;
StatusLabel.Visible = true;
bool buttonChk;
if (DocRadioButton.Checked)
{
buttonChk = DocRoleList.SelectedIndex != 0;
}
else if (StfRadioButton.Checked)
{
buttonChk = StfRoleList.SelectedIndex != 0;
}
else
{
buttonChk = true;
}
string existQuery = DataProvider.RegistrationPage.ExistQuery(EmailBox.Text.ToUpper().Trim());
DataTable dt = HospitalClass.getDataTable(existQuery);
bool checkName = HospitalClass.sqlProtect(FirstNameBox.Text);
bool checkPassword = HospitalClass.sqlProtect(PasswordBox.Text);
if (buttonChk && GenderList.SelectedIndex != 0 && dt.Rows.Count == 0 && checkName && checkPassword) //validate selection of drop down list values
{
if (DocRadioButton.Checked == true)
{
role = DocRoleList.SelectedItem.Value;
updateCode = "DOC_REG";
}
else if (StfRadioButton.Checked == true)
{
role = StfRoleList.SelectedItem.Value;
updateCode = "STF_REG";
}
else
{
role = "PAT";
updateCode = "PAT_REG";;
}
string month,
year;
if (DateTime.Now.Month < 10)
{
month = "0" + DateTime.Now.Month;
}
else
{
month = DateTime.Now.Month.ToString();
}
year = (DateTime.Now.Year.ToString()).Remove(0, 2);
string lastIdQuery = DataProvider.RegistrationPage.LastIdQuery(role.Remove(2));
DataTable lastDt = HospitalClass.getDataTable(lastIdQuery);
if (lastDt.Rows.Count == 0) //first role user registration
{
if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
{
userId = role + month + year + "0001";
}
else
{
userId = role + month + year + "001";
}
}
else //generate new id for patient, doctor or staff
{
string lastId = (string)lastDt.Rows[0][0];
string editId;
if (PatientRadioButton.Checked || !CheckBoxDiv.Visible)
{
editId = lastId.Remove(0, lastId.Length - 4);
}
else
{
editId = lastId.Remove(0, lastId.Length - 3);
}
int newIdInt = int.Parse(editId) + 1;
string newId;
if (newIdInt < 10)
{
newId = editId.Remove(editId.Length - 1) + newIdInt.ToString();
}
else if (newIdInt < 100)
{
newId = editId.Remove(editId.Length - 2) + newIdInt.ToString();
}
else if (newIdInt < 1000)
{
newId = editId.Remove(editId.Length - 3) + newIdInt.ToString();
}
else
{
newId = newIdInt.ToString();
}
userId = role + month + year + newId;
}
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = userId;
}
List <string> values = new List <string>();
values.Add(EmailBox.Text.Trim());
values.Add(FirstNameBox.Text.Trim());
values.Add(GenderList.SelectedItem.Text);
values.Add(LastnameBox.Text.Trim());
values.Add(OtherNameBox.Text.Trim());
values.Add(HospitalClass.Encrypt(PasswordBox.Text));
values.Add(PhoneBox.Text);
values.Add(updateCode);
values.Add(updaterId);
values.Add(userId);
values.Add(HospitalClass.getTransactionId());
int status = DataConsumer.executeProcedure("initial_reg", values);
StatusLabel.CssClass = "success big";
StatusLabel.Text = "You have been successfully registered.<br/>Your ID is: " + userId + ".<br/>";
goToLogin.Visible = true;
InfoDiv.Visible = false;
RegLabel.Visible = false;
CheckBoxDiv.Visible = false;
}
else
{
if (!checkName)
{
StatusLabel.Text = "Unsecure name entry. Please remove all ' and -- symbols";
}
else if (!checkPassword)
{
StatusLabel.Text = "Unsecure password choice. Please remove all ' and -- symbols";
}
else if (GenderList.SelectedIndex == 0)
{
StatusLabel.Text = "Please select your sex";
}
else if (dt.Rows.Count > 0)
{
StatusLabel.Text = "This email address has already been registered";
}
else
{
StatusLabel.Text = "Please choose a classification/role";
}
}
}
catch (Exception ex)
{
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
bool checkId = HospitalClass.sqlProtect(UserIdBox.Text); //security for user id input against sqlInjection
bool checkPwd = HospitalClass.sqlProtect(PasswordBox.Text); //security for password input against sqlInjection
if (UserIdBox.Text.Length != 0 && checkId && checkPwd)
{
string passwordQuery = DataProvider.LoginPage.PasswordQuery(UserIdBox.Text.ToUpper().Trim());
DataTable dt = HospitalClass.getDataTable(passwordQuery);
if (dt.Rows.Count > 0)
{
string encryptPassword = HospitalClass.Encrypt(PasswordBox.Text);
int checkPassword = 0;
string userIdPass = "";
foreach (DataRow row in dt.Rows)
{
if (encryptPassword == row[0].ToString()) //check if password correlate
{
checkPassword = 1;
userIdPass = row[1].ToString(); //check first name repetition
}
userId = row[1].ToString();
if (userIdPass.Length > 0)
{
userId = userIdPass;
}
}
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else if (Session["Admin"] != null)
{
updaterId = (string)Session["Admin"];
}
else
{
updaterId = userId;
}
bool rights;
if (userId.StartsWith("ADM") || userId.StartsWith("SUP"))
{
rights = false;
}
else
{
rights = true;
}
//for either a basic user or a privileged user
if ((Session["SuperUser"] != null || Session["Admin"] != null || (checkPassword == 1 && rights)) || (!rights && checkPassword == 1))
{
bool auditTrailValidator = false;
string oldUser = ""; //to check the access of an administrator or a superuser
if (Session["SuperUser"] != null)
{
oldUser = Session["SuperUser"].ToString();
}
else if (Session["Admin"] != null)
{
oldUser = Session["Admin"].ToString();
}
Session["User"] = userId;
//using linq to datasets to query the datatable (to guard against two users with the same first name)
Session["FirstName"] = (from FirstName in dt.AsEnumerable()
where FirstName.Field <string>("USER_ID") == userId
select FirstName.Field <string>("FIRST_NAME")).First().ToString();
Session["RegStatus"] = (from Status in dt.AsEnumerable()
where Status.Field <string>("USER_ID") == userId
select Status.Field <string>("STATUS")).First().ToString();
//login for users
if ((Session["SuperUser"] != null || Session["Admin"] != null || checkPassword == 1) && rights)
{
if (userId.StartsWith("PAT"))
{
updateCode = "PAT_LGN";
}
else if (userId.StartsWith("DC"))
{
updateCode = "DOC_LGN";
}
else
{
updateCode = "STF_LGN";
};
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
//login for admin and superuser
else if (!rights && checkPassword == 1)
{
if (userId.StartsWith("SUP"))
{
Session["SuperUser"] = userId;
updateCode = "SUP_LGN";
}
else
{
Session["Admin"] = userId;
updateCode = "ADM_LGN";
}
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
//extraneous login for superuser and administrator
else
{
//to catch unauthorized access to another privileged user's account
if ((Session["SuperUser"] != null && !userId.StartsWith("SUP")) || oldUser == userId) //for privileged user relogin
{
Session["User"] = userId;
if (oldUser == userId)
{
Session["Info"] = "Welcome Back";
}
if (userId.ToUpper().StartsWith("ADM"))
{
updateCode = "ADM_LGN";
}
else
{
updateCode = "SUP_LGN";
}
Response.Redirect("~/LoggedInPage.aspx", false);
auditTrailValidator = true;
}
else
{
StatusLabel.Text = "You do not have access to this profile";
if (oldUser.StartsWith("SUP"))
{
Session["User"] = Session["SuperUser"].ToString();
}
else
{
Session["User"] = Session["Admin"].ToString();
}
auditTrailValidator = false;
}
}
if (auditTrailValidator)
{
object[] values = new object[4];
values[0] = (HospitalClass.getTransactionId());
values[1] = (updateCode);
values[2] = (updaterId);
values[3] = (userId);
int status = DataConsumer.executeProc("audit_trail_proc", values);
}
}
else
{
if (PasswordBox.Text.Length == 0)
{
StatusLabel.Text = "Please enter your password";
}
else
{
StatusLabel.Text = "Wrong user Id/password combination.<br/>Note: Password is case-sensitive.";
}
}
}
else
{
StatusLabel.Text = "You are not a user on our database. Please register.";
}
}
else
{
if (UserIdBox.Text.Length == 0)
{
StatusLabel.Text = "Please enter your user id, first name or email address";
}
else if (!checkId)
{
StatusLabel.Text = "Unsecure user Id";
}
else
{
StatusLabel.Text = "Unsecure password";
}
}
}
catch (Exception ex)
{
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
//ex.Logger();
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
if (UnsubscribeCheckBox.Checked && ReasonBox.Text.Trim().Length > 3)
{
string updateCode = "",
updaterId = "";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
if (UserIdBox.Text.StartsWith("ST"))
{
updateCode = "UNSB_STF";
}
else
{
updateCode = "UNSB_" + HospitalClass.getTableName(UserIdBox.Text.Substring(0, 2)).Substring(0, 3).ToUpper();
}
//delete picture from iis server
string picAddressQuery = DataProvider.Unsubscribe.getPicAddress(UserIdBox.Text);
System.Data.DataTable dt = HospitalClass.getDataTable(picAddressQuery);
if (dt.Rows.Count == 1)
{
System.IO.File.Delete(Server.MapPath(dt.Rows[0][0].ToString()));
}
//delete from database and update necessary tables
List <string> values = new List <string>();
values.Add(ReasonBox.Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(UserIdBox.Text);
values.Add(HospitalClass.getTableName(UserIdBox.Text.Substring(0, 2)));
int status = DataConsumer.executeProcedure("unsb_proc", values);
//return user privileges
if (Session["SuperUser"] != null)
{
if (Session["SuperUser"].ToString() != Session["User"].ToString())
{
Session["User"] = Session["SuperUser"].ToString();
}
else
{
Session["SuperUser"] = null;
Session["Admin"] = null;
Session["User"] = null;
Response.Redirect("~/Login.aspx");
}
}
else if (Session["Admin"] != null)
{
if (Session["Admin"].ToString() != Session["User"].ToString())
{
Session["User"] = Session["Admin"].ToString();
}
else
{
Session["SuperUser"] = null;
Session["Admin"] = null;
Session["User"] = null;
Response.Redirect("~/Login.aspx");
}
}
SubmitButton.Visible = false;
StatusLabel.CssClass = "success";
StatusLabel.Text = "Successful Unsubscription.<br>User Id: " + UserIdBox.Text;
}
else
{
StatusLabel.CssClass = "error";
if (!UnsubscribeCheckBox.Checked)
{
StatusLabel.Text = "Unsubscription was not enforced";
}
else
{
StatusLabel.Text = "Please enter a valid reason";
}
}
}
catch (Exception ex)
{
StatusLabel.CssClass = "error";
StatusLabel.Text = "Error: " + ex.Message;
HospitalClass.Log(ex);
}
}
protected void DivAddButton_Click(object sender, EventArgs e)
{
string check = "";
if (RoleList.SelectedIndex == 0)
{
check =
DataProvider.DoctorStaffHistory.checkExistDoc(DivUserIdBox.Text, DivWorkPlaceBox.Text.Trim(), DivPositionBox.Text.Trim());
}
else
{
check = DataProvider.DoctorStaffHistory.checkExistStf(DivUserIdBox.Text, DivWorkPlaceBox.Text.Trim(), DivPositionBox.Text.Trim());
}
System.Data.DataTable dt = HospitalClass.getDataTable(check);
bool validateDoc = DivUserIdBox.Text.StartsWith("DC") && RoleList.SelectedIndex == 0;
bool validateStf = DivUserIdBox.Text.StartsWith("ST") && RoleList.SelectedIndex == 1;
string dateRegex = @"^(?:0[1-9]|[12]\d|3[01])([\/.-])(?:0[1-9]|1[012])\1(?:19|20)\d\d$";
if (DivWorkPlaceBox.Text.Trim().Length > 1 && DivWorkTypeBox.Text.Trim().Length > 1 && DivPositionBox.Text.Trim().Length > 1 && dt.Rows.Count == 0 &&
Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex) && Regex.IsMatch(DivEndDateBox.Text.Trim(), dateRegex) && (validateDoc || validateStf))
{
string updaterId = "",
updateCode = "";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
if (RoleList.SelectedIndex == 0)
{
updateCode = "DOC_WKAD";
}
else
{
updateCode = "STF_WKAD";
}
List <string> values = new List <string>();
values.Add(DivWorkPlaceBox.Text.Trim());
values.Add(DivWorkTypeBox.Text.Trim());
values.Add(DivPositionBox.Text.Trim());
values.Add(DivStartDateBox.Text.Trim());
values.Add(DivEndDateBox.Text.Trim());
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(DivUserIdBox.Text);
if (RoleList.SelectedIndex == 0)
{
values.Add("doc insert");
}
else
{
values.Add("stf insert");
}
int status = DataConsumer.executeProcedure("docstf_wk_proc", values);
DivStatusLabel.CssClass = "success normal";
DivStatusLabel.Text = "Successfully added.<br>Work place: " + DivWorkPlaceBox.Text.Trim() + ".";
StatusLabel.CssClass = "success paraNormal";
StatusLabel.Text = "Done";
BindListView();
BindSearchListView();
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "User input error below";
string form = "(Format: 25/12/2000 or 25-12-2000).";
DivStatusLabel.CssClass = "error paraNormal";
if (!(validateDoc || validateStf))
{
if (RoleList.SelectedIndex == 0)
{
DivStatusLabel.Text = "Invalid user. User must be a doctor";
}
else
{
DivStatusLabel.Text = "Invalid user. User must be a staff";
}
}
else if (dt.Rows.Count > 0)
{
DivStatusLabel.Text = "This entry already exists";
}
else if (DivWorkPlaceBox.Text.Trim().Length <= 1)
{
DivStatusLabel.Text = "Please enter a valid work place";
}
else if (DivWorkTypeBox.Text.Trim().Length <= 1)
{
DivStatusLabel.Text = "Please enter a valid work type";
}
else if (DivPositionBox.Text.Trim().Length <= 1)
{
DivStatusLabel.Text = "Please enter a valid position";
}
else if (!Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex))
{
DivStatusLabel.Text = "Invalid start date. " + form;
}
else
{
DivStatusLabel.Text = "Invalid end date. " + form;
}
}
ListView1.SelectedIndex = -1;
}
protected void DivModifyButton_Click(object sender, EventArgs e)
{
addDelDiv.Visible = true;
//check for changes
bool check = DivTopicBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text.ToUpper();
check = check && DivIdBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("SenderLabel")).Text.ToUpper();
check = check && DivDescBox.Text == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("InformationLabel")).Text;
check = check && RecipientList.SelectedItem.Text == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("RecipientLabel")).Text;
//check for existence
string checkTopic = DataProvider.DeleteInformationPage.checkTopic(HospitalClass.PascalCasing(DivTopicBox.Text.Trim()));
DataTable dt = HospitalClass.getDataTable(checkTopic);
//check for acceptance of change
bool check2 = DivTopicBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text.ToUpper();
if (DivTopicBox.Text.Trim().Length >= 2 && DivDescBox.Text.Length >= 3 && DivIdBox.Text.Trim().Length >= 1 && RecipientList.SelectedIndex != 0 &&
!check && ((!check2 && dt.Rows.Count == 0) || (check2 && dt.Rows.Count == 1)))
{
string updaterId = "",
updateCode = "INFO_UPD";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(DivDescBox.Text);
values.Add(RecipientList.SelectedItem.Value);
values.Add(HospitalClass.PascalCasing(DivTopicBox.Text.Trim()));
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(DivIdBox.Text);
values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text);
values.Add("update");
int status = DataConsumer.executeProcedure("info_proc", values);
TopicDelLabel.CssClass = "success normal";
TopicDelLabel.Text = "Successful information modification.<br/> Updater: " + updaterId;
addDelDiv.Visible = false;
SortButton_Click(new object(), new EventArgs());
ListView1.SelectedIndex = -1;
}
else
{
TopicDelLabel.CssClass = "error paraNormal";
TopicDelLabel.Text = "User input error below";
DivStatusLabel.CssClass = "error paraNormal";
if (DivIdBox.Text.Trim().Length < 1)
{
DivStatusLabel.Text = "Enter a valid ID";
}
else if (DivTopicBox.Text.Trim().Length < 2)
{
DivStatusLabel.Text = "Enter a valid topic name";
}
else if (DivDescBox.Text.Length < 3)
{
DivStatusLabel.Text = "Enter valid information";
}
else if (RecipientList.SelectedIndex == 0)
{
DivStatusLabel.Text = "Please select a recipient";
}
else if (check)
{
DivStatusLabel.Text = "No change made";
}
else
{
DivStatusLabel.Text = "The topic already exists";
}
}
}
protected void ModifyDivButton_Click(object sender, EventArgs e)
{
string createId = "",
organ = "";
bool check = true;
if (HoldLabel.Text == "Search")
{
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchOrganLabel")).Text == DivOrganList.SelectedItem.Text;
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchDescLabel")).Text == DivDescBox.Text;
check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchStatusLabel")).Text == DivStatusList.SelectedItem.Text;
createId = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchIdLabel")).Text;
organ = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchOrganLabel")).Text;
}
else
{
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("OrganLabel")).Text == DivOrganList.SelectedItem.Text;
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DescLabel")).Text == DivDescBox.Text;
check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("StatusLabel")).Text == DivStatusList.SelectedItem.Text;
createId = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("IdLabel")).Text;
organ = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("OrganLabel")).Text;
}
if (!check && DivStatusList.SelectedIndex != 0)
{
string updaterId = "",
updateCode = "DISB_UPD";
if (Session["SuperUser"] != null)
{
updaterId = (string)Session["SuperUser"];
}
else
{
updaterId = (string)Session["Admin"];
}
List <string> values = new List <string>();
values.Add(DivOrganList.SelectedItem.Text);
values.Add(DivDescBox.Text);
values.Add(DivStatusList.SelectedItem.Text);
values.Add(HospitalClass.getTransactionId());
values.Add(updateCode);
values.Add(updaterId);
values.Add(createId);
values.Add("update");
int status = DataConsumer.executeProcedure("pat_disab_proc", values);
addDelDiv.Visible = false;
ListView1.SelectedIndex = -1;
SearchListView.SelectedIndex = -1;
StatusLabel.CssClass = "success normal";
StatusLabel.Text = "Successful update.<br/>User Id: " + DivUserIdBox.Text + "<br/>Organ: " + organ;
BindListView();
BindSearchListView();
}
else
{
StatusLabel.CssClass = "error paraNormal";
StatusLabel.Text = "User input error below";
DivStatusLabel.CssClass = "error paraNormal";
if (check)
{
DivStatusLabel.Text = "No changes made";
}
else
{
DivStatusLabel.Text = "Please select a treatment status";
}
}
}
