protected void btnFinish_Click(object sender, EventArgs e)
{
if (!(Page.IsValid))
{
return;
}
if (hdnMeVal.Value != "1")
{
return;
}
lblStatus.Text = string.Empty;
pnlError.Visible = false;
//OBSOLETE
//if (!chkCOPPA.Checked)
//{
// lblStatus.Text = "You must be 13 yrs of age to register on this web site.";
// return;
//}
string txtFN, txtEmailId, txtPassword, txtPhoneNumber;
string txtUserName;
int iAcctType;
int showPhone;
DateTime dCreateDate;
byte[] hBytes; //hash bytes
byte[] saltBytes; //salt bytes
string saltString; //salt string
int iBoarderType;
int iMerchantVal;
//Validate form and get values
txtFN = " ";
txtEmailId = txtEmail.Text;
txtPassword = txtPassword1.Text;
txtUserName = Global.ParseEmail(txtEmail.Text);
BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher();
//Get SALT and encode to string
saltBytes = pHash.GenerateSALT();
saltString = Convert.ToBase64String(saltBytes);
//get hash and encode to string with SALT
hBytes = pHash.getHash(saltString, txtPassword);
txtPassword = Convert.ToBase64String(hBytes); //hashed password
//Free = 1; Commercial = 2
iAcctType = Convert.ToInt16(radioAcctType.SelectedValue);
txtPhoneNumber = string.Empty;
if (txtPhoneNum.Text != "optional")
{
txtPhoneNumber = txtPhoneNum.Text;
}
showPhone = (int)0;
//if no phone num is entered then showPhonenum flag must be set to zero
//if (txtAreaCode.Text != "" && txtPhoneNum.Text != "")
//{
// if (chkShowPhone.Checked == true)
// {
// showPhone = (int)1;
// }
//}
//else
//{
// showPhone = (int)0;
//}
iBoarderType = 1; // cboBoarderType.SelectedIndex;
//log date acct created
dCreateDate = DateTime.Now;
//Connect to DB
String strSQL;
String myConnectString;
//Formulate connect string to DB
myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;;
//Verify unique e-mail id. This is how we try to prevent users
if (verify_User(myConnectString, txtEmailId))
{
pnlError.Visible = true;
lblStatus.Text = "That e-mail is already registered. Please try another one.";
//lblStatus.CssClass = "errorLabel";
lblStatus.Visible = true;
return;
}
iMerchantVal = (int)0;
if (iAcctType == (int)2)
{
iMerchantVal = Convert.ToInt16(cboMerchantType.SelectedValue);
if (iMerchantVal == (int)0)
{
pnlError.Visible = true;
lblStatus.Text = "Select your type of business.";
//lblStatus.CssClass = "errorLabel";
cboMerchantType.BorderColor = Color.Red;
lblStatus.Visible = true;
return;
}
}
//Build SQL
strSQL = "INSERT INTO tblUser (txtFullName, txtPassword, txtPhoneNum, iShowPhoneNum, txtEmail, dCreateDate, iEntryCount, iAcctType, sashimi, salt, boarderType, iMerchantType, txtUserName)";
strSQL += "VALUES ('" + txtFN + "', '" + txtPassword + "', '" + txtPhoneNumber + "', '" + showPhone + "','" + txtEmailId + "' , '" + dCreateDate + "','" + (int)0 + "','" + iAcctType + "','" + (int)1 + "','" + saltString + "','" + iBoarderType + "','" + iMerchantVal + "','" + txtUserName + "')";
SqlConnection myConnection = new SqlConnection(myConnectString);
try
{
myConnection.Open();
SqlCommand objCommand = new SqlCommand(strSQL, myConnection);
objCommand.ExecuteNonQuery();
Session["LoggedIn"] = "Yes";
Session["EmailId"] = txtEmailId;
Session["acctType"] = Convert.ToInt16(radioAcctType.SelectedValue);
Session["pw"] = txtPassword1.Text;
// Successful login, save iD for user events while logged in
if (chkUpgrade.Checked)
{
Session["ServiceId"] = 7;
}
else if (chkUpgrade2.Checked)
{
Session["ServiceId"] = 6;
}
else
{
Session["ServiceId"] = null;
}
Response.Redirect("register_finish.aspx", false);
}
catch (Exception ex)
{
ErrorLog.ErrorRoutine(false, "Signup failed! Message: " + ex.Message);
pnlError.Visible = true;
lblStatus.Text = "Signup Failed.";
//lblStatus.CssClass = "errorLabel";
lblStatus.Visible = true;
}
finally
{
myConnection.Close();
}
}
/*
* Increment the PageViewCount for the entry. The value returned will be the display value
*/
//public string incPageViewCount(string cnt)
//{
// string tmpURL = Request.Url.ToString();
// if (Session[tmpURL] != null)
// {
// return cnt;
// }
// string connStr, strSQL;
// int retval;
// retval = 0;
// //get conn string
// connStr = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;;
// //cnt and iPageViewCount should be equal - do we need to check?
// if (Convert.ToInt32(cnt) < (int)1)
// {
// strSQL = "UPDATE tblEntry SET iPageViewCount = 1 WHERE iD = '" + Request.QueryString["iD"] + "'";
// }
// else
// {
// strSQL = "UPDATE tblEntry SET iPageViewCount = iPageViewCount + 1 WHERE iD = '" + Request.QueryString["iD"] + "'";
// }
// SqlConnection myConnection = new SqlConnection(connStr);
// try
// {
// myConnection.Open();
// SqlCommand objCommand = new SqlCommand(strSQL, myConnection);
// objCommand.ExecuteNonQuery();
// Session.Add(Request.Url.ToString(), Request.Url.ToString());
// retval = Convert.ToInt32(cnt) + 1;
// }
// catch (Exception ex)
// {
// ErrorLog.ErrorRoutine(false, "Error in PageViewCount processing: " + ex.Message );
// lblStatus.Text = "Error!";
// }
// finally
// {
// //close
// myConnection.Close();
// }
// return (retval.ToString());
//}
/*
*/
protected void btnLogin_Click(object sender, EventArgs e)
{
//Connect to DB
String strSQL;
String myConnectString;
//Formulate connect string to DB
myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;;
//3. Formulate SQL
strSQL = "SELECT * FROM tblUser WHERE txtEmail='" + txtUsername.Text + "'";
SqlConnection myConnection = new SqlConnection(myConnectString);
try
{
SqlCommand objCommand = new SqlCommand(strSQL, myConnection);
myConnection.Open();
SqlDataReader objReader = null;
objReader = objCommand.ExecuteReader();
if (objReader.Read() == true)
{
string txtPass = objReader["txtPassword"].ToString();
bool bLoginSuccess = false;
if (objReader["sashimi"].ToString() == "1")
{
//get hasher pointer
BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher();
//get salt from db
string saltVal = objReader["salt"].ToString();
//compute hash from user input
byte[] tmpByte;
tmpByte = pHash.getHash(saltVal, txtPassword.Text);
string pwdToMatch = Convert.ToBase64String(tmpByte);
//check for match
if (pwdToMatch == txtPass)
{
bLoginSuccess = true;
}
}
//old algorithm
else
{
if (objReader["txtPassword"].ToString() == txtPassword.Text)
{
bLoginSuccess = true;
}
}
//check password match
if (bLoginSuccess)
{
// Successful login, save iD for user events while logged in
Session["LoggedIn"] = "Yes";
Session["userId"] = objReader["iD"].ToString();
Session["EmailId"] = objReader["txtEmail"].ToString();
Session["acctType"] = objReader["iAcctType"].ToString();
pnlLoginMsg.Visible = false;
pnlLogin.Visible = false;
BindComments();
dlCommentList.Visible = true;
pnlCommentBox.Visible = true;
//Get text for login links
lnkSignIn.Text = Global.SetLnkSignIn();
lnkSignUp.Text = Global.SetLnkSignUp();
}
//login failed
else
{
Response.Redirect("login.aspx");
}
}
else
{
//lblStatus.Text = "Incorrect Username";
}
myConnection.Close();
}
catch (Exception ex)
{
ErrorLog.ErrorRoutine(false, "Failed Log-in from pnlLogin: " + ex.Message);
}
}
/*
*/
public bool DoLogin(string username, string password, bool hashit, bool overRide)
{
string strSQL;
IDBManager dbManager = new DBManager(DataProvider.SqlServer);
//dbManager.ConnectionString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;;
dbManager.ConnectionString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;
// strSQL = @"SELECT u.sashimi, u.txtUserName, u.salt, u.txtPassword, u.iD, u.txtEmail, u.iAcctType, u.iMerchantType, u.blog_flg, u.userDir
// FROM tblUser u WHERE txtEmail='" + username + "'";
strSQL = @"SELECT u.sashimi, u.txtUserName, u.salt, u.txtPassword, u.iD, u.txtEmail, u.iAcctType, u.iMerchantType, u.blog_flg, u.userDir,
(Select count(*) from tblServices s where (s.iServiceVal = 6 or s.iServiceVal = 7) and iuserId = u.id and iStatus = 1 ) as isPro
FROM tblUser u WHERE txtEmail='" + username + "'";
try
{
dbManager.Open();
dbManager.ExecuteReader(CommandType.Text, strSQL);
if (dbManager.DataReader.Read() == true)
{
string pwdToMatch;
string txtPass = dbManager.DataReader["txtPassword"].ToString();
bool bLoginSuccess = false;
if (dbManager.DataReader["sashimi"].ToString() == "1" && overRide == false)
{
if (hashit)
{
//get hasher pointer
BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher();
//get salt from db
string saltVal = dbManager.DataReader["salt"].ToString();
//compute hash from user input
byte[] tmpByte;
tmpByte = pHash.getHash(saltVal, password);
pwdToMatch = Convert.ToBase64String(tmpByte);
}
else
{
//ErrorLog.ErrorRoutine(false, "NotHashing");
pwdToMatch = password;
}
//check for match
if (pwdToMatch == txtPass)
{
bLoginSuccess = true;
}
}
//old algorithm; match with no hash
else
{
if (dbManager.DataReader["txtPassword"].ToString() == password)
{
bLoginSuccess = true;
}
}
//check password match
if (bLoginSuccess || overRide)
{
// Successful login, save iD for user events while logged in
HttpContext.Current.Session["LoggedIn"] = "Yes";
HttpContext.Current.Session["userId"] = dbManager.DataReader["iD"].ToString();
HttpContext.Current.Session["EmailId"] = dbManager.DataReader["txtEmail"].ToString();
HttpContext.Current.Session["acctType"] = dbManager.DataReader["iAcctType"].ToString();
HttpContext.Current.Session["MerchantType"] = dbManager.DataReader["iMerchantType"].ToString();
HttpContext.Current.Session["BlogFlg"] = dbManager.DataReader["blog_flg"].ToString();
HttpContext.Current.Session["userDir"] = dbManager.DataReader["userDir"].ToString();
HttpContext.Current.Session["userName"] = dbManager.DataReader["txtUserName"].ToString();
if (dbManager.DataReader["txtUserName"].ToString() == string.Empty)
{
HttpContext.Current.Session["userName"] = Global.ParseEmail(dbManager.DataReader["txtEmail"]);
}
//check for pro
if (Convert.ToInt32(dbManager.DataReader["isPro"].ToString()) > 0)
{
HttpContext.Current.Session["isPro"] = 1;
}
else
{
HttpContext.Current.Session["isPro"] = 0;
}
return(true);
}
//login failed
else
{
return(false);
}
}
else//couldn't read - bad username
{
ErrorLog.ErrorRoutine(false, "No record of user name");
return(false);
}
}
catch (Exception ex)
{
ErrorLog.ErrorRoutine(false, "ClsLogin:DoLogin:Error " + ex.Message);
//send error email
return(false);
}
finally
{
dbManager.Close();
dbManager.Dispose();
}
}
protected void btnSave_Click(object sender, EventArgs e)
{
//kick out if validation failed
if (!(Page.IsValid))
{
//Do over; Reset anything here that needs a reset
ResetImgMgr();
return;
}
//tally up ShaperCodeValue
if (hdnIsShaper.Value == "1")
{
TallyShaperCode();
}
string strSQL = string.Empty;
string txtPhoneNumber;
string emailNotify;
string blogNotify;
string profPic;
int showPhoneNum;
int iAcctType;
IDBManager dbManager = new DBManager(DataProvider.SqlServer);
dbManager.ConnectionString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;;
//Verify unique e-mail id.
if (Session["EmailId"].ToString() != txtEmail.Text)
{
if (verify_User(dbManager.ConnectionString, txtEmail.Text))
{
lblStatus.ForeColor = System.Drawing.Color.Red;
lblStatus.Text = "That e-mail is already registered. Please try again.";
return;
}
}
//show phone flag
showPhoneNum = (int)0;
//Free acct=1; Commercial = 2
iAcctType = Convert.ToInt16(radioAcctType.SelectedValue);
emailNotify = rdoEmailNotify.SelectedValue;
blogNotify = rdoBlogNotify.SelectedValue;
txtPhoneNumber = txtAreaCode.Text + "-" + txtPhoneNum.Text;
//if no phone num is entered then showPhonenum flag must be set to zero
if (txtAreaCode.Text != "" && txtPhoneNum.Text != "")
{
if (chkShowPhone.Checked == true)
{
showPhoneNum = (int)1;
}
}
//Get user's id
string uId = Session["userId"].ToString();
strSQL = "UPDATE tblUser SET txtFullName = '" + txtFullName.Text;
strSQL += "' ,txtEmail = '" + txtEmail.Text;
strSQL += "',txtPhoneNum = '" + txtPhoneNumber;
strSQL += "',iShowPhoneNum = '" + showPhoneNum;
strSQL += "',iAcctType = '" + iAcctType;
strSQL += "',notify_comment_flg = '" + emailNotify;
strSQL += "',notify_blog_flg = '" + blogNotify;
strSQL += "',txtUserName = '******',txtHomeTown = '" + Global.CheckString(txtHomeTown.Text);
strSQL += "',txtWebSite = '" + Global.CheckString(txtWebsite.Text);
strSQL += "',txtUserDetails = '" + Global.CheckString(txtDetails.Text);
strSQL += "',iWisdom = '" + Global.CheckString(txtShapingYrs.Text);
strSQL += "',txtBrandName = '" + Global.CheckString(txtBrandName.Text);
strSQL += "',iRegion = '" + cboRegion.SelectedValue;
if (hdnShaperCode.Value.Length > 0)
{
strSQL += "',iShaperCode = '" + Global.CheckString(hdnShaperCode.Value);
}
}
//skip pwd processing if the change pwd panel is not visible
if (pnlChangePwd.Visible && txtPassword1.Text.Length > 1)
{
BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher();
//Get SALT and encode to string
byte[] saltBytes = pHash.GenerateSALT();
string saltString = Convert.ToBase64String(saltBytes);
//get hash and encode to string with SALT
byte[] hBytes = pHash.getHash(saltString, txtPassword1.Text);
string hPass = Convert.ToBase64String(hBytes); //hashed textual password
//build SQL
strSQL += "' ,txtPassword = '******',salt = '" + saltString + "',sashimi = '" + (int)1;
}
//get profile pic if loaded and control set
if (rdoImgMgr1.SelectedValue == "Change" || rdoImgMgr1.SelectedValue == "Add")
{
if (!CheckFileType())
{
ResetImgMgr();
return;
}
//TODO: check for file before attempting to upload
profPic = UpLoadAllImages();
strSQL += "' ,profilePic = '" + profPic;
//delete old profile pic
if (!(hdnProfilePic.Value.IndexOf("nopic64.jpg") > 0))
{
//ErrorLog.ErrorRoutine(false, "Deleting old pic: " + Server.MapPath(hdnProfilePic.Value));
DeleteFile();
}
}
else
{
if (rdoImgMgr1.SelectedValue == "Delete")
{
DeleteFile();
//set to empty string
strSQL += "' ,profilePic = '";
}
//else KEEP: do nothing
}
strSQL += "' WHERE id = '" + uId + "'";
ErrorLog.ErrorRoutine(false, "strSQL-> " + strSQL);
try
{
dbManager.Open();
dbManager.ExecuteNonQuery(CommandType.Text, strSQL);
//Set new EmailId
Session["EmailId"] = txtEmail.Text;
//classes.Email.SendEmail("BH Profile Change", "*****@*****.**", "For User: "******"EmailId"].ToString() + " iD: " + uId);
Response.Redirect("UserMenu.aspx", false);
}
catch (Exception ex)
{
ErrorLog.ErrorRoutine(false, "edit_profile:error" + ex.Message);
lblStatus.Text = "Error: Connection Bad.<br>";
classes.Email.SendErrorEmail("edit_profile:error" + ex.Message);
}
finally
{
dbManager.Close();
dbManager.Dispose();
}
}
private void imgContact_Click(object sender, System.EventArgs e)
{
if (!Page.IsValid)
{
return;
}
//Connect to DB
String strSQL;
String myConnectString;
//Formulate connect string to DB
myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;;
//Build SQL
strSQL = "SELECT * FROM tblUser WHERE txtEmail='" + txtEmail.Text + "'";
SqlConnection myConnection = new SqlConnection(myConnectString);
try
{
SqlCommand objCommand = new SqlCommand(strSQL, myConnection);
myConnection.Open();
SqlDataReader objReader = null;
objReader = objCommand.ExecuteReader();
if (objReader.Read() == true)
{
BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher();
byte[] saltBytes = pHash.GenerateSALT();
string saltString = Convert.ToBase64String(saltBytes);
BoardHunt.classes.RandomPassword pwdGen = new BoardHunt.classes.RandomPassword();
string newPwd = pwdGen.Generate();
byte[] hBytes = pHash.getHash(saltString, newPwd);
string hPass = Convert.ToBase64String(hBytes);
if (UpdateUserPwd(hPass, saltString))
{
//check password match
if (newPwd != null && newPwd != "" && newPwd.Length > 0)
{
string emailMsg = "Your new password is: " + newPwd + "<br><br>You can change it again in the edit profile settings.";
classes.Email.SendEmail("Login info", txtEmail.Text, "*****@*****.**", emailMsg, false);
////Mail the password
////Create an instance of the MailMessage class
//MailMessage mail = new MailMessage();
////mail.To = "*****@*****.**";
//mail.To = txtEmail.Text;
//mail.From = "*****@*****.**";
////'If you want to CC this email to someone else
////'objMM.Cc = "*****@*****.**"
////email format. Can be Text or Html
//mail.BodyFormat = MailFormat.Text;
////Set the priority - options are High, Low, and Normal
//mail.Priority = MailPriority.Normal;
////Set the subject
//mail.Subject = "Login info";
////Set the body
//mail.Body = "Your new password is: " + newPwd;
////Smtp Server
//SmtpMail.SmtpServer = "mrelay.perfora.net";
////Send the message
//SmtpMail.Send(mail);
panelSendEmail.Visible = false;
panelMailSent.Visible = true;
}
}
}
else
{
//TODO: add code for no record for e-mail
lblStatus.Text = " We can't find that e-mail. Check it again or sign up. ";
lblStatus.BorderWidth = 1;
}
}
catch
{
lblStatus.Text = "Error!";
}
finally
{
myConnection.Close();
}
}
