private PricingSubscriber SubscriberPassswordCheck(string SubscriberName, string password) { PricingSubscriber DBUser = new PricingSubscriber(); try { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_Pricing_SubscriberAuth"; sqlParam = new SqlParameter("SubscriberName", SubscriberName); sqlCommandX.Parameters.Add(sqlParam); sqlDR = sqlCommandX.ExecuteReader(); while (sqlDR.Read()) { DBUser.SubscriberID = sqlDR.GetInt32(0); DBUser.Subscribername = sqlDR.GetString(1); DBUser.Password = sqlDR.GetString(2); } sqlDR.Close(); sqlCommandX.Cancel(); sqlCommandX.Dispose(); //Check the password is correct bool flag = VerifyHash(password, "SHA512", DBUser.Password); if (flag != true) { if (DBUser.Result != null) { DBUser.Result += "incorrect"; } else { DBUser.Result = "incorrect"; } } else { DBUser.Result = "Success"; DBUser.Password = ""; } } catch (Exception) { //mySubscriber.ResultMessage = ex.Message; } finally { sqlDR.Close(); sqlDR.Dispose(); sqlConnectionX.Close(); } return DBUser; }
protected void RadButtonSave_Click(object sender, EventArgs e) { //Save all the user details if (SubscriberID > 0) { #region "Update the user" try { string strPasswordHashed = string.Empty; string strMenuIDs = string.Empty; string strResult = string.Empty; PricingSubscriber _User = new PricingSubscriber(); if (panl_Changepassword.Visible == true) { _User = SubscriberPassswordCheck(RadTextBoxSubscriberName.Text.Trim(), RadTextBoxCurrentPassword.Text.Trim()); if (_User.Result == "Success") { if (RadTextBoxNewPassword.Text.Trim() == RadTextBoxConfirmPassword.Text.Trim()) { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); strPasswordHashed = ComputeHash(RadTextBoxNewPassword.Text.Trim(), "SHA512", null); #region "Values" string strSubscriberStatus = string.Empty; string strRisk = string.Empty; string strPremium = string.Empty; string strCover = string.Empty; if (CheckBoxStatus.Checked == true) { strSubscriberStatus = "1"; } else { strSubscriberStatus = "0"; } if (CheckBoxRisk.Checked == true) { strRisk = "T"; } else { strRisk = "F"; } if (CheckBoxPremium.Checked == true) { strPremium = "T"; } else { strPremium = "F"; } if (CheckBoxCover.Checked == true) { strCover = "T"; } else { strCover = "F"; } #endregion sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_UPDATE_Subscriber"; sqlParam = new SqlParameter("SubscriberID", SubscriberID); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Subscribername", RadTextBoxSubscriberName.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", strPasswordHashed); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("SubscriberCode", RadTextBoxSubscriberCode.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("SubscriberStatus", strSubscriberStatus); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnRisk", strRisk); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnPremium", strPremium); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnCover", strCover); sqlCommandX.Parameters.Add(sqlParam); sqlCommandX.ExecuteNonQuery(); //Close the window ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); } else { lblInfo.Text = "The new password does not match the confirmation password"; } } else { lblInfo.Text = "The current password you entered is not correct"; } } else { //Update the userwithout changing the password sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); #region "Values" string strSubscriberStatus = string.Empty; string strRisk = string.Empty; string strPremium = string.Empty; string strCover = string.Empty; if (CheckBoxStatus.Checked == true) { strSubscriberStatus = "1"; } else { strSubscriberStatus = "0"; } if (CheckBoxRisk.Checked == true) { strRisk = "T"; } else { strRisk = "F"; } if (CheckBoxPremium.Checked == true) { strPremium = "T"; } else { strPremium = "F"; } if (CheckBoxCover.Checked == true) { strCover = "T"; } else { strCover = "F"; } #endregion sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_UPDATE_Subscriber"; sqlParam = new SqlParameter("SubscriberID", SubscriberID); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Subscribername", RadTextBoxSubscriberName.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", ""); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("SubscriberCode", RadTextBoxSubscriberCode.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("SubscriberStatus", strSubscriberStatus); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnRisk", strRisk); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnPremium", strPremium); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnCover", strCover); sqlCommandX.Parameters.Add(sqlParam); sqlCommandX.ExecuteNonQuery(); //Close the window ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); } } catch (Exception ex) { lblInfo.Text = ex.Message; } finally { sqlConnectionX.Close(); } #endregion } else { #region "create the new Subscriber" try { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); string strPasswordHashed = string.Empty; string strResult = string.Empty; strPasswordHashed = ComputeHash(RadTextBoxNewPassword.Text.Trim(), "SHA512", null); #region "Values" string strSubscriberStatus = string.Empty; string strRisk = string.Empty; string strPremium = string.Empty; string strCover = string.Empty; if (CheckBoxStatus.Checked == true) { strSubscriberStatus = "1"; } else { strSubscriberStatus = "0"; } if (CheckBoxRisk.Checked == true) { strRisk = "T"; } else { strRisk = "F"; } if (CheckBoxPremium.Checked == true) { strPremium = "T"; } else { strPremium = "F"; } if (CheckBoxCover.Checked == true) { strCover = "T"; } else { strCover = "F"; } #endregion sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_UPDATE_Subscriber"; sqlParam = new SqlParameter("SubscriberID", SubscriberID); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Subscribername", RadTextBoxSubscriberName.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", strPasswordHashed); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("SubscriberCode", RadTextBoxSubscriberCode.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("SubscriberStatus", strSubscriberStatus); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnRisk", strRisk); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnPremium", strPremium); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("returnCover", strCover); sqlCommandX.Parameters.Add(sqlParam); SqlDataReader dr = sqlCommandX.ExecuteReader(); while (dr.Read()) { strResult = dr.GetString(0); } if (strResult == "Ok") { //Close the window ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); } else { lblInfo.Text = strResult; } } catch (Exception ex) { lblInfo.Text = ex.Message; } finally { sqlConnectionX.Close(); } #endregion } }