Пример #1
    /// <summary>
    /// When the page loads first the page checks if the user is logged in, and is redirected to the login page if not.
    /// Then the method checks if the user has has proper authentication (Master Administrator role) to access this page.
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void Page_Load(object sender, EventArgs e)
        if (Session["securityID"] == null) // Redirect Administrator to login if not logged in
        else if ((int)Session["securityID"] != 2) // Return HTTP Code 403 if not Master Administrator
            Context.Response.StatusCode = 403;
            if (String.IsNullOrEmpty(Request.QueryString["id"])) // If the query string is empty or null; redirect Administrator to EditUserSearch web page
                // Hide all messages
                SuccessMessage.Visible = false;
                FailedMessage.Visible  = false;
                int id;
                // Try to parse the query string to an integer
                if (int.TryParse(Request.QueryString["id"].ToString(), out id))
                    // Assign query string
                    id = int.Parse(Request.QueryString["id"].ToString());
                    if (!IsPostBack)
                        AdministratorAccountController sysmgr = new AdministratorAccountController();
                        // Get Administrator Account Information passing in the ID
                        AdministratorAccountPOCO info = sysmgr.GetAdministratorInformation(id);

                        if (info == null)
                            // Populate user information fields
                            UserNameTextBox.Text           = info.username;
                            FirstNameTextBox.Text          = info.firstName;
                            LastNameTextBox.Text           = info.lastName;
                            SecurityLevelDDL.SelectedValue = info.roleId.ToString();
                            DeactivateCheckBox.Checked     = info.archivedBool;
                // If the query string cannot be converted to an integer; redirect the Administrator to the EditUserSearch web page
Пример #2
    /// <summary>
    /// This method is used when the individual clicks the Login button
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void LoginButton_Click(object sender, EventArgs e)
        // Validate the page

        // If the page did not validate; display a message to the individual
        if (!IsValid)
            DisplayMessage("Username and password is required.");
        // If the page did validate
            // Assign the variables to be used
            string username = UsernameTextBox.Text.Trim().ToLower();
            string password = PasswordTextBox.Text;

            AdministratorAccountController sysmgr = new AdministratorAccountController();
            // If the Administrator username is not active
            if (!sysmgr.AdministratorAccountIsActive(username))
                DisplayMessage("You are currently deactivated. Please contact a Master Administrator.");
                // Validate if the login credentials exist
                bool isValid = sysmgr.VerifyLogin(username, password);
                if (isValid)
                    // If valid store userID, username, and securityID in sessions
                    AdministratorRoleController roleController = new AdministratorRoleController();
                    Session["username"] = username.ToLower();
                    int userID = sysmgr.GetAdministratorAccountID(username);
                    Session["adminID"]    = userID;
                    Session["securityID"] = roleController.GetAdministratorRole(userID).security_role_id;
                    // Redirect individual to the Administrator home page
                // If login credentials are not valid; display message to the individual
                    DisplayMessage("Invalid username or password");
Пример #3
    /// <summary>
    /// This method is used when the Administrator clicks the Create button.
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void CreateButton_Click(object sender, EventArgs e)
        // Validate the page
        if (!IsValid) // If the page did not validate
            // Show validation summary
            ValidationSummary.Visible = true;
            // Hide success message
            SuccessMessage.Visible = false;
        else // If the page did validate
            // Assign required variables that will be used as parameters
            string firstName      = FirstNameTextBox.Text.Trim();
            string lastName       = LastNameTextBox.Text.Trim();
            string password       = PasswordTextBox.Text;
            int    selectedRoleId = Convert.ToInt32(SecurityLevelDDL.SelectedItem.Value);

            // Take the first letter from the First Name, and combine it with the Last Name
            // Replace any last name that has a '-' with an empty string ('')
            string concatName = FirstNameTextBox.Text[0] + lastName.Replace("-", "").Replace(" ", "").Replace("'", "");

            // Add the new Administrator Account
            AdministratorAccountController sysmgr = new AdministratorAccountController();
            string newUser = sysmgr.AddAdministratorAccount(concatName.ToLower(), password, firstName, lastName, selectedRoleId);

            // Display the success message
            SuccessMessage.Visible = true;
            string successHeader = "<span><i class='fas fa-check-circle'></i> Success</span><br/ >";
            SuccessMessage.Text = successHeader + "Successfully added: " + newUser;

            // Clear all the text box fields
Пример #4
    /// <summary>
    /// This method is used when the Administrator clicks the Update button.
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void UpdateButton_Click(object sender, EventArgs e)
        // If the query string equals the currently logged in Administrator ID and the Administrator wants to deactive their own account
        // Alert the Administrator with a message
        if (Convert.ToInt32(Request.QueryString["id"]).Equals(Convert.ToInt32(Session["adminID"])) && DeactivateCheckBox.Checked)
            DisplayFailedMessage("You cannot Deactivate your own account.");
            DeactivateCheckBox.Checked = false;
        // Else if an Administrator tries to deactivate the webmaster
        // Alert the Administrator with a message
        else if (UserNameTextBox.Text.Equals("webmaster") && DeactivateCheckBox.Checked)
            DisplayFailedMessage("You cannot Deactivate the webmaster account.");
            DeactivateCheckBox.Checked = false;
        // Else if the Administrator tries to change the webmaster's security level
        // Alert the Administrator with a message
        else if (UserNameTextBox.Text.Equals("webmaster") && SecurityLevelDDL.SelectedValue.Equals("1"))
            DisplayFailedMessage("You cannot set the webmaster account as Standard Administrator.");
            SecurityLevelDDL.SelectedValue = "2";
            // If the Password text box fields are empty
            // Run the overloaded update method that doesn't use the password parameter
            if (String.IsNullOrEmpty(ConfirmPasswordTextBox.Text) && String.IsNullOrEmpty(PasswordTextBox.Text))
                // Disable validation that checks for password input
                ConfirmPasswordRFV.Enabled = false;
                ConfirmPasswordCV.Enabled  = false;

                // Validate page
                if (IsValid)
                    // Update user excluding the password change
                    AdministratorAccountController sysmgr = new AdministratorAccountController();
                    string username    = UserNameTextBox.Text.Trim();
                    string firstname   = FirstNameTextBox.Text.Trim();
                    string lastname    = LastNameTextBox.Text.Trim();
                    bool   archive     = DeactivateCheckBox.Checked;
                    int    securityId  = int.Parse(SecurityLevelDDL.SelectedItem.Value);
                    string updatedUser = sysmgr.UpdateAdministratorAccount(username, firstname, lastname, archive, securityId);
                    DisplaySuccessMessage("Successfully updated: " + updatedUser);
            else /// Run the overloaded update method that uses the password parameter
                // Disable validation that checks for password input
                ConfirmPasswordRFV.Enabled = true;
                ConfirmPasswordCV.Enabled  = true;

                // Validate page
                if (IsValid)
                    // Update user including the password change
                    AdministratorAccountController sysmgr = new AdministratorAccountController();
                    string username    = UserNameTextBox.Text.Trim();
                    string password    = PasswordTextBox.Text;
                    string firstname   = FirstNameTextBox.Text.Trim();
                    string lastname    = LastNameTextBox.Text.Trim();
                    bool   archive     = DeactivateCheckBox.Checked;
                    int    securityId  = int.Parse(SecurityLevelDDL.SelectedItem.Value);
                    string updatedUser = sysmgr.UpdateAdministratorAccount(username, password, firstname, lastname, archive, securityId);
                    DisplaySuccessMessage("Successfully updated: " + updatedUser + "'s password");