/* */ private void BindData() { //load detailed data for entry item string strSQL; string strUserId; //Get query strings for sql query string[] arString; arString = Request.QueryString.GetValues("q"); if (arString == null) { lblStatus.Text = "Sorry...Couldn't find that person."; return; } strUserId = HttpUtility.UrlDecode(arString[0].ToString()); hdnUserId.Value = strUserId; arString[0] = string.Empty; IDBManager dbManager = new DBManager(DataProvider.SqlServer); dbManager.ConnectionString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //query item and user details for entry strSQL = "SELECT u.txtFullName, u.txtUserName, u.profilePic, u.txtUserDetails, u.txtWebSite, u.txtEmail, u.txtPhonenum, u.userDir, u.iShowPhoneNum, u.notify_comment_flg from tblUser u WHERE iD='" + strUserId + "'"; try { dbManager.Open(); dbManager.ExecuteReader(CommandType.Text, strSQL); if (dbManager.DataReader.Read()) { lblFullName.Text = dbManager.DataReader["txtFullName"].ToString(); //Details lblDetailsData.Text = dbManager.DataReader["txtUserDetails"].ToString(); //Contact Session["Email"] = dbManager.DataReader["txtEmail"].ToString(); lnkEmailData.Text = ParseEmail(dbManager.DataReader["txtEmail"].ToString()); lnkEmailData.CommandArgument = dbManager.DataReader["txtEmail"].ToString(); lnkEmailData.Attributes.Add("href", "mailto:" + dbManager.DataReader["txtEmail"].ToString() + "?subject=Contact from Boardhunt"); hdnNotifyEmail.Value = dbManager.DataReader["notify_comment_flg"].ToString(); lblPhoneData.Text = dbManager.DataReader["txtPhoneNum"].ToString(); lblPhoneData.Visible = ShowPhone(dbManager.DataReader["iShowPhoneNum"]); lblDetailsData.Text = dbManager.DataReader["txtUserDetails"].ToString(); Pic1.ImageUrl = FormatPicPath(dbManager.DataReader["userDir"].ToString(), dbManager.DataReader["profilePic"].ToString()); string ratCnt = dbManager.DataReader["numRating"].ToString(); } else { lblStatus.Text = "Sorry...Couldn't find that person."; return; } } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "Profile:Page_Load:Msg: " + ex.Message); } finally { dbManager.Close(); dbManager.Dispose(); } }
/* */ protected void btnMore_Click(object sender, EventArgs e) { ErrorLog.ErrorRoutine(false, "Going to:" + "search_results.aspx?loc=all&iCat=" + hdniCat.Value + "&uId=" + hdnUserId.Value); Response.Redirect("search_results.aspx?loc=all&iCat=" + hdniCat.Value + "&uId=" + hdnUserId.Value, false); }
/* */ public void BindComments() { //load detailed data for entry item string strSQL; string myConnectString; //get connect string myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //query item and user details for entry strSQL = "SELECT tblUser.txtEmail, tblComments.* FROM tblUser INNER JOIN tblComments ON tblUser.Id = tblComments.userId WHERE tblComments.entryId = '" + hdnEId.Value + "'"; SqlConnection myConnection = new SqlConnection(myConnectString); //Declare Dataset DataSet dsItems = new DataSet(); //Set adapter and with connection handle SqlDataAdapter objAdapter = new SqlDataAdapter(strSQL, myConnection); try { //Fill DataSet objAdapter.Fill(dsItems, "tblComments"); //Get result count for paging int listCount = dsItems.Tables["tblComments"].Rows.Count; lblCommentCount.Text = listCount.ToString() + " Comment"; if (listCount != 1) { lblCommentCount.Text += "s"; } PagedDataSource objPds = new PagedDataSource(); objPds.DataSource = dsItems.Tables[0].DefaultView; //bind to DataList control dlCommentList.DataSource = objPds; //dlCommentList.DataSource = dsItems; dlCommentList.DataBind(); } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "Error in CommentList: " + ex.Message); } finally { myConnection.Close(); } if (Session["LoggedIn"].ToString() == "No") { pnlLoginMsg.Visible = true; } else { pnlCommentBox.Visible = true; } }
/* * Increment the PageViewCount for the entry. The value returned will be the display value */ //public string incPageViewCount(string cnt) //{ // string tmpURL = Request.Url.ToString(); // if (Session[tmpURL] != null) // { // return cnt; // } // string connStr, strSQL; // int retval; // retval = 0; // //get conn string // connStr = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; // //cnt and iPageViewCount should be equal - do we need to check? // if (Convert.ToInt32(cnt) < (int)1) // { // strSQL = "UPDATE tblEntry SET iPageViewCount = 1 WHERE iD = '" + Request.QueryString["iD"] + "'"; // } // else // { // strSQL = "UPDATE tblEntry SET iPageViewCount = iPageViewCount + 1 WHERE iD = '" + Request.QueryString["iD"] + "'"; // } // SqlConnection myConnection = new SqlConnection(connStr); // try // { // myConnection.Open(); // SqlCommand objCommand = new SqlCommand(strSQL, myConnection); // objCommand.ExecuteNonQuery(); // Session.Add(Request.Url.ToString(), Request.Url.ToString()); // retval = Convert.ToInt32(cnt) + 1; // } // catch (Exception ex) // { // ErrorLog.ErrorRoutine(false, "Error in PageViewCount processing: " + ex.Message ); // lblStatus.Text = "Error!"; // } // finally // { // //close // myConnection.Close(); // } // return (retval.ToString()); //} /* */ protected void btnLogin_Click(object sender, EventArgs e) { //Connect to DB String strSQL; String myConnectString; //Formulate connect string to DB myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //3. Formulate SQL strSQL = "SELECT * FROM tblUser WHERE txtEmail='" + txtUsername.Text + "'"; SqlConnection myConnection = new SqlConnection(myConnectString); try { SqlCommand objCommand = new SqlCommand(strSQL, myConnection); myConnection.Open(); SqlDataReader objReader = null; objReader = objCommand.ExecuteReader(); if (objReader.Read() == true) { string txtPass = objReader["txtPassword"].ToString(); bool bLoginSuccess = false; if (objReader["sashimi"].ToString() == "1") { //get hasher pointer BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher(); //get salt from db string saltVal = objReader["salt"].ToString(); //compute hash from user input byte[] tmpByte; tmpByte = pHash.getHash(saltVal, txtPassword.Text); string pwdToMatch = Convert.ToBase64String(tmpByte); //check for match if (pwdToMatch == txtPass) { bLoginSuccess = true; } } //old algorithm else { if (objReader["txtPassword"].ToString() == txtPassword.Text) { bLoginSuccess = true; } } //check password match if (bLoginSuccess) { // Successful login, save iD for user events while logged in Session["LoggedIn"] = "Yes"; Session["userId"] = objReader["iD"].ToString(); Session["EmailId"] = objReader["txtEmail"].ToString(); Session["acctType"] = objReader["iAcctType"].ToString(); pnlLoginMsg.Visible = false; pnlLogin.Visible = false; BindComments(); dlCommentList.Visible = true; pnlCommentBox.Visible = true; //Get text for login links lnkSignIn.Text = Global.SetLnkSignIn(); lnkSignUp.Text = Global.SetLnkSignUp(); } //login failed else { Response.Redirect("login.aspx"); } } else { //lblStatus.Text = "Incorrect Username"; } myConnection.Close(); } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "Failed Log-in from pnlLogin: " + ex.Message); } }
protected void Page_Load(object sender, System.EventArgs e) { String strSQL; String myConnectString; // Put user code to initialize the page here Global.AuthenticateUser(); Session["LoggedIn"] = "No"; lnkSignIn.Text = Global.SetLnkSignIn(); lnkSignUp.Text = Global.SetLnkSignUp(); if (!Page.IsPostBack) { // Put user code to initialize the page here ErrorLog.ErrorRoutine(false, "Registered EmailId: " + Session["EmailId"].ToString()); //Get DB connect string myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //***TODO: E-mail verfication & activation //***see contact us page strSQL = "Select * FROM tblUser WHERE txtEmail = '" + Session["EmailId"].ToString() + "'"; SqlConnection myConnection = new SqlConnection(myConnectString); string usersId = "unknown"; try { myConnection.Open(); SqlCommand objCommand = new SqlCommand(strSQL, myConnection); SqlDataReader objReader = null; objReader = objCommand.ExecuteReader(); if (objReader.Read()) { usersId = objReader["iD"].ToString(); //ErrorLog.ErrorRoutine(false, "userId:" + usersId); //Create dirs if (CreateUserDir(usersId)) { //set userID //Session["userId"] = usersId; //Session["LoggedIn"] = "Yes"; //Session["BlogFlg"] = "N"; //Session["LoggedIn"] = "No"; lblMessage.Text = "Your account has been created. An e-mail confirmation has been sent."; SendCongratEmail(); NotifyBHEmail(usersId); if (Session["ServiceId"] != null) { if (Session["ServiceId"].ToString() == "6" || Session["ServiceId"].ToString() == "7") //upgrade { classes.Login clsLogin = new classes.Login(); if (clsLogin.DoLogin(Session["EmailId"].ToString(), string.Empty, true, true)) { Session["LoggedIn"] = "Yes"; Response.Redirect("Pay/OrderForm.aspx", false); } } } else { Session["LoggedIn"] = "No"; Session["EmailId"] = null; Session["acctType"] = null; Session["pw"] = null; } } else { Session["LoggedIn"] = "No"; Session["EmailId"] = null; Session["acctType"] = null; Session["pw"] = null; ErrorLog.ErrorRoutine(false, "Error creating user dirs"); lblMessage.Text = "Registration Failed. Please close this browser and try again."; } } else { ErrorLog.ErrorRoutine(false, "RegisterFinish:PageLoad:Couldn't locate user."); classes.Email.SendErrorEmail("RegisterFinish:PageLoad:Couldn't locate user."); } } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "RegisterFinish:PageLoad: " + ex.Message); lblMessage.Text = "Registration Failed. Please close this browser and try again."; Session["LoggedIn"] = "No"; Session["EmailId"] = null; Session["pw"] = null; Session["acctType"] = null; } finally { myConnection.Close(); } } }