private void addNewUserButton_Click(object sender, EventArgs e) { string username = SFGlobal.SqlCleanString(newUserName.Text); string password = Dury.SiteFoundry.Security.Cryptography.AsymmetricEncryption.ComputeHash(newUserPassword.Text, SFGlobal.EncryptionMethod, SFGlobal.EncryptionSalt); string fullname = SFGlobal.SqlCleanString(newUserFullName.Text); string email = SFGlobal.SqlCleanString(newUserEmail.Text); string sql = String.Format("INSERT INTO SecurityUsers (username,password,disabled,fullname,email,lastlogin,datecreated,datemodified) VALUES ('{0}','{1}',0, '{2}','{3}','{4}','{5}','{6}')", username, password, fullname, email, System.DateTime.Now, System.DateTime.Now, System.DateTime.Now); SFGlobal.DAL.execNonQuery(sql); int userID = (int)SFGlobal.DAL.execScalar("SELECT id FROM SecurityUsers WHERE username = '******'"); foreach (ListItem li in newUserRoles.Items) { if (li.Selected) { SFGlobal.DAL.execNonQuery("INSERT INTO SecurityUserRoles (userID,roleID) VALUES (" + userID.ToString() + "," + li.Value + ")"); } li.Selected = false; } newUserName.Text = ""; newUserPassword.Text = ""; newUserFullName.Text = ""; newUserEmail.Text = ""; userGridBind(); msg.Text = "user added"; }
protected void userGrid_Update(System.Object sender, System.Web.UI.WebControls.DataGridCommandEventArgs e) { int itemID = int.Parse(e.Item.Cells[0].Text); // insert user data string username = SFGlobal.SqlCleanString(((TextBox)e.Item.FindControl("username")).Text); string password = ((TextBox)e.Item.FindControl("password")).Text; string fullname = SFGlobal.SqlCleanString(((TextBox)e.Item.FindControl("fullname")).Text); string email = SFGlobal.SqlCleanString(((TextBox)e.Item.FindControl("email")).Text); string disabled = ((CheckBox)e.Item.FindControl("disabledCheck")).Checked ? "1" : "0"; if (password != null && password != "") { password = Dury.SiteFoundry.Security.Cryptography.AsymmetricEncryption.ComputeHash(password, SFGlobal.EncryptionMethod, SFGlobal.EncryptionSalt); SFGlobal.DAL.execNonQuery("UPDATE SecurityUsers SET username = '******'" + ", password='******', fullname='" + fullname + "', email='" + email + "' , disabled=" + disabled + " WHERE id = " + itemID.ToString()); } else { SFGlobal.DAL.execNonQuery("UPDATE SecurityUsers SET username = '******', fullname='" + fullname + "', email='" + email + "', disabled=" + disabled + " WHERE id = " + itemID.ToString()); } // insert roles ListBox cbx = (ListBox)e.Item.FindControl("rolesList"); SFGlobal.DAL.execNonQuery("DELETE FROM SecurityUserRoles WHERE userID = " + itemID.ToString()); foreach (ListItem li in cbx.Items) { if (li.Selected) { SFGlobal.DAL.execNonQuery("INSERT INTO SecurityUserRoles (userID,roleID) VALUES (" + itemID.ToString() + "," + li.Value + ")"); } } userGrid.EditItemIndex = -1; userGridBind(); SFGlobal.UpdateNodes(); msg.Text = "User: "******" updated ok"; }
private void addNewRole_Click(object sender, EventArgs e) { SFGlobal.DAL.execNonQuery("INSERT INTO SecurityRoles (name) VALUES ('" + SFGlobal.SqlCleanString(newRoleName.Text) + "')"); Response.Redirect(Request.RawUrl); }