protected void btnRegister_Click(object sender, EventArgs e)
{
//if (IsPostBack)
//{
// return;
//}
if (Directory.Exists(Server.MapPath(@"Accounts\business\" + txtBusinessID.Text)))
{
alertlbl.Style.Remove("display");
lblsignUpBus.Text = "Sorry, the Business ID is already in use. Please log in with your email.";
return;
}
hashPass pass = new hashPass();
string salt = pass.generateSalt(10);
string hash = pass.generateHash(txtConfirmPassword.Text, salt);
String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
SqlCommand insert = new SqlCommand("INSERT into business values('" + txtBusinessID.Text + "','" + txtBusinessName.Text + "','" + txtFirstName.Text + "','" + txtLastName.Text + "','" + txtEmail.Text + "','" + txtAddress.Text + ", " + txtAddress2.Text + ", " + txtCity.Text + ", " + ddProvince.Text + ", " + txtPostalCode.Text + "','" + hash + "','" + salt + "')", con);
con.Open();
insert.ExecuteNonQuery();
string subPath = @"Accounts\business\"; // your code goes here
Directory.CreateDirectory(Server.MapPath(subPath + txtBusinessID.Text));
}
}
protected void btnUserRegister_Click(object sender, EventArgs e)
{
String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
SqlCommand cmd = new SqlCommand("SELECT email from users ", con);
con.Open();
//SqlDataAdapter sda = new SqlDataAdapter(cmd);
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
string database_email = reader.GetString(0);
if (database_email == txtUserEmail.Text)
{
alertlbl.Style.Remove("display");
lblsignUp.Text = "Sorry, the email is already in use. Please try again with a different Email.";
return;
}
}
reader.Close();
hashPass pass = new hashPass();
string salt = pass.generateSalt(10);
string hash = pass.generateHash(txtUserConfirmPassword.Text, salt);
SqlCommand insert = new SqlCommand("INSERT into users values('" + txtUserFirstName.Text + "','" + txtUserLastName.Text + "','" + txtUserEmail.Text + "','" + hash + "','" + salt + "')", con);
insert.ExecuteNonQuery();
insert.Dispose();
//SqlCommand cmd3 = new SqlCommand("SELECT TOP 1 user_id FROM users ORDER BY user_id DESC",con);
// SqlDataReader reader2 = cmd3.ExecuteReader();
// string ID = "";
// reader2.Read();
// ID = reader2.GetString(0);
//string subPath = @"Accounts\user\"+ID; // your code goes here
//Directory.CreateDirectory(Server.MapPath(subPath));
// return;
}
}
protected void btnEditBusiness_Click(object sender, EventArgs e)
{
hashPass pass = new hashPass();
string salt = pass.generateSalt(10);
string hash = pass.generateHash(txtConfirmPassword.Text, salt);
String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
string update = "UPDATE [business] SET [owner_Fname] = @FirstName, [business_name] = @Bname, [owner_Lname] = @LastName, [business_email] = @Email, [business_password] = @Password, [business_address] = @Address1, [business_salt] = @salt WHERE business_id = @id";
SqlCommand insert = new SqlCommand(update, con);
insert.Parameters.AddWithValue("@FirstName", txtFirstName.Text);
insert.Parameters.AddWithValue("@LastName", txtLastName.Text);
insert.Parameters.AddWithValue("@Email", txtEmail.Text);
insert.Parameters.AddWithValue("@Address1", txtAddress.Text + ", " + txtAddress2.Text + ", " + txtCity.Text + " ," + txtPostalCode.Text + ", " + ddProvince.Text);
insert.Parameters.AddWithValue("@Password", hash);
insert.Parameters.AddWithValue("@salt", salt);
insert.Parameters.AddWithValue("@Bname", txtBusinessName.Text);
insert.Parameters.AddWithValue("@id", Convert.ToInt32(Session["USERID"].ToString()));
con.Open();
insert.ExecuteNonQuery();
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
String CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
DataTable userData = new DataTable();
DataTable businessData = new DataTable();
SqlDataAdapter userAdapter;
SqlDataAdapter businessAdapter;
hashPass hash = new hashPass();
using (SqlConnection con = new SqlConnection(CS))
{
SqlCommand cmd = new SqlCommand("SELECT * from users where email = @email", con);
cmd.Parameters.AddWithValue("email", txtEmailLogin.Text); // adds the entered email to the query
con.Open();
userAdapter = new SqlDataAdapter(cmd);
userAdapter.Fill(userData); // fills the datatable with query result retrived from SQL
if (userData.Rows.Count == 1)
{
string pass = userData.Rows[0]["user_password"].ToString();
string salt = userData.Rows[0]["user_salt"].ToString();
string enteredPass_HashedWithSalt = hash.generateHash(txtEnterPass.Text, salt);
if (pass == enteredPass_HashedWithSalt) // if the password matches with their
{
Session["USERID"] = userData.Rows[0]["user_id"].ToString();
Response.Redirect("index.aspx");
return;
}
else
{
lblLogin.Text = "Incorrect Email/Password Combination";
alertlbl.Style.Remove("display");
return;
}
}
//----------------------------CHECKING FROM THE BUSINESS TABLE-------------------------------------
SqlCommand cmd2 = new SqlCommand("SELECT * from business where business_email = @email", con);
cmd2.Parameters.AddWithValue("email", txtEmailLogin.Text);
businessAdapter = new SqlDataAdapter(cmd2);
businessAdapter.Fill(businessData);
if (businessData.Rows.Count == 1)
{
string pass = businessData.Rows[0]["business_password"].ToString();
string salt = businessData.Rows[0]["business_salt"].ToString();
string enteredPassword_HashedWithSalt = hash.generateHash(txtEnterPass.Text, salt);
if (pass == enteredPassword_HashedWithSalt)
{
Session["USERID"] = businessData.Rows[0]["business_id"];
Session["isBusiness"] = "true";
Server.Transfer("index.aspx");
return;
}
else
{
lblLogin.Text = "Incorrect Email/Password Combination";
alertlbl.Style.Remove("display");
return;
}
}
lblLogin.Text = "Email not found. Did you register?";
alertlbl.Style.Remove("display");
return;
}
}
