protected void DeleteButton_Click(object sender, EventArgs e)
{
ImageButton btn = (ImageButton)sender;
string commandArgument = btn.CommandArgument;
int a = Convert.ToInt32(commandArgument);
string cnnString = db.getConnectionString();
MySqlConnection con = new MySqlConnection(cnnString);
MySqlCommand com = new MySqlCommand("Delete from Report where reportId=@a", con);
con.Open();
com.Parameters.AddWithValue("@a", a);
com.ExecuteNonQuery();
con.Close();
GetReport();
}
public string retrievePassword()
{
DBController db = new DBController();
string connectionString = db.getConnectionString();
string password = null;
string Query = "SELECT * FROM password";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
MySqlDataReader dr = cmd.ExecuteReader();
try
{
if (dr.Read() == true)
{
password = dr["password"].ToString();
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
return(password);
}
private int retrieveActivationCount(int id)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "SELECT * FROM verifications WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
MySqlDataReader dr = cmd.ExecuteReader();
int count = 0;
try
{
while (dr.Read() == true)
{
count = (int)dr["activationCount"];
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
return(count);
}
private string retrieveEmail(int id)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "SELECT * FROM users WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
MySqlDataReader dr = cmd.ExecuteReader();
string email = "";
try
{
while (dr.Read() == true)
{
email = dr["email"].ToString();
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
return(email);
}
protected void Page_Load(object sender, EventArgs e)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
if (Session["login"] != null)
{
ClientScript.RegisterStartupScript(this.GetType(), "Alert", "alert('Please proceed to login');", true);
}
}
private void insertEmailCodeCount(int id)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "SELECT * FROM verifications WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
MySqlDataReader dr = cmd.ExecuteReader();
int count = 0;
try
{
while (dr.Read() == true)
{
count = (int)dr["emailCodeCount"];
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
count++;
string Query2 = "UPDATE verifications SET emailCodeCount = @count WHERE userID = @id2";
MySqlConnection conn2 = new MySqlConnection(connectionString);
MySqlCommand cmd2 = new MySqlCommand(Query2, conn2);
conn2.Open();
cmd2.Parameters.AddWithValue("@id2", id);
cmd2.Parameters.AddWithValue("@count", count);
cmd2.ExecuteNonQuery();
conn2.Close();
}
private void resetActivationCount(int id)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "UPDATE verifications SET activationCount = 0 WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
cmd.ExecuteNonQuery();
conn.Close();
}
private void updateMobile(int id, string mobile)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "UPDATE users SET handphone = @mobile WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
cmd.Parameters.AddWithValue("@mobile", mobile);
cmd.ExecuteNonQuery();
conn.Close();
}
private void updateEmail(int id, string email)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "UPDATE users SET email = @email WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
cmd.Parameters.AddWithValue("@email", email);
cmd.ExecuteNonQuery();
conn.Close();
}
private void updatePassword(int id, string pwHash)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "UPDATE users SET passwordHash = @pwHash WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
cmd.Parameters.AddWithValue("@pwHash", pwHash);
cmd.ExecuteNonQuery();
conn.Close();
}
private void updateCode(int id, int emailCode)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "UPDATE verifications SET emailCode = @code WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
cmd.Parameters.AddWithValue("@code", emailCode);
cmd.ExecuteNonQuery();
conn.Close();
}
private void insertInfo(int id, string info)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "UPDATE users SET information = @info WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", id);
cmd.Parameters.AddWithValue("@info", info);
cmd.ExecuteNonQuery();
conn.Close();
}
protected void ButtonRegister_Click(object sender, EventArgs e)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "INSERT into users(username, passwordHash, email, handphone, name, gender, ban) VALUES (@username, @passwordHash, @email, @handphone, @name, @gender, False)";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
string pwHash;
pwHash = CreatePasswordHash(TextBoxPassword.Text);
cmd.Parameters.AddWithValue("@username", TextBoxUsername.Text);
cmd.Parameters.AddWithValue("@passwordHash", pwHash);
cmd.Parameters.AddWithValue("@email", TextBoxEmail.Text);
cmd.Parameters.AddWithValue("@handphone", TextBoxHp.Text);
cmd.Parameters.AddWithValue("@name", TextBoxName.Text);
cmd.Parameters.AddWithValue("@gender", ListGender.SelectedValue);
if (retrieveInfo(TextBoxUsername.Text))
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "ThanksPopScript", "alert('Username taken');", true);
}
else
{
cmd.ExecuteNonQuery();
Random rand = new Random((int)DateTime.Now.Ticks);
int RandomNumber;
RandomNumber = rand.Next(100000, 999999);
int userID = retrieveUserID(TextBoxUsername.Text);
insertCode(userID, RandomNumber);
string temp = "~/AccountActivation.aspx?@=" + HttpUtility.HtmlEncode(userID);
Response.Redirect(temp);
}
conn.Close();
}
protected void DeleteButton_Click(object sender, EventArgs e)
{
ImageButton btn = (ImageButton)sender;
string commandArgument = btn.CommandArgument;
int a = Convert.ToInt32(commandArgument);
DBController db = new DBController();
string cnnString = db.getConnectionString();
MySqlConnection con = new MySqlConnection(cnnString);
MySqlCommand com = new MySqlCommand("Delete from posts where ID=@a", con);
con.Open();
com.Parameters.AddWithValue("@a", a);
com.ExecuteNonQuery();
con.Close();
int iduser = da.getUserID(a);
string name = da.getUserName(iduser);
da.adminPostLog(name, a, userid);
GetUserPost(TextBoxUserName.Text);
}
protected void DeleteButton_Click(object sender, EventArgs e)
{
ImageButton btn = (ImageButton)sender;
string commandArgument = btn.CommandArgument;
int a = Convert.ToInt32(commandArgument);
DBController db = new DBController();
string cnnString = db.getConnectionString();
MySqlConnection con = new MySqlConnection(cnnString);
MySqlCommand com = new MySqlCommand("Delete from products where productID=@a", con);
con.Open();
com.Parameters.AddWithValue("@a", a);
com.ExecuteNonQuery();
con.Close();
int boothid = da.getBoothId(a);
int sellerid = da.getSellerId(boothid);
string sellername = da.getUserName(sellerid);
da.adminStoreLog(sellername, a, userid);
GetStoreItem(sellerName.Text);
}
private void updateSubscriptionList(int userID, int targetID)
{
string str = retrieveSubscriptionListID(userID);
str += ";" + targetID;
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "UPDATE users SET subscriptionList = @list WHERE userID = @id";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@id", userID);
cmd.Parameters.AddWithValue("@list", str);
cmd.ExecuteNonQuery();
conn.Close();
}
protected void ButtonLogin_Click(object sender, EventArgs e)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
string Query = "SELECT * FROM users WHERE username = @username";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@username", TextBoxLogin1.Text);
MySqlDataReader dr = cmd.ExecuteReader();
string username = "";
string pwHash = "";
string genPwHash;
genPwHash = CreatePasswordHash(TextBoxLogin2.Text);
int userID = 0;
Boolean ban = false;
try
{
while (dr.Read() == true)
{
userID = (int)dr["userID"];
username = dr["username"].ToString();
pwHash = dr["passwordHash"].ToString();
ban = Convert.ToBoolean(dr["ban"]);
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
string Query2 = "SELECT * FROM verifications WHERE userID = @userid";
MySqlConnection conn2 = new MySqlConnection(connectionString);
MySqlCommand cmd2 = new MySqlCommand(Query2, conn2);
conn2.Open();
cmd2.Parameters.AddWithValue("@userid", userID);
MySqlDataReader dr2 = cmd2.ExecuteReader();
Boolean activationSuccess = false;
try
{
while (dr2.Read() == true)
{
activationSuccess = Convert.ToBoolean(dr2["activationSuccess"]);
}
}
catch (Exception)
{
}
finally
{
dr2.Close();
conn2.Close();
}
if (pwHash.Equals(genPwHash) && username.Equals(TextBoxLogin1.Text) && ban == false && activationSuccess == true)
{
Random rand = new Random((int)DateTime.Now.Ticks);
int RandomNumber;
RandomNumber = rand.Next(100000, 999999);
insertOtp(userID, RandomNumber);
string temp = "~/LoginVerification.aspx?@=" + HttpUtility.HtmlEncode(userID);
Response.Redirect(temp);
}
else if (ban == true)
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "ThanksPopScript", "alert('The account is banned');", true);
}
else if (activationSuccess == false)
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "ThanksPopScript", "alert('The account has not been activated');", true);
}
else
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "ThanksPopScript", "alert('Incorrect username or password');", true);
}
}
public string[] GetCompletionList(string prefixText, int count)
{
//ADO.Net
DBController db = new DBController();
string connectionString = db.getConnectionString();
List <string> resultsList = new List <string>();
string result;
//Compare String From Textbox(searchTerm) AND String From
//Column in DataBase(CompanyName)
//If String from DataBase is equal to String from TextBox(searchTerm)
//then add it to return ItemList
string Query = "SELECT username FROM users WHERE username LIKE '%' @username '%' AND userID not in (@userID, 1)";
MySqlConnection conn = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand(Query, conn);
conn.Open();
cmd.Parameters.AddWithValue("@username", prefixText);
cmd.Parameters.AddWithValue("@userID", Session["userID"]);
MySqlDataReader dr = cmd.ExecuteReader();
if (dr.Read() == true)
{
result = dr["username"].ToString();
resultsList.Add(result);
}
try
{
while (dr.Read() == true)
{
result = dr["username"].ToString();
resultsList.Add(result);
}
}
catch (Exception)
{
}
finally
{
dr.Close();
conn.Close();
}
string Query2 = "SELECT productName FROM products WHERE productName LIKE '%' @productName '%'";
MySqlConnection conn2 = new MySqlConnection(connectionString);
MySqlCommand cmd2 = new MySqlCommand(Query2, conn2);
conn2.Open();
cmd2.Parameters.AddWithValue("@productName", prefixText);
MySqlDataReader dr2 = cmd2.ExecuteReader();
if (dr2.Read() == true)
{
result = dr2["productName"].ToString();
resultsList.Add(result);
}
try
{
while (dr2.Read() == true)
{
result = dr2["productName"].ToString();
resultsList.Add(result);
}
}
catch (Exception)
{
}
finally
{
dr2.Close();
conn2.Close();
}
//Then return List of string(resultsList) as result
return(resultsList.ToArray());
}
protected void Page_Load(object sender, EventArgs e)
{
DBController db = new DBController();
connectionString = db.getConnectionString();
}