protected void Button16_Click(object sender, EventArgs e) { try { DateTime date = DateTime.Now; string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString(); DataWorksClass dw = new DataWorksClass(constring); dw.SetCommand("SELECT MAX(Prescription_ID) FROM Prescription"); int preid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("INSERT INTO Prescription(Prescription_ID,Medical_officer,Issue_date,Issue_month,Issue_year,Medicine,Dosage,Notes,Patient_ID,date) VALUES(@Prescription_ID,@Medical_officer,@Issue_date,@Issue_month,@Issue_year,@Medicine,@Dosage,@Notes,@Patient_ID,@date)"); dw.SetSqlCommandParameters("Prescription_ID", preid); dw.SetSqlCommandParameters("Medical_officer", DropDownList17.SelectedValue); dw.SetSqlCommandParameters("Issue_date", DropDownList18.SelectedValue); dw.SetSqlCommandParameters("Issue_month", DropDownList19.SelectedValue); dw.SetSqlCommandParameters("Issue_year", DropDownList20.SelectedValue); dw.SetSqlCommandParameters("Medicine", DropDownList21.SelectedValue.Trim()); dw.SetSqlCommandParameters("Dosage", TextBox22.Text.Trim()); dw.SetSqlCommandParameters("Notes", TextBox27.Text.Trim()); dw.SetSqlCommandParameters("Patient_ID", ApptP_ID); dw.SetSqlCommandParameters("date", date); dw.Insert(); DropDownList21.SelectedIndex = 0; TextBox22.Text = ""; TextBox27.Text = ""; this.Button14_ModalPopupExtender.Show(); } catch { } }
protected void Button10_Click1(object sender, EventArgs e) { try { string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString(); DataWorksClass dw = new DataWorksClass(constring); dw.SetCommand("SELECT MAX(Lab_report_ID) FROM Labreport"); int labid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("SELECT MAX(Colestoroll_ID) FROM Colestoroll"); int cholid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("INSERT INTO Labreport(Lab_report_ID,Medical_officer,Patient_ID ,Issue_date,Issue_month,Issue_year,Report_type) VALUES(@lid,@moff,@pid,@isd,@ism,@isy,@rtype)"); dw.SetSqlCommandParameters("lid", labid); dw.SetSqlCommandParameters("moff", DropDownList7.SelectedValue); dw.SetSqlCommandParameters("pid", ApptP_ID); dw.SetSqlCommandParameters("isd", DropDownList10.SelectedValue); dw.SetSqlCommandParameters("ism", DropDownList11.SelectedValue); dw.SetSqlCommandParameters("isy", DropDownList12.SelectedValue); dw.SetSqlCommandParameters("rtype", "Cholestrol"); dw.Insert(); dw.SetCommand("INSERT INTO Colestoroll(Lab_report_ID ,Colestoroll_ID,LDL,HDL,Triglicerides,VLDL_Cholesterol,Total_Cholesterol,Pat_ID,Other) VALUES(@Lab_report_ID,@Colestoroll_ID,@LDL,@HDL ,@Triglicerides,@VLDL_Cholesterol,@Total_Cholesterol,@Pat_ID,@Other)"); dw.SetSqlCommandParameters("Lab_report_ID", labid); dw.SetSqlCommandParameters("Colestoroll_ID", cholid); dw.SetSqlCommandParameters("LDL", TextBox9.Text.Trim()); dw.SetSqlCommandParameters("HDL", TextBox10.Text.Trim()); dw.SetSqlCommandParameters("Triglicerides", TextBox11.Text.Trim()); dw.SetSqlCommandParameters("VLDL_Cholesterol", TextBox12.Text.Trim()); dw.SetSqlCommandParameters("Total_Cholesterol", TextBox13.Text.Trim()); dw.SetSqlCommandParameters("Pat_ID", TextBox4.Text.Trim()); dw.SetSqlCommandParameters("Other", TextBox19.Text.Trim()); dw.Insert(); Response.Redirect("~/User/Doctor/Dashboard.aspx"); } catch { } }
protected void Button12_Click(object sender, EventArgs e) { try { string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString(); DataWorksClass dw = new DataWorksClass(constring); dw.SetCommand("SELECT MAX(Lab_report_ID) FROM Labreport"); int labid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("SELECT MAX(Urine_report_ID) FROM Urinereport"); int urid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("INSERT INTO Labreport(Lab_report_ID,Medical_officer,Patient_ID ,Issue_date,Issue_month,Issue_year,Report_type) VALUES(@lid,@moff,@pid,@isd,@ism,@isy,@rtype)"); dw.SetSqlCommandParameters("lid", labid); dw.SetSqlCommandParameters("moff", DropDownList13.SelectedValue); dw.SetSqlCommandParameters("pid", ApptP_ID); dw.SetSqlCommandParameters("isd", DropDownList14.SelectedValue); dw.SetSqlCommandParameters("ism", DropDownList15.SelectedValue); dw.SetSqlCommandParameters("isy", DropDownList16.SelectedValue); dw.SetSqlCommandParameters("rtype", "Urine"); dw.Insert(); dw.SetCommand("INSERT INTO Urinereport(Urine_report_ID ,Lab_report_ID,Glucose,Protein,Crystal,Acidity,Pat_ID,Other) VALUES(@Urine_report_ID,@Lab_report_ID,@Glucose,@Protein,@Crystal,@Acidity,@Pat_ID,@Other)"); dw.SetSqlCommandParameters("Urine_report_ID", urid); dw.SetSqlCommandParameters("Lab_report_ID", labid); dw.SetSqlCommandParameters("Glucose", TextBox16.Text.Trim()); dw.SetSqlCommandParameters("Protein", TextBox17.Text.Trim()); dw.SetSqlCommandParameters("Crystal", TextBox18.Text.Trim()); dw.SetSqlCommandParameters("Acidity", TextBox20.Text.Trim()); dw.SetSqlCommandParameters("Pat_ID", TextBox15.Text.Trim()); dw.SetSqlCommandParameters("Other", TextBox13.Text.Trim()); dw.Insert(); Response.Redirect("~/User/Doctor/Dashboard.aspx"); } catch { } }
protected void Button10_Click(object sender, EventArgs e) { try { string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString(); DataWorksClass dw = new DataWorksClass(constring); dw.SetCommand("SELECT MAX(Lab_report_ID) FROM Labreport"); int labid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("SELECT MAX(Blood_report_ID) FROM Bloodreport"); int bloodrepid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("INSERT INTO Labreport(Lab_report_ID,Medical_officer,Patient_ID ,Issue_date,Issue_month,Issue_year,Report_type) VALUES(@lid,@moff,@pid,@isd,@ism,@isy,@rtype)"); dw.SetSqlCommandParameters("lid", labid); dw.SetSqlCommandParameters("moff", DropDownList1.SelectedValue); dw.SetSqlCommandParameters("pid", ApptP_ID); dw.SetSqlCommandParameters("isd", DropDownList3.SelectedValue); dw.SetSqlCommandParameters("ism", DropDownList4.SelectedValue); dw.SetSqlCommandParameters("isy", DropDownList6.SelectedValue); dw.SetSqlCommandParameters("rtype", "Blood"); dw.Insert(); dw.SetCommand("INSERT INTO Bloodreport(Blood_report_ID ,Lab_report_ID,Red_blood_cells,White_blood_cells,Glucose,Blood_type,Hemoglobin,Platelets,Other) VALUES(@bid,@lid,@redbcell,@whitebcell ,@glu,@btype,@hemog,@plate,@other)"); dw.SetSqlCommandParameters("bid", bloodrepid); dw.SetSqlCommandParameters("lid", labid); dw.SetSqlCommandParameters("redbcell", TextBox2.Text.Trim()); dw.SetSqlCommandParameters("whitebcell", TextBox3.Text.Trim()); dw.SetSqlCommandParameters("glu", TextBox5.Text.Trim()); dw.SetSqlCommandParameters("btype", TextBox24.Text.Trim()); dw.SetSqlCommandParameters("hemog", TextBox6.Text.Trim()); dw.SetSqlCommandParameters("plate", TextBox8.Text.Trim()); dw.SetSqlCommandParameters("other", TextBox7.Text.Trim()); dw.Insert(); Response.Redirect("~/User/Doctor/Dashboard.aspx"); } catch { } }
protected void Button1_Click(object sender, EventArgs e) { string pid = Session["Patient_ID"].ToString(); DateTime d = DateTime.Now; string date = d.ToString("yyyy-MM-dd"); //string date = GridView1.SelectedRow.Cells[1].Text; dw.SetCommand("SELECT No_of_patient FROM Appointment_date WHERE Date = @date and Doctor_ID = @did"); dw.SetSqlCommandParameters("date", date); dw.SetSqlCommandParameters("did", session1); int count1 = Convert.ToInt32(dw.GetSingleData()) - 1; dw.SetCommand("SELECT appointmentdate_ID from Appointment_date WHERE Date = @date and Doctor_ID = @did"); dw.SetSqlCommandParameters("date", date); dw.SetSqlCommandParameters("did", session1); string appointmentdateid = dw.GetSingleData().Trim(); dw.SetCommand("SELECT COUNT(Channel_no) FROM Channel WHERE Doctor_ID = @did and Patient_ID = @pid and chan_date = @date"); dw.SetSqlCommandParameters("did", session1); dw.SetSqlCommandParameters("pid", Session["Patient_ID"].ToString().Trim()); dw.SetSqlCommandParameters("date", date); int i = Convert.ToInt32(dw.GetSingleData()); if (i < 1) { dw.SetCommand("UPDATE Appointment_date SET No_of_patient = @count WHERE Date = @dte and Doctor_ID = @did"); dw.SetSqlCommandParameters("dte", date); dw.SetSqlCommandParameters("did", session1); dw.SetSqlCommandParameters("count", count1); dw.Update(); dw.SetCommand("SELECT MAX(Channel_no) from Channel"); int channelno = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("INSERT INTO Channel (Channel_no,Doctor_ID,appointmentdate_ID,Patient_ID,chan_date) VALUES (@chlno,@docid,@appno,@patid,@date)"); dw.SetSqlCommandParameters("chlno", channelno); dw.SetSqlCommandParameters("docid", Label6.Text.Trim()); dw.SetSqlCommandParameters("appno", appointmentdateid); dw.SetSqlCommandParameters("patid", pid); dw.SetSqlCommandParameters("date", date); dw.Insert(); dw.SetCommand("SELECT No_of_patient FROM Appointment_date WHERE Date = @dte and Doctor_ID = @did"); if (count1 == 0) { dw.SetCommand("UPDATE Appointment_date SET Availability = @ava WHERE Date = @dte and Doctor_ID = @did"); dw.SetSqlCommandParameters("dte", date); dw.SetSqlCommandParameters("did", session1); dw.SetSqlCommandParameters("ava", "NOT AVAILABLE"); dw.Update(); } else { dw.SetCommand("UPDATE Appointment_date SET Availability = @ava WHERE Date = @dte and Doctor_ID = @did"); dw.SetSqlCommandParameters("dte", date); dw.SetSqlCommandParameters("did", session1); dw.SetSqlCommandParameters("ava", "AVAILABLE"); dw.Update(); } //Email Start...................................................... string uid = Session["User_ID"].ToString(); string uname = Session["User_name"].ToString(); dw.SetCommand(@"SELECT User_name FROM namal WHERE User_ID = @uid"); dw.SetSqlCommandParameters("uid", uid); string check = dw.GetSingleData(); if (check == uname) { dw.SetDataAdapter(@"SELECT E_mail, User_name FROM namal WHERE User_ID = '" + uid + "' "); DataTable dt = dw.GetDataTable(); string email = (dt.Rows[0][0].ToString()).Trim(); string username = (dt.Rows[0][1].ToString()).Trim(); //dw.SetCommand("SELECT Channel_no FROM Channel WHERE "); //dw.SetSqlCommandParameters("uname", txtuname.Text.Trim()); //dw.SetSqlCommandParameters("email", txtemail.Text.Trim()); //dw.SetSqlCommandParameters("nic", txtnic.Text.Trim()); //string pass = dw.GetSingleData().Trim(); MailMessage mm = new MailMessage("*****@*****.**", email); //(your gmail,receiver gmail) mm.Subject = "KDU CMS | Appintment Has Been Approved!"; //Subject mm.Body = "<b>" + "Dear " + TextBox5.Text.Trim() + "," + "</b> <br>" + "Your appointment has been approved by KDU Online Channelling and Management System." + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "Your Channel Number " + "</td>" + "<td>" + "<b>" + channelno + "</b>" + "</td>" + "</tr>" + "<tr>" + "<td>" + "Your Reserved Date " + "</td>" + "<td>" + "<b>" + TextBox3.Text.Trim() + "</b>" + "</td>" + "</tr>" + "<tr>" + "<td>" + "Doctor " + "</td>" + "<td>" + "<b>" + TextBox2.Text.Trim() + "</b>" + "</td>" + "</tr>" + "<tr>" + "<td>" + "Specialization " + "</td>" + "<td>" + "<b>" + TextBox4.Text.Trim() + "</b>" + "</td>" + "</tr>" + "</table>" + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "<img src=\"https://preview.ibb.co/kaGrEf/logo.png\" width=\"50px\">" + " " + "</td>" + "<td>" + "<b>" + "KDU Channeling Center," + "<br>" + "General Sir John Kotelawala Defence University," + "<br>" + "Southern Campus," + "<br>" + "Sooriyawewa." + "<br>" + "+94718810575" + "</b>" + "</td>" + "</tr>" + "</table>"; //Message //+"<table>"+ // "<tr>"+ // "<td>" + "Your Channel Number " + "</td>" + // "<td>" + "<b>" + channelno + "</b>" + "</td>" + // "</tr>"+ // "<tr>" + // "<td>" + "Your Reserved Date " + "</td>" + // "<td>" + "<b>" + TextBox3.Text.Trim() + "</b>" + "</td>" + // "</tr>" + // "<tr>" + // "<td>" + "Doctor " + "</td>" + // "<td>" + "<b>" + TextBox2.Text.Trim() + "</b>" + "</td>" + // "</tr>" + // "<tr>" + // "<td>" + "Specialization " +"</td>" + // "<td>" + "<b>" + TextBox4.Text.Trim() + "</b>" + "</td>" + // "</tr>" + //"</table>"+ //+"<table>" + // "<tr>" + // "<td>" + "<img src=\"https://preview.ibb.co/kaGrEf/logo.png\" width=\"50px\">" + " " + "</td>" + // "<td>" + "<b>" + "KDU Channeling Center,"+"<br>"+"General Sir John Kotelawala Defence University,"+"<br>"+"Southern Campus,"+"<br>"+"Sooriyawewa."+"<br>"+"+94718810575"+"</b>" + "</td>" + // "</tr>" + //"</table>" + mm.IsBodyHtml = true; SmtpClient smtp = new SmtpClient(); smtp.Host = "smtp.gmail.com"; smtp.EnableSsl = true; NetworkCredential networkcred = new NetworkCredential("*****@*****.**", "KDU123cms");//(your gmail & gmail password) smtp.UseDefaultCredentials = true; smtp.Credentials = networkcred; smtp.Port = 587; smtp.Send(mm); //Response.Write("<script language=javascript>alert('BOOKING SUCCESSFULL! CHECK YOUR EMAILS!')</script>"); } else { Response.Write("<script language=javascript>alert('YOUR DETAILS ARE NOT MATCH WITH YOUR ACCOUNT DETAILS !!!!')</script>"); } } else { Response.Write("<script language=javascript>alert('You have an appointment already for this date !!!!')</script>"); } //---------------------------------End Email Response.Write("<script language=javascript>alert('BOOKING SUCCESSFULL! CHECK YOUR EMAILS!')</script>"); Response.Redirect("~/User/Patient/Appointments.aspx"); Response.Write("<script language=javascript>alert('You have an appointment already for this date !!!!')</script>"); }
protected void btnreg_Click(object sender, EventArgs e) { string type = drpStaffType.SelectedValue.Trim(); // ====================================================================================================================== case 1 string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString(); DataWorksClass dw = new DataWorksClass(constring); dw.SetCommand("SELECT count(User_ID) FROM namal WHERE User_name = @uname"); dw.SetSqlCommandParameters("uname", txtuname.Text.Trim()); int count1 = Convert.ToInt32(dw.GetSingleData().Trim()); if (count1 < 1) { dw.SetCommand("SELECT MAX(User_ID) FROM namal"); int count = Convert.ToInt32(dw.GetSingleData()) + 1; if (txtpassword.Text.Trim() == txtconfirmpassword.Text.Trim()) { const int MIN_LENGTH = 8; const int MAX_LENGTH = 15; if (txtpassword.Text == null) { throw new ArgumentNullException(); } bool meetsLengthRequirements = txtpassword.Text.Trim().Length >= MIN_LENGTH && txtpassword.Text.Trim().Length <= MAX_LENGTH; bool hasUpperCaseLetter = false; bool hasLowerCaseLetter = false; bool hasDecimalDigit = false; if (meetsLengthRequirements) { foreach (char c in txtpassword.Text.Trim()) { if (char.IsUpper(c)) { hasUpperCaseLetter = true; } else if (char.IsLower(c)) { hasLowerCaseLetter = true; } else if (char.IsDigit(c)) { hasDecimalDigit = true; } } bool isValid = meetsLengthRequirements && hasUpperCaseLetter && hasLowerCaseLetter && hasDecimalDigit ; if (isValid == true) { dw.SetCommand("INSERT INTO namal(User_ID,User_name,Password,E_mail,Type) VALUES (@uid,@uname,@pass,@email,@type)"); dw.SetSqlCommandParameters("uid", count.ToString()); dw.SetSqlCommandParameters("uname", txtuname.Text.Trim()); dw.SetSqlCommandParameters("pass", txtpassword.Text.Trim()); dw.SetSqlCommandParameters("email", txtemail.Text.Trim()); dw.SetSqlCommandParameters("type", type); dw.Insert(); switch (type) { case "doctor": dw.SetCommand("select max(Doctor_ID) from Doctor"); int did = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("INSERT INTO Doctor(Doctor_ID,User_ID) VALUES (@did,@uid)"); dw.SetSqlCommandParameters("did", did); dw.SetSqlCommandParameters("uid", count); dw.Insert(); break; case "nurse": dw.SetCommand("SELECT MAX(Nurse_ID) FROM Nurse"); int nid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("insert into Nurse(Nurse_ID,User_ID) VALUES (@nid,@uid)"); dw.SetSqlCommandParameters("nid", nid); dw.SetSqlCommandParameters("uid", count); dw.Insert(); break; case "admin": dw.SetCommand("SELECT MAX(Admin_ID) FROM Admin"); int aid = Convert.ToInt32(dw.GetSingleData()) + 1; dw.SetCommand("insert into Admin(Admin_ID,User_ID) VALUES (@aid,@uid)"); dw.SetSqlCommandParameters("aid", aid); dw.SetSqlCommandParameters("uid", count); dw.Insert(); break; } //Email Start...................................................... string email = txtemail.Text.Trim(); string pass = txtpassword.Text.Trim(); string uname = txtuname.Text.Trim(); MailMessage mm = new MailMessage("*****@*****.**", email); //(your gmail,receiver gmail) mm.Subject = "KDU CMS | Registration Success!"; //Subject mm.Body = "<b>" + "Dear " + txtuname.Text.Trim() + "," + "</b> <br>" + "You have registered on KDU Online Channelling and Management System." + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "Your Username " + "</td>" + "<td>" + "<b>" + uname + "</b>" + "</td>" + "</tr>" + "</table>" + "<br> <br>" + "<i>" + "Important! Keep your username and password in a secure place." + "</i>" + "<br> <br>" + "<table>" + "<tr>" + "<td>" + "<img src=\"https://preview.ibb.co/kaGrEf/logo.png\" width=\"50px\">" + " " + "</td>" + "<td>" + "<b>" + "KDU Channeling Center," + "<br>" + "General Sir John Kotelawala Defence University," + "<br>" + "Southern Campus," + "<br>" + "Sooriyawewa." + "<br>" + "+94718810575" + "</b>" + "</td>" + "</tr>" + "</table>"; //Message mm.IsBodyHtml = true; SmtpClient smtp = new SmtpClient(); smtp.Host = "smtp.gmail.com"; smtp.EnableSsl = true; NetworkCredential networkcred = new NetworkCredential("*****@*****.**", "KDU123cms"); //(your gmail & gmail password) smtp.UseDefaultCredentials = true; smtp.Credentials = networkcred; smtp.Port = 587; smtp.Send(mm); //---------------------------------End Email txtuname.Text = ""; txtpassword.Text = ""; txtemail.Text = ""; txtconfirmpassword.Text = ""; Response.Write("<script language=javascript>alert('SUCCESSFULLY REGISTERED!!!')</script>"); Response.Redirect("~/User/Admin/AdminDefault.aspx"); } else { string ss = "PASSWORD SHOULD BE INCLUDED LOWER CASES AND UPPER CASES"; lbl1.Visible = true; lbl1.Text = ss; } } else { string ss = "Password Length should be in 8 to 15"; lbl1.Visible = true; lbl1.Text = ss; } } else { string ss = "PASSWORDS ARE NOT MATCHING!!!!"; lbl2.Visible = true; lbl2.Text = ss; } } else { string ss = "THIS USER NAME ALREADY IN USE"; lbl3.Visible = true; lbl3.Text = ss; } }
protected void btnlogin_Click(object sender, EventArgs e) { string constring = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString.ToString(); DataWorksClass dw = new DataWorksClass(constring); dw.SetCommand(@"select count(User_ID) from namal where User_name=@username and Password = @password"); dw.SetSqlCommandParameters("username", txtuname.Text.Trim()); dw.SetSqlCommandParameters("password", txtpassword.Text.Trim()); int count = Convert.ToInt32(dw.GetSingleData()); dw.SetCommand("SELECT MAX(id) FROM loginlog"); int i = Convert.ToInt32(dw.GetSingleData()) + 1; DateTime d = DateTime.Now; string date = d.ToString("yyyy-MM-dd"); string time = d.ToString("hh:mm:ss"); //validating the user if (count == 1) { dw.SetDataAdapter(@"select Type,User_name,User_ID from namal where User_name=@username and Password = @password"); dw.SetDataAdapterParameters("username", txtuname.Text.Trim()); dw.SetDataAdapterParameters("password", txtpassword.Text.Trim()); DataTable dt = dw.GetDataTable(); string uname = (dt.Rows[0][1].ToString()).Trim(); string type = (dt.Rows[0][0].ToString()).Trim(); string uid = (dt.Rows[0][2].ToString()).Trim(); Session["User_ID"] = uid; Session["type"] = type; dw.SetCommand("SELECT Patient_ID FROM Patient WHERE User_ID = @uid"); dw.SetSqlCommandParameters("uid", uid); string pid = dw.GetSingleData().Trim(); Session["Patient_ID"] = pid; //filling login log table dw.SetCommand("INSERT INTO loginlog (id,username,attempt,date,time,type) VALUES (@id,@uname,@attempt,@date,@time,@type)");//,, dw.SetSqlCommandParameters("id", i); dw.SetSqlCommandParameters("uname", txtuname.Text.Trim()); dw.SetSqlCommandParameters("attempt", "success"); dw.SetSqlCommandParameters("date", date); dw.SetSqlCommandParameters("time", time); dw.SetSqlCommandParameters("type", type); dw.Insert(); Session["User_name"] = uname; //checking the type of users switch (type) { case "doctor": dw.SetCommand("SELECT Doctor_ID FROM Doctor WHERE User_ID = @uid"); dw.SetSqlCommandParameters("uid", uid); string did = dw.GetSingleData().Trim(); Session["Doctor_ID"] = did; if (CheckBox1.Checked) { Session["ok"] = "go"; } else { Session["ok"] = null; } Session["User_name"] = uname; Response.Redirect("~/User/Doctor/Appointments.aspx"); break; case "patient": if (CheckBox1.Checked) { Session["ok"] = "go"; } else { Session["ok"] = null; } Session["User_name"] = uname; Response.Redirect("~/Default.aspx"); break; case "admin": dw.SetCommand("SELECT Admin_ID FROM Admin WHERE User_ID = @uid"); dw.SetSqlCommandParameters("uid", uid); string aid = dw.GetSingleData().Trim(); Session["Admin_ID"] = aid; if (CheckBox1.Checked) { Session["ok"] = "go"; } else { Session["ok"] = null; } Session["User_name"] = uname; Response.Redirect("~/User/Admin/AdminDefault.aspx"); break; case "nurse": dw.SetCommand("SELECT Nurse_ID FROM Nurse WHERE User_ID = @uid"); dw.SetSqlCommandParameters("uid", uid); string nid = dw.GetSingleData().Trim(); Session["Nurse_ID"] = nid; if (CheckBox1.Checked) { Session["ok"] = "go"; } else { Session["ok"] = null; } Session["User_name"] = uname; Response.Redirect("~/User/Nurse/NurseDefault.aspx"); break; } } else { //print a error msg when user try to login without providing user credentials and in here userlogs table not filling if (txtuname.Text == "" || txtpassword.Text == "") { Response.Write("<script language=javascript>alert('PLZ FILL THE USERNAME AND PASSWORD FIELDS!!!!')</script>"); } else if (txtuname.Text != "" || txtpassword.Text != "") { //filing loginlog table dw.SetCommand("INSERT INTO loginlog (id,username,attempt,date,time,type) VALUES (@id,@uname,@attempt,@date,@time,@type)");//,, dw.SetSqlCommandParameters("id", i); dw.SetSqlCommandParameters("uname", txtuname.Text.Trim()); dw.SetSqlCommandParameters("attempt", "not success"); dw.SetSqlCommandParameters("date", date); dw.SetSqlCommandParameters("time", time); dw.SetSqlCommandParameters("type", "unbound"); dw.Insert(); Response.Write("<script language=javascript>alert('WRONG CREDENTIALS!!!!')</script>"); } } }