protected void btnRegister_Click(object sender, EventArgs e) { //get the user information from user input DetailUserInfo user = new DetailUserInfo(); user.Name = Request.Form["txtUserName"]; user.Password = Request.Form["txtPassword"]; user.Age = Convert.ToInt16(Request.Form["txtAge"]); user.Sex = Convert.ToInt16(Request.Form["ddlSex"]); user.Post = Request.Form["ddlPost"]; user.Department = Request.Form["ddlDepartment"]; user.UserGroup = GlobalSetting.SystemRoles.Normal; //register the user User userHandler = new User(); bool result = userHandler.register(user); if (result) { //Server.Transfer("~/login.aspx"); ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "error", "alert('Your registry is being processed, please wait.')", true); } else { ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "error", "alert('Duplicated user name')", true); } }
protected void btnLogin_Click(object sender, EventArgs e) { //register the user String userName = Request.Form["txtUserName"]; String password = Request.Form["txtPassword"]; User userHandler = new User(); DetailUserInfo userinfo = userHandler.login(userName, password); if (userinfo != null) { Session["LOGINID"] = userinfo.ID; Session["LOGINNAME"] = userName; Session["USERGROUP"] = userinfo.UserGroup;; if (!Request.UrlReferrer.LocalPath.ToLower().Contains("login.aspx") && !Request.UrlReferrer.LocalPath.ToLower().Contains("register.aspx")) { Response.Redirect(Request.UrlReferrer.AbsoluteUri); } //routing switch (userinfo.UserGroup) { case GlobalSetting.SystemRoles.Admin: Response.Redirect("~/Approve.aspx"); break; default: Response.Redirect("~/Home.aspx"); break; } } }
//register new user public Boolean register(DetailUserInfo userInfo) { dbAccess.open(); try { String sql = string.Format("select count(*) from [User] where name = '{0}'", userInfo.Name); System.Data.DataTable dt = dbAccess.select(sql); if (dt.Rows[0][0].ToString() != "0") { return(false); } //encrypt the password before save to database using (MD5 md5Hash = MD5.Create()) { userInfo.Password = GetMd5Hash(md5Hash, userInfo.Password); } //create database access object sql = string.Format("INSERT INTO [DetailUser] ([Name] ,[Password] ,[Age] ,[Sex] ,[Post] ,[Department], [Status], [RegisterDate],[UserGroup]) " + "VALUES ('{0}','{1}',{2},{3},'{4}','{5}', '{6}',getDate(),'{7}') ", userInfo.Name, userInfo.Password, userInfo.Age, userInfo.Sex, userInfo.Post, userInfo.Department, DetailUserInfo.UserStatus.Pending, userInfo.UserGroup); dbAccess.update(sql); } catch (Exception ex) { throw ex; } finally { dbAccess.close(); } return(true); }
//verify the user login public DetailUserInfo login(string userName, string password) { //encrypt the password before save to database using (MD5 md5Hash = MD5.Create()) { password = GetMd5Hash(md5Hash, password); } //create database access object String sql = string.Format("SELECT * FROM [DetailUser] where Name='{0}' and password = '******' and Status = 'Approved' ", userName, password); dbAccess.open(); try { System.Data.DataTable dt = dbAccess.select(sql); if (dt.Rows.Count > 0) { DetailUserInfo useInfo = new DetailUserInfo(); useInfo.ID = Convert.ToInt16(dt.Rows[0]["ID"]); useInfo.Name = dt.Rows[0]["Name"].ToString(); useInfo.Password = dt.Rows[0]["Password"].ToString(); useInfo.Age = dt.Rows[0]["Age"] == DBNull.Value ? (short)0 : Convert.ToInt16(dt.Rows[0]["Age"]); useInfo.Sex = Convert.ToInt16(dt.Rows[0]["Sex"]); useInfo.Post = dt.Rows[0]["Post"].ToString(); useInfo.Department = dt.Rows[0]["Department"].ToString(); useInfo.UserGroup = dt.Rows[0]["UserGroup"].ToString(); return(useInfo); } } catch (Exception ex) { throw ex; } finally { dbAccess.close(); } return(null); }