protected void btn_create_Click(object sender, EventArgs e)
{
Service1Client client = new DBServiceReference.Service1Client();
if (Session["draft_edit"] != null)
{
var id = Session["draft_id"].ToString();
client.DeleteTrail(id);
}
string title = tb_title.Text;
var month = dd_month.SelectedValue;
var year = tb_year.Text;
var datestr = year + month;
DateTime date = Convert.ToDateTime(datestr);
string description = tb_description.Text;
string gem1 = lb_gem1_listing.Text;
string gem2 = lb_gem2_listing.Text;
string gem3 = lb_gem3_lisitng.Text;
string banner = title;
string trailid = month + year + "trail";
string status = "upcoming";
int result = client.CreateTrail(trailid, title, date, description, gem1, gem2, gem3, banner, status);
Session["draft_edit"] = false;
Session.Remove("draft_id");
Response.Redirect("Staff_Ongoing_Trails.aspx");
}
protected void CheckAccount(string email, string pw)
{
ValidateInput();
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var user = client.GetAccountByEmail(email); //get this from Service1.cs
if (user == null)
{
lb_error.Text = "User not found, please try again";
}
//else if(pw != user.pw)
else if (pw == null)
{
lb_error.Text = "Pw is incorrect";
}
else
{
Session["email"] = email;
//create GUID and save into the session, a unique value that is hard to guess
string guid = Guid.NewGuid().ToString();
Session["AuthToken"] = guid; // save to the new session variable called auth token
//create a new cookie with guid value
Response.Cookies.Add(new HttpCookie("AuthToken", guid));
Response.Redirect("Partner_Own_Account_Details.aspx", false);
}
}
protected void Page_Load(object sender, EventArgs e)
{
gemid = Request.QueryString["gemId"];
if (gemid != null)
{
this.Session["gem_id"] = gemid;
lbl_gemId.Text = gemid;
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
System.Diagnostics.Debug.WriteLine(gemid);
var gems = client.GetGemById(Convert.ToInt32(gemid));
System.Diagnostics.Debug.WriteLine(gems.ToString());
gem_title.Text = gems.Title;
gem_desc.Text = gems.Description;
gem_image.Attributes["src"] = "/Images/Gem/" + gems.Image;
gemadd = gems.Location;
}
else
{
Response.Redirect("Gem_Catalogue.aspx");
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null)
{
if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
Response.Redirect("User_Login.aspx", false);
}
else
{
review_date.Text = DateTime.Now.ToString();
user = (string)Session["email"];
gemid = Request.QueryString["gem"]; // retrieve from gem id listing
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var gems = client.GetGemById(Convert.ToInt32(gemid));
gemtitle = gems.Title;
gem_image.Attributes["src"] = "/Images/Gem/" + gems.Image;
}
}
else
{
Response.Redirect("User_Login.aspx", false);
}
//user = (string)Session["email"];
//gem_id = (string)Request.QueryString["post"]; // id retrieve from gem listing
}
protected void btn_submit_review_Click(object sender, EventArgs e)
{
int rating = 0;
if (String.IsNullOrEmpty(lbl_rating_score.Text))
{
rating = 0;
}
else
{
rating = Convert.ToInt32(lbl_rating_score.Text);
}
string status = "Pending";
string description = tb_desc.Text;
string gem_id = gemid;
string gem_title = gemtitle;
string author = user;
Service1Client client = new DBServiceReference.Service1Client();
int result = client.CreateReview(status, gem_id, gem_title, author, rating, description);
lbl_msg.Text = "Review submitted successfully , Your review is on its way to our staff. Thank you!";
tb_desc.Text = "";
Rating_1.ImageUrl = "~/Test_Image/Star.png";
Rating_2.ImageUrl = "~/Test_Image/Star.png";
Rating_3.ImageUrl = "~/Test_Image/Star.png";
Rating_4.ImageUrl = "~/Test_Image/Star.png";
Rating_5.ImageUrl = "~/Test_Image/Star.png";
}
protected void btn_delete_Click(object sender, EventArgs e)
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
client.DeleteGem(Convert.ToInt32(gemid));
Response.Redirect("Partner_Gem_List.aspx");
}
protected void btn_Create_Click(object sender, EventArgs e)
{
string email = user_email_tb.Text;
string fname = user_fname_tb.Text;
string lname = user_lname_tb.Text;
string pwsalt;
string pwhash;
if (ValidateInput() == true)
{
//string pwd = get value from your Textbox
string pwd = user_password_tb.Text.ToString().Trim();;
//Generate random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
//Fills array of bytes with a cryptographically strong sequence of random values.
rng.GetBytes(saltByte);
pwsalt = Convert.ToBase64String(saltByte);
SHA512Managed hashing = new SHA512Managed();
string pwdWithSalt = pwd + pwsalt;
byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwd));
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
pwhash = Convert.ToBase64String(hashWithSalt);
RijndaelManaged cipher = new RijndaelManaged();
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
int result = client.CreateAccount(email, pwhash, pwsalt, "User", fname, lname, DateTime.Now, "90098008", "711111", "Blk 123 NYP", "default.jpg", null, null);
lbMsg.Text = "Successfully Registered";
lbMsg.ForeColor = Color.Green;
lbMsg.Visible = true;
}
}
protected void btn_addListing_Click(object sender, EventArgs e)
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
string title = dd_gem.SelectedValue;
Gem x = client.GetGemByTitle(title);
string pc = x.Partner.ToString();
string type = x.Type.ToString();
if (lb_gem1_listing.Text == "-")
{
lb_gem1_listing.Text = title;
lb_gem1_pc.Text = pc;
lb_gem1_type.Text = type;
}
else if (lb_gem2_listing.Text == "-")
{
lb_gem2_listing.Text = title;
lb_gem2_pc.Text = pc;
lb_gem2_type.Text = type;
}
else if (lb_gem3_pc.Text == "-")
{
lb_gem3_lisitng.Text = title;
lb_gem3_pc.Text = pc;
lb_gem3_type.Text = type;
}
else
{
lb_adderror.Text = "Max Listings Have Been Reached";
lb_adderror.ForeColor = System.Drawing.Color.Red;
}
}
protected void resetpw_btn_Click(object sender, EventArgs e)
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var user = client.GetAccountByEmail(Request.QueryString["email"]);
client.StaffResetPassword(user.Email);
resetpw_lb.Text = "Password has been reset to DOB or Date of Establishment (dd/MM) + Postal Code. E.g. 12/03539591";
}
protected void disapprove_btn_Click(object sender, EventArgs e)
{
// updates status of gems to 'Disapproved'
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
client.UpdateGemStatus(Convert.ToInt32(Request.QueryString["id"]), "Rejected");
Response.Redirect("Staff_Gems_Table.aspx");
}
protected void approve_btn_Click(object sender, EventArgs e)
{
// updates status of the review to 'Approved'
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
client.UpdateReviewStatus(Convert.ToInt32(Request.QueryString["id"]), "Approved");
Response.Redirect("Staff_Reviews_Table.aspx");
}
protected void Page_Load(object sender, EventArgs e)
{
if (!String.IsNullOrEmpty(Request.QueryString["email"]))
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var user = client.GetAccountByEmail(Request.QueryString["email"]);
lb_pc_email.Text = user.Email;
lb_pc.Text = user.First_Name;
}
}
private void RefreshGridView()
{
List <Trail> eList = new List <Trail>();
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
eList = client.GetAllTrails().ToList <Trail>();
// using gridview to bind to the list of employee objects
GridView1.Visible = true;
GridView1.DataSource = eList;
GridView1.DataBind();
}
protected void gvMyreview_SelectedIndexChanged(object sender, EventArgs e)
{
//delete review
int index = gvMyreview.SelectedIndex;
string id = gvMyreview.DataKeys[index].Value.ToString();
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
client.DeleteReview(Convert.ToInt32(id));
Response.Redirect(Request.RawUrl);
}
protected void Page_Load(object sender, EventArgs e)
{
if (Page.IsPostBack == false)
{
if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) //checks for normal session, the new session "AuthToken" and new cookie
{
//String authToken = Session["AuthToken"].ToString();
//String cookie = Request.Cookies["AuthToken"].Value;
//if (!authToken.Equals(cookie))
//comes here when the 3 conditions above is not null and checks if they match
if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
Response.Redirect("User_Login.aspx", false);
}
else
{
email = (string)Session["email"];
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
Account userObj = client.GetAccountByEmail(email);
if (userObj != null)
{
displayfname_lbl.Text = userObj.First_Name;
displaylname_lbl.Text = userObj.Last_Name;
displayemail_lbl.Text = userObj.Email;
displaydob_lbl.Text = userObj.Dob.ToString("dd/MM/yyyy");
displayphone_tb.Text = userObj.Hp;
displayaddress1_tb.Text = userObj.Address;
displayaddress2_tb.Text = userObj.Address;
displaypostalcode_tb.Text = userObj.Postal_Code;
displaypoints_lbl.Text = userObj.Diamonds.ToString();
//Session["email"] = userObj.Email;
}
else
{
displayfname_lbl.Text = String.Empty;
displaylname_lbl.Text = String.Empty;
displayemail_lbl.Text = String.Empty;
displaydob_lbl.Text = String.Empty;
displayaddress1_tb.Text = String.Empty;
displayaddress2_tb.Text = String.Empty;
displaypostalcode_tb.Text = String.Empty;
displaypoints_lbl.Text = String.Empty;
}
}
}
else
{
Response.Redirect("User_Login.aspx", false);
}
}
}
protected void btn_Update_Click(object sender, EventArgs e)
{
email = (string)Session["email"];
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
string address = displayaddress1_tb.Text + displayaddress2_tb.Text;
string hp = displayphone_tb.Text;
string postal = displaypostalcode_tb.Text;
client.UpdateUserProfile(email, hp, address, postal);
lblMsg.Text = "Successfully Updated";
lblMsg.ForeColor = Color.Green;
lblMsg.Visible = true;
}
protected void CheckAccount(string email, string pw)
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
//var user = client.GetAccountByEmail(email); //get this from Service1.cs
Account userObj = client.GetAccountByEmail(email);
SHA512Managed hashing = new SHA512Managed();
//string dbHash = userObj.Password;
string dbSalt = userObj.Password_Salt;
if (userObj != null)
{
//if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0)
//{
//string pwdWithSalt = pw + dbSalt;
//byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
//string userHash = Convert.ToBase64String(hashWithSalt);
//SHA512Managed hashing = new SHA512Managed();
string pwdWithSalt = pw + dbSalt;
// byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(pw));
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
String pwhash = Convert.ToBase64String(hashWithSalt);
if (pwhash.Equals(userObj.Password))
{
Session["email"] = email;
//create GUID and save into the session, a unique value that is hard to guess
string guid = Guid.NewGuid().ToString();
Session["AuthToken"] = guid; // save to the new session variable called auth token
//create a new cookie with guid value
Response.Cookies.Add(new HttpCookie("AuthToken", guid));
Response.Redirect("User_Home.aspx");
}
//}
else
{
lblMsg2.Text = "User or password is invalid, please try again";
lblMsg2.ForeColor = Color.Red;
};
}
else
{
lblMsg2.Text = "Pw is incorrect";
lblMsg2.ForeColor = Color.Red;
}
}
protected void displayPartnerProfile(string userid)
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var partner = client.GetAccountByEmail(Session["email"].ToString());
profile_img.Attributes["src"] = "/Images/Profile_Pictures/" + partner.Profile_Picture;
email_lb.Text = partner.Email;
fname_lb.Text = partner.First_Name;
lname_lb.Text = partner.Last_Name;
dob_lb.Text = partner.Dob.ToString("dd/MM/yyyy");
hp_lb.Text = partner.Hp;
postal_lb.Text = partner.Postal_Code;
address_lb.Text = partner.Address;
created_lb.Text = partner.Account_Created.ToString();
}
protected void btn_submit_report_Click(object sender, EventArgs e)
{
DateTime date_reported = DateTime.Now;
string post = lbl_id.Text;
string type = type_type;
string reported_by = userid;
string reason = ddl_reason.SelectedValue;
string remarks = tb_remark.Text;
string status = "Unresolved";
Service1Client client = new DBServiceReference.Service1Client();
int result = client.CreateReport(date_reported, post, type, reported_by, reason, remarks, status);
lbl_msg.Text = "Report successfully submitted, we will resolve it soon.";
}
protected void Page_Load(object sender, EventArgs e)
{
//if (Session["email"] != null)
//{
// email = (string)Session["email"];
string email = string.Empty;
//}
if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) //checks for normal session, the new session "AuthToken" and new cookie
{
//String authToken = Session["AuthToken"].ToString();
//String cookie = Request.Cookies["AuthToken"].Value;
//if (!authToken.Equals(cookie))
//comes here when the 3 conditions above is not null and checks if they match
if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
Response.Redirect("User_Login.aspx", false);
}
else
{
//ValidateUser(email);
//string message = "Simple MessageBox";
//string title = "Title";
//MessageBox.Show(message, title);
email = (string)Session["email"];
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
Account userObj = client.GetAccountByEmail(email);
//string email = userObj.Email;
if (userObj != null)
{
Label1.Text = "Welcome " + userObj.First_Name;
}
else
{
Label1.Text = "Welcome User";
}
}
}
else
{
Response.Redirect("User_Login.aspx", false);
}
}
protected void btn_submit_Click(object sender, EventArgs e)
{
if (tb_title.Text != null && tb_description.Text != null && tb_location.Text != null)
{
string title = tb_title.Text;
string description = tb_description.Text;
string type = rb_type.SelectedValue;
string partner = lb_pc.Text;
string partner_email = lb_pc_email.Text;
string location = tb_location.Text;
DateTime?date = null;
if (type == "Activity")
{
date = Convert.ToDateTime(tb_date.Text);
}
Service1Client client = new DBServiceReference.Service1Client();
if (tb_title.Text is null)
{
lb_uploadstatus.Text = "Gem title must be entered before banner upload can be attempted";
lb_uploadstatus.ForeColor = System.Drawing.Color.Red;
}
else
{
if (ImageUpload.HasFile)
{
var filename = tb_title.Text + System.IO.Path.GetExtension(Server.HtmlEncode(ImageUpload.FileName));
ImageUpload.SaveAs(Request.PhysicalApplicationPath + "/Images/Gem/" + filename);
lb_uploadstatus.Text = "File Successfully Uploaded";
lb_uploadstatus.ForeColor = System.Drawing.Color.Green;
string image = filename;
int result = client.CreateGem(partner_email, title, description, type, location, date, "Pending", 0, partner, image);
}
else
{
lb_uploadstatus.Text = "Please Select Your File";
lb_uploadstatus.ForeColor = System.Drawing.Color.Red;
}
}
}
Response.Redirect("Partner_Gem_List.aspx");
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["LoggedIn"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null)
{
if (Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var user = client.GetAccountByEmail(Session["LoggedIn"].ToString());
}
else
{
Response.Redirect("Staff_Login.aspx");
}
}
else
{
Response.Redirect("Staff_Login.aspx");
}
}
protected void submit_btn_Click(object sender, EventArgs e)
{
string email = partner_email_tb.Text;
string fname = partner_fn_tb.Text;
string lname = "";
string hp = partner_hp_tb.Text;
string address = partner_address_tb.Text;
string postal = partner_postalcode_tb.Text;
if (email != null && fname != null && hp != null && address != null && postal != null)
{
string pw = fname.Substring(0, 1) + hp;
var extension = System.IO.Path.GetExtension(Server.HtmlEncode(picture_file.FileName));
var filename = fname + hp.Substring(4, 4) + extension;
picture_file.SaveAs(Request.PhysicalApplicationPath + "/Images/Profile_Pictures/" + filename);
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
int result = client.CreateAccount(email, pw, "salt", "Partner", fname, lname, DateTime.Now, hp, postal, address, filename, null, null);
Response.Redirect("Staff_Accounts_List.aspx");
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null)
{
if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
Response.Redirect("Partner_Login.aspx", false);
}
else
{
email = Session["email"].ToString();
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var partner = client.GetAccountByEmail(Session["email"].ToString());
lb_Company.Text = partner.First_Name;
}
}
else
{
Response.Redirect("Partner_Login.aspx", false);
}
}
protected void btn_savedraft_Click(object sender, EventArgs e)
{
bool validInput = ValidateInput();
if (validInput)
{
string title = tb_title.Text;
var month = dd_month.SelectedValue;
var year = tb_year.Text;
var datestr = "1 " + month + " " + year;
DateTime date = Convert.ToDateTime(datestr);
string description = tb_description.Text;
if (description == "")
{
description = "none";
}
string gem1 = lb_gem1_listing.Text;
string gem2 = lb_gem2_listing.Text;
string gem3 = lb_gem3_lisitng.Text;
string banner = title;
string trailid = month + year + "trail";
string status = "draft";
Service1Client client = new DBServiceReference.Service1Client();
int result;
if (Session["draft_edit"] != null)
{
result = client.UpdateTrail(trailid, title, date, description, gem1, gem2, gem3, banner, status);
}
else
{
result = client.CreateTrail(trailid, title, date, description, gem1, gem2, gem3, banner, status);
}
Session.Remove("draft_id");
Session.Remove("draft_edit");
Response.Redirect("Staff_Draft_Trails.aspx");
}
}
protected void btn_submit_Click(object sender, EventArgs e)
{
string name = tb_name.Text;
string description = tb_description.Text;
string type = rb_type.SelectedValue.ToString();
string partner = lb_pc.Text;
string partner_email = lb_pc_email.Text;
int value = int.Parse(tb_price.Text);
Service1Client client = new DBServiceReference.Service1Client();
if (tb_name.Text is null)
{
lb_uploadstatus.Text = "Gem title must be entered before banner upload can be attempted";
lb_uploadstatus.ForeColor = System.Drawing.Color.Red;
}
else
{
if (ImageUpload.HasFile)
{
var filename = tb_name.Text + System.IO.Path.GetExtension(Server.HtmlEncode(ImageUpload.FileName));
ImageUpload.SaveAs(Request.PhysicalApplicationPath + "/Images/Point_Shop_Items/" + filename);
lb_uploadstatus.Text = "File Successfully Uploaded";
lb_uploadstatus.ForeColor = System.Drawing.Color.Green;
string image = filename;
int result = client.CreatePointShopItem(name, partner, partner_email, description, value, image, type);
}
else
{
lb_uploadstatus.Text = "Please Select Your File";
lb_uploadstatus.ForeColor = System.Drawing.Color.Red;
}
}
Response.Redirect("Partner_Point_Shop_Item_List.aspx");
}
protected void Page_Load(object sender, EventArgs e)
{
gemid = Request.QueryString["gemId"];
if (gemid != null)
{
this.Session["gem_id"] = gemid;
lbl_gemId.Text = gemid;
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var gems = client.GetGemById(Convert.ToInt32(gemid));
gem_title.Text = gems.Title;
gem_desc.Text = gems.Description;
gem_image.Attributes["src"] = "/Images/Gem/" + gems.Image;
gem_add.Text = "Address : " + gems.Location;
gem_company.Text = gems.Partner;
}
else
{
Response.Redirect("Partner_Gem_List.aspx");
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Page.IsPostBack == false)
{
if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) //checks for normal session, the new session "AuthToken" and new cookie
{
//String authToken = Session["AuthToken"].ToString();
//String cookie = Request.Cookies["AuthToken"].Value;
//if (!authToken.Equals(cookie))
//comes here when the 3 conditions above is not null and checks if they match
if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
Response.Redirect("User_Login.aspx", false);
}
else
{
email = (string)Session["email"];
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var userObj = client.GetAccountByEmail(email);
if (userObj != null)
{
lb_points.Text = "Your points: " + userObj.Diamonds.ToString();
}
else
{
lb_points.Text = "Your points: 0";
}
}
}
else
{
Response.Redirect("User_Login.aspx", false);
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Session["LoggedIn"] != null && Session["Role"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null)
{
if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
Response.Redirect("Staff_Login.aspx");
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["AuthToken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
}
else
{
if (Session["Role"].ToString() == "Staff")
{
// on page load codes here
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var gem = client.GetGemById(Convert.ToInt32(Request.QueryString["id"]));
gem_img.Attributes["src"] = "/Images/Gem/" + gem.Image;
title_lb.Text = gem.Title;
status_lb.Text = gem.Status;
id_lb.Text = gem.Gem_Id.ToString();
// adds anchor tags/hyperlinks to the following text
partner_lb.Text = "<a style='color: black; text-decoration: underline;' target='_blank' href='Staff_Account_Details.aspx?email=" + gem.Partner_Email + "'>" + gem.Partner + "</a>";
type_lb.Text = gem.Type;
date_lb.Text = gem.Date == null ? null : Convert.ToDateTime(gem.Date).ToString("dd/MM/yyyy");
location_lb.Text = gem.Location;
description_lb.Text = gem.Description;
// checks if the gem has been dealt with
if (gem.Status == "Approved" || gem.Status == "Rejected")
{
approve_btn.Visible = false;
disapprove_btn.Visible = false;
}
}
else
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
Response.Redirect("Staff_Login.aspx");
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["AuthToken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
}
}
}
else
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
Response.Redirect("Staff_Login.aspx");
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["AuthToken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
}
}
protected void Button1_Click(object sender, EventArgs e) // on login
{
DBServiceReference.Service1Client client = new DBServiceReference.Service1Client();
var user = client.GetAccountByEmail(email_tb.Text.Trim()); // gets staff account
var pass = true;
if (user == null) // if staff doesnt exist
{
error_lb.Text = "Invalid credentials"; // generic error message to prevent brute forcing
pass = false;
}
else
{
var suspended = client.CheckSuspended(user.Email); // retuns boolean, checks if staff account is suspended
if (suspended)
{
int span = 30 - Convert.ToInt16(DateTime.Now.Subtract(Convert.ToDateTime(user.Locked_Since)).TotalMinutes);
error_lb.Text = "Your account has been locked. Please wait " + span + " minutes before trying again."; // error message updates staff on the duration their account is locked for
pass = false;
}
else // if not suspended, check password
{
string salt = user.Password_Salt;
// initializing hashing thingy
SHA512Managed hashing = new SHA512Managed();
// salting plaintext and hashing after
string saltedpw = password_tb.Text.Trim() + salt;
string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw)));
if (hashedpw == user.Password) // if password is correct
{
client.CheckAttempts(user.Email, true);
pass = true;
}
else // if password is incorrect, reduce attempts left by 1
{
client.CheckAttempts(user.Email, false);
error_lb.Text = "Invalid credentials"; // generic error message to prevent brute forcing
pass = false;
}
}
}
if (!ValidateCaptcha()) // in the even that the captcha detects that the user is a bot
{
error_lb.Text = error_lb.Text + "Something went wrong, please refresh and try again.";
pass = false;
}
if (pass)
{
// log in
Session["LoggedIn"] = user.Email;
Session["Role"] = user.Type; // sets user role as a session variable for future checks
string guid = Guid.NewGuid().ToString();
Session["AuthToken"] = guid;
Response.Cookies.Add(new HttpCookie("AuthToken", guid));
client.UpdateLastLogin(user.Email);
Response.Redirect("Staff_Home.aspx");
}
}
