public static bool Create(User u)
{
DBUtilities.Connection();
try
{
string sql = "Insert into Users (Username,Password,Email,Name,Address,Gender,Birthday,Phone,Permission)";
sql += " values (@1,@2,@3,@4,@5,@6,@7,@8,@9)";
SqlCommand cmd = new SqlCommand(sql, DBUtilities.objConnection);
cmd.Parameters.AddWithValue("@1", u.Username);
cmd.Parameters.AddWithValue("@2", u.Password);
cmd.Parameters.AddWithValue("@3", u.Email);
cmd.Parameters.AddWithValue("@4", u.Name);
cmd.Parameters.AddWithValue("@5", u.Address);
cmd.Parameters.AddWithValue("@6", u.Gender);
cmd.Parameters.AddWithValue("@7", u.Birthday);
cmd.Parameters.AddWithValue("@8", u.Phone);
cmd.Parameters.AddWithValue("@9", u.Permission);
cmd.ExecuteNonQuery();
cmd.Dispose();
return true;
}
catch (Exception)
{
return false;
}
finally
{
DBUtilities.Close_Connection();
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["current_user"] != null)
{
current_user = (User)Session["current_user"];
}
}
protected void SignIn_Click(object sender, EventArgs e)
{
Dictionary<string, object> myQuery = new Dictionary<string, object>();
myQuery.Add("Username", txtUsername.Text);
myQuery.Add("Password", Md5.To_Md5(txtPassword.Text));
DataTable dt = UserDAO.Where(myQuery);
if (dt.Rows.Count > 0)
{
User u = new User();
u.Id = Convert.ToInt32(dt.Rows[0]["Id"]);
u.Name = dt.Rows[0]["Name"].ToString();
u.Username = dt.Rows[0]["Username"].ToString();
u.Email = dt.Rows[0]["Email"].ToString();
u.Gender = bool.Parse(dt.Rows[0]["Gender"].ToString());
u.Birthday = DateTime.Parse(dt.Rows[0]["Birthday"].ToString());
u.Address = dt.Rows[0]["Address"].ToString();
u.Phone = dt.Rows[0]["Phone"].ToString();
u.Permission = Convert.ToInt32(dt.Rows[0]["Permission"].ToString());
Session["current_user"] = u;
Response.Redirect("../StaticPages/Home.aspx");
}
else
{
Flash.dictFlash.Add("danger", "Wrong <b>Username</b> Or <b>Password</b>");
}
}
public static bool Destroy(User u)
{
DBUtilities.Connection();
try
{
string sql = "Delete from Users where Id = @1";
SqlCommand cmd = new SqlCommand(sql, DBUtilities.objConnection);
cmd.Parameters.AddWithValue("@1", u.Id);
cmd.ExecuteNonQuery();
cmd.Dispose();
return true;
}
catch (Exception)
{
return false;
}
finally
{
DBUtilities.Close_Connection();
}
}
protected void btnAccept_Click(object sender, EventArgs e)
{
if (Validate_Control())
{
User u = new User();
u.Name = txtFullname.Text;
u.Username = txtUsername.Text;
u.Password = Md5.To_Md5(txtPassword.Text);
u.Email = txtEmail.Text;
if (rdbMale.Checked)
u.Gender = false;
else
u.Gender = true;
u.Birthday = DateTime.Parse(txtBirthday.Text);
u.Address = txtAddress.Text;
u.Phone = txtPhone.Text;
if (rdbAdmin.Checked)
u.Permission = 0; //Is Admin
else if (rdbStaff.Checked)
u.Permission = 1; //Is Staff
else if (rdbManager.Checked)
u.Permission = 2; //Is Manager
else
u.Permission = 3; //Is Student
if (UserDAO.Create(u))
{
Flash.dictFlash.Add("success", String.Format("Created user [<b>{0}</b>] with email address [<b>{1}</b>] successfully", u.Username, u.Email));
Response.Redirect("Index.aspx");
}
else
{
Flash.dictFlash.Add("danger", "[<b>Username</b>] or [<b>Email address]</b> are already used");
Response.Redirect("New.aspx");
}
}
}
public static User Find(int Id)
{
DBUtilities.objConnection = new SqlConnection(DBUtilities.connStr);
DataTable dt = new DataTable();
string sql = "Select * from Users where Id = @Id";
SqlDataAdapter adap = new SqlDataAdapter(sql, DBUtilities.objConnection);
adap.SelectCommand.Parameters.AddWithValue("@Id", Id);
adap.Fill(dt);
if (dt.Rows.Count > 0)
{
User u = new User();
u.Id = Convert.ToInt32(dt.Rows[0]["Id"]);
u.Name = dt.Rows[0]["Name"].ToString();
u.Username = dt.Rows[0]["Username"].ToString();
u.Email = dt.Rows[0]["Email"].ToString();
u.Gender = bool.Parse(dt.Rows[0]["Gender"].ToString());
u.Birthday = DateTime.Parse(dt.Rows[0]["Birthday"].ToString());
u.Address = dt.Rows[0]["Address"].ToString();
u.Phone = dt.Rows[0]["Phone"].ToString();
u.Permission = Convert.ToInt32(dt.Rows[0]["Permission"].ToString());
return u;
}
return null;
}
public static bool Update(User u)
{
DBUtilities.Connection();
try
{
string sql = "Update Users set ";
Type myType = u.GetType();
IList<PropertyInfo> props = new List<PropertyInfo>(myType.GetProperties());
int i = 1;
int j = 1;
foreach (PropertyInfo prop in props)
{
object propValue = prop.GetValue(u, null);
if (propValue != null && prop.Name != "Id")
{
if (j < props.Count)
sql += String.Format("{0} = @{1} ,", prop.Name, i);
else
sql += String.Format("{0} = @{1} where ID= @{2}", prop.Name, i, i + 1);
i++;
}
j++;
}
i = 1;
j = 1;
SqlCommand cmd = new SqlCommand(sql, DBUtilities.objConnection);
foreach (PropertyInfo prop in props)
{
object propValue = prop.GetValue(u, null);
if (propValue != null && prop.Name != "Id")
{
if (j < props.Count)
cmd.Parameters.AddWithValue(String.Format("@{0}", i), propValue);
else
{
cmd.Parameters.AddWithValue(String.Format("@{0}", i), propValue);
cmd.Parameters.AddWithValue(String.Format("@{0}", i + 1), u.Id);
}
i++;
}
j++;
}
cmd.ExecuteNonQuery();
cmd.Dispose();
return true;
}
catch (Exception)
{
return false;
}
finally
{
DBUtilities.Close_Connection();
}
}
