Exemplo n.º 1
0
    protected void cmdLogin_Click(object sender, EventArgs e)
    {
        connect = new DatabaseConector();
        SqlCommand cmd = connect.getCommand();

        cmd.CommandText = "SELECT User_Password FROM Users WHERE User_UserName = '******';";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        SqlDataReader reader = cmd.ExecuteReader();
        if (reader.HasRows)
        {
            reader.Read();
            string pass = (string)reader["User_Password"];
            string hashed = txtPassword.Text; //hash.hash(txtPassword.Text);
                                              //not hashing as the data is corrupted in the process of sending the hashed string to the database
            if (hashed.Equals(pass))
            {
                Session["Logged"] = true;
                Session["UserID"] = txtUserName.Text;
                Session["Admin"] = Convert.ToBoolean(reader["User_AdminRight"]);
                Response.Redirect("Default.aspx");
            }
        }
        connect.close();
    }
Exemplo n.º 2
0
        public void ConnectToDatabaseTest()
        {
            DatabaseConector d = new DatabaseConector();

            d.ConnectToDatabase();
            d.DisconectFromDatabase();
        }
Exemplo n.º 3
0
    protected void cmdAdd_Click(object sender, EventArgs e)
    {
        connect = new DatabaseConector();
        SqlCommand cmd = connect.getCommand();

        cmd.CommandText = "SELECT * FROM Users WHERE User_UserName = '******';";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        SqlDataReader reader = cmd.ExecuteReader();
        if (!reader.HasRows){
            connect.close();
            connect = new DatabaseConector();
            cmd = connect.getCommand();

            string cmdText = "INSERT INTO Users VALUES('" + txtUserName.Text + "', '"
            + txtEmail.Text + "', '"
            + hash.hash(txtPassword.Text) + "', '"
            + txtFName.Text + "', '"
            + txtLName.Text + "', "
            + lstTitle.SelectedValue + ", '"
            + txtAdress.Text + "', "
            + txtAccount.Text + ", 'false');";

            cmd.CommandText = cmdText;
            cmd.Connection.Open();
            cmd.ExecuteNonQuery();
        }
        connect.close();
    }
 protected void cmdRemove_Click(object sender, EventArgs e)
 {
     DatabaseConector connect = new DatabaseConector();
     SqlCommand cmd = connect.getCommand();
     cmd.CommandText = "UPDATE Product SET Prod_State=-1 WHERE Prod_ID=" + Convert.ToInt32(Request.QueryString["Prod_ID"]) +";";
     cmd.Connection.Open();
     cmd.ExecuteNonQuery();
     connect.close();
 }
Exemplo n.º 5
0
    protected void btnCheckOut_Click(object sender, EventArgs e)
    {
        ArrayList prodList = new ArrayList();
        ArrayList avaList = new ArrayList();
        DatabaseConector connect = new DatabaseConector();
        SqlCommand cmd = connect.getCommand();
        cmd.CommandText = "SELECT * FROM Cart WHERE User_UserName='******';";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        SqlDataReader reader = cmd.ExecuteReader();

        if (reader.HasRows)
            while (reader.Read())
            {
                prodList.Add(reader["Prod_ID"]);
            }
        connect.close();

        foreach (object o in prodList)
        {
            int i = Convert.ToInt32(o);
            connect = new DatabaseConector();
            cmd = connect.getCommand();
            cmd.CommandText = "SELECT * FROM Product WHERE Prod_ID=" + i + ";";
            cmd.Connection.Open();
            cmd.ExecuteNonQuery();
            reader = cmd.ExecuteReader();
            if (reader.HasRows)
                if (Convert.ToInt32(reader["Prod_State"]) == 0)
                {
                    avaList.Add(i);
                }
            connect.close();
        }

        foreach (object o in avaList)
        {
            int i = Convert.ToInt32(o);
            connect = new DatabaseConector();
            cmd = connect.getCommand();
            cmd.CommandText = "UPDATE Product SET Prod_State=1 WHERE Prod_ID=" + i + ";";
            cmd.Connection.Open();
            cmd.ExecuteNonQuery();
            connect.close();
        }
        Session.Abandon();
    }
Exemplo n.º 6
0
    protected void cmdLogin_Click(object sender, EventArgs e)
    {
        connect = new DatabaseConector();
        SqlCommand cmd = connect.getCommand();

        cmd.CommandText = "SELECT User_Password FROM Users WHERE User_UserName = '******';";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        SqlDataReader reader = cmd.ExecuteReader();
        if (reader.HasRows)
        {
            reader.Read();
            string pass = (string)reader["User_Password"];
            string hashed = hash.hash(txtPassword.Text);
            if (hashed.Equals(pass))
            {
                Session.Add("LoggedIn", true);
                Response.Redirect("Default.aspx");
            }
        }
    }
Exemplo n.º 7
0
    protected void cmdAdd_Click(object sender, EventArgs e)
    {
        int pID = -1;
        int dID = 0;
        string totDesc = txtDescription.Text;
        string fn = "";
        string desc = totDesc.Substring(0, totDesc.IndexOf("\r\n"));
        totDesc = totDesc.Substring(totDesc.IndexOf("\n") + 1);

        if((imFile.PostedFile != null) && (imFile.PostedFile.ContentLength > 0))
        {
             fn = System.IO.Path.GetFileName(imFile.PostedFile.FileName);
            string saveLoc = ".\\CarImages\\" + fn;
            try
            {
                imFile.PostedFile.SaveAs(saveLoc);
            }
            catch
            {
                //
            }
        }

        DatabaseConector connect = new DatabaseConector();
        SqlCommand cmd = connect.getCommand();
        cmd.CommandText = "SELECT COUNT(*) FROM Product AS Count;";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        SqlDataReader reader = cmd.ExecuteReader();
        if(reader.HasRows)
        {
            reader.Read();
            pID = Convert.ToInt32(reader[0]);
            pID++;
        }
        connect.close();

        connect = new DatabaseConector();
        cmd = connect.getCommand();
        cmd.CommandText = "INSERT INTO Product VALUES ("
            + pID + ", '" + txtName.Text + "', '" + txtMake.Text + "', '" + txtModle.Text
            + "', '" + txtColour.Text + "', '" + desc + "', '" + fn + "', " + txtPrice.Text
            + ", 0, '" + Convert.ToString(Session["UserID"]) + "');";
        cmd.Connection.Open();
        if(pID != -1)
            cmd.ExecuteNonQuery();

        connect.close();

        int index = totDesc.IndexOf("\n");

        while (index > 0)
        {
            desc = totDesc.Substring(0, totDesc.IndexOf("\r\n"));
            totDesc = totDesc.Substring(totDesc.IndexOf("\n") + 1);

            connect = new DatabaseConector();
            cmd = connect.getCommand();
            cmd.CommandText = "SELECT COUNT(*) FROM Description;";
            cmd.Connection.Open();
            cmd.ExecuteNonQuery();
            reader = cmd.ExecuteReader();
            if (reader.HasRows)
            {
                reader.Read();
                dID = Convert.ToInt32(reader[0]) + 1;
            }
            connect.close();

            connect = new DatabaseConector();
            cmd = connect.getCommand();
            cmd.CommandText = "INSERT INTO Description VALUES(" + dID + ", 'false', '" + desc + "', " + pID + ");";
            cmd.Connection.Open();
            cmd.ExecuteNonQuery();

            connect.close();
            index = totDesc.IndexOf("\n");
        }
    }
    protected void Page_Load(object sender, EventArgs e)
    {
        string descrip = "";
        SqlConnection DisplayTable = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename='|DataDirectory|\\NovaDB.mdf';Integrated Security=True;User Instance=True");

        int selected = Convert.ToInt32(Request.QueryString["Prod_ID"]);
        connection = new DatabaseConector();
        SqlCommand cmd = connection.getCommand();
        cmd.CommandText = "SELECT * FROM Product WHERE Prod_ID = " + selected + ";";

        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        SqlDataReader reader = cmd.ExecuteReader();
        if (reader.HasRows)
        {
            reader.Read();
            descrip = Convert.ToString (reader["Prod_Description"]);
            tablecontent += "<image src = 'CarImages/" + reader["Prod_Image"] + "' alt='" + reader["Prod_Name"] + "' height='400' width='600'/>";
            literal2.Text = tablecontent;
            tablecontent = "<table><tr><th>Name :</th><td>"
            + reader["Prod_Name"] + "</td></tr><tr><th>Make :</th><td>"
            + reader["Prod_Make"] + "</td></tr><tr><th>Model :</th><td>"
            + reader["Prod_Modle"] + "</td></tr><tr><th>Colour :</th><td>"
            + reader["Prod_Colour"] + "</td></tr><tr><th>Price :</th><td>"
            + reader["Prod_Price"] + "</td></tr></table>";
            literal3.Text = tablecontent;
        }
        else
        {
            Response.Redirect("Default.aspx");
        }
        connection.close();

        tablecontent = "";

        connection = new DatabaseConector();
        cmd = connection.getCommand();
        cmd.CommandText = "SELECT * FROM Description where Prod_ID = " + selected + " ORDER BY Desc_Image DESC;";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        reader = cmd.ExecuteReader();
        if (reader.HasRows)
        {
            int count = 1;
            bool imFlag = true;
            tablecontent += "<tr>";
            while (reader.Read())
            {
                count++;
                if (Convert.ToBoolean(reader["Desc_Image"]))
                {
                    tablecontent += "<td><image src = 'CarImages/" + reader["Desc_Value"] + "' alt='" + reader["Desc_Value"] + "' height='200' width='270'/></td>";
                    imFlag = true;
                }
                else
                {
                    if (imFlag)
                    {
                        tablecontent += "</tr><tr>";
                        count = 1;
                        imFlag = false;
                    }
                    tablecontent += "<td>" + reader["Desc_Value"] + "</td>";
                }
                if (count % 3 == 0)
                {
                    tablecontent += "</tr><tr>";
                }
            }
            tablecontent += "</tr>";
            literal1.Text = tablecontent;
        }
        connection.close();
    }
Exemplo n.º 9
0
    protected void Page_Load(object sender, EventArgs e)
    {
        string strTable = "";
        int selected = Convert.ToInt32(Request.QueryString["Prod_ID"]);
        ArrayList cartList = new ArrayList();
        ArrayList myList = new ArrayList();

        connect = new DatabaseConector();
        SqlCommand cmd = connect.getCommand();
        cmd.CommandText = "SELECT * FROM Product WHERE Prod_ID=" + selected + ";";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        SqlDataReader reader = cmd.ExecuteReader();
        if (reader.HasRows && Convert.ToBoolean(Session["Logged"]))
        {
            reader.Read();
            double pPrice = Convert.ToDouble(reader["Prod_Price"]);
            if (Convert.ToInt32(reader["Prod_state"]) == 0)
            {
                connect.close();

                connect = new DatabaseConector();
                cmd = connect.getCommand();
                cmd.CommandText = "SELECT COUNT(*) FROM Cart AS Count;";
                cmd.Connection.Open();
                cmd.ExecuteNonQuery();
                reader = cmd.ExecuteReader();
                if (reader.HasRows)
                {
                    reader.Read();
                    int cID = Convert.ToInt32(reader[0]);
                    connect.close();

                    connect = new DatabaseConector();
                    cmd = connect.getCommand();
                    cmd.CommandText = "INSERT INTO Cart VALUES (" + cID + ", " + pPrice + ", '" + Session["UserID"] + "', " + selected + ");";
                    cmd.Connection.Open();
                    cmd.ExecuteNonQuery();
                }
            }
        }
        connect.close();

        connect = new DatabaseConector();
        cmd = connect.getCommand();
        cmd.CommandText = "SELECT * FROM Cart WHERE User_Username='******';";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        reader = cmd.ExecuteReader();
        if(reader.HasRows)
        {
            while(reader.Read())
                cartList.Add(reader["Prod_ID"]);
        }
        connect.close();

        connect = new DatabaseConector();
        cmd = connect.getCommand();
        cmd.CommandText = "SELECT * FROM Product WHERE User_Username='******';";
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        reader = cmd.ExecuteReader();
        if (reader.HasRows)
        {
            while (reader.Read())
                myList.Add(reader["Prod_ID"]);
        }
        connect.close();

        connect = new DatabaseConector();
        cmd = connect.getCommand();
        cmd.CommandText = "SELECT * FROM Product";

        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        reader = cmd.ExecuteReader();
        if (!reader.HasRows)
        {
            connect.close();
        }
        else
        {

            while (reader.Read())
            {
                if (Convert.ToInt32(reader["Prod_State"]) == 0)
                {
                    strTable += "<tr><td><a href='Description.aspx?Prod_ID=" + reader["Prod_ID"] + "'>" + reader["Prod_Name"] + "</a></td>"
                    + "<td><a href='Description.aspx?Prod_ID=" + reader["Prod_ID"] + "'><image src = 'CarImages/" + reader["Prod_Image"] + "' alt=" + reader["Prod_Name"] + "' height=60 width=80/></a></td>"
                    + "<td>" + reader["Prod_Make"] + "</td>"
                    + "<td>" + reader["Prod_Modle"] + "</td>"
                    + "<td>" + reader["Prod_Colour"] + "</td>"
                    + "<td>" + reader["Prod_Description"] + "</td>"
                    + "<td>" + reader["Prod_Price"] + "</td>";
                    if (Convert.ToBoolean(Session["Logged"]) && !cartList.Contains(reader["Prod_ID"]))
                        strTable += "<td><a href='Catalog.aspx?Prod_ID=" + reader["Prod_ID"] + "'><input type=button value='Interest!'></a></td>";
                    if (Convert.ToBoolean(Session["Logged"]) && (myList.Contains(reader["Prod_ID"]) || Convert.ToBoolean(Session["Admin"])))
                        strTable += "<td><a href='ProdEdit.aspx?Prod_ID=" + reader["Prod_ID"] + "'><input type=button value='Edit'></a></td>"
                            + "<td><a href='ProdRemove.aspx?Prod_ID=" + reader["Prod_ID"] + "'><input type=button value='Remove'></a></td>";
                    strTable += "</tr>";
                }
            }
            lit.Text =  strTable;
            connect.close();
        }
    }