protected void Page_Load(object sender, EventArgs e)
{
IHttpUtilities httpUtilities = Esapi.HttpUtilities;
httpUtilities.ChangeSessionIdentifier();
SessionIDManager manager = new SessionIDManager();
String orig = manager.GetSessionID(HttpContext.Current);
if (String.IsNullOrEmpty(orig))
{
string newSessionId = manager.CreateSessionID(HttpContext.Current);
Session["cookie"] = newSessionId;
}
}
private void RegenerateSessionId()
{
var Context = System.Web.HttpContext.Current;
System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager();
string oldId = manager.GetSessionID(Context);
string newId = manager.CreateSessionID(Context);
bool isAdd = false, isRedir = false;
manager.SaveSessionID(Context, newId, out isRedir, out isAdd);
HttpApplication ctx = Context.ApplicationInstance;
HttpModuleCollection mods = ctx.Modules;
System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session");
System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance);
SessionStateStoreProviderBase store = null;
System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;
foreach (System.Reflection.FieldInfo field in fields)
{
if (field.Name.Equals("_store"))
{
store = (SessionStateStoreProviderBase)field.GetValue(ssm);
}
if (field.Name.Equals("_rqId"))
{
rqIdField = field;
}
if (field.Name.Equals("_rqLockId"))
{
rqLockIdField = field;
}
if (field.Name.Equals("_rqSessionStateNotFound"))
{
rqStateNotFoundField = field;
}
}
object lockId = rqLockIdField.GetValue(ssm);
if ((lockId != null) && (oldId != null))
{
store.ReleaseItemExclusive(Context, oldId, lockId);
}
rqStateNotFoundField.SetValue(ssm, true);
rqIdField.SetValue(ssm, newId);
}
private void ValidateUser(string userName, string password)
{
SqlConnection con = obj1.getcon();
con.Open();
SqlCommand cmd = new SqlCommand("select staff_id,staff_name,staff_role,NPstaff from staff_details where staff_id = @STAFF_id ", con);
cmd.Parameters.Add(new SqlParameter("STAFF_id", userName));
SqlDataReader dr = cmd.ExecuteReader();
// bool password_valid = NPpasswordCheck_BCLS(userName,password);//NP SERVER
bool password_valid = ZTpasswordCheck_BCLS(userName, password); //LOCAL SERVER
if (dr.HasRows && password_valid) //if username and password is correct
{
// Session.Abandon();
regenerateId();
Guid guid_string_Id = System.Guid.NewGuid();
string newID = guid_string_Id.ToString();
Session["CPRactSessionCheck"] = newID;
HttpCookie cookie = new HttpCookie("CPRactCookieCheck", newID);
cookie.Values.Add("TRXID", (string)Session["CPRactSessionCheck"]);
cookie.Values.Add("EVSS_ID", Session.SessionID);
Response.Cookies.Add(cookie);
// Response.Cookies["CPRactCookieCheck"].Secure = true;//We can enable secure cookie to set true(HTTPs).
dr.Read();
s_id = dr[0].ToString();
s_name = dr[1].ToString();
s_role = dr[2].ToString();
if (s_role == "Guest")
{
Session["id"] = 01;
}
else if (s_role == "Instructor")
{
Session["id"] = 11;
}
else if (s_role == "Chief Instructor")
{
Session["id"] = 21;
}
else if (s_role == "Director/Asst Director")//Director/Asst Director
{
Session["id"] = 31;
}
else//there is a chnace for enter the role through sql query and misspelled
{
Page.ClientScript.RegisterStartupScript(this.GetType(), Guid.NewGuid().ToString(), "alert('Role assignment unsuccessful, please contact techincal support');window.location='Login.aspx';", true);
return;
}
System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager();
string oldId = manager.GetSessionID(Context);
// regenerateId();
Session["staffname"] = s_name;
Session["staffid"] = s_id;
Session["staffrole"] = s_role;
Session["staff_password"] = password;
String last_interaction_time = DateTime.Now.ToString("dd/MM/yyyy HH:mm");//TO GET THE CURRENT LOGIN TIME
Session["lasttime"] = last_interaction_time;
if (s_role == "Chief Instructor")
{
Response.Redirect("follow_up.aspx");
}
else
{
Response.Redirect("Active_testsessiondetails.aspx");
}
}
else
{
lb_invalid.Visible = true;
tb_password.Text = "";
hdnfldpassword.Value = "";
// lb_invalid.Text =" Invalid userID or Password ! "+ " HasRows in DB: "+ dr.HasRows.ToString()+" Valid LDAP: " + password_valid.ToString() ;
lb_invalid.Text = " Invalid userID or Password ! ";
}
con.Close();
}
/// <summary>
/// sigh - this fixes a f****d up issue, where previewing pages containing code writing to Session,
/// will breake all subsequent page previews regardless of content. Should you obtain the wisdom as
/// to what exactly is the trick here, I'd love to now. I will leave it as "well, this fix the issue
/// and pass testing. Hurray for Harry Potter and magic!". Oh how I loathe doing that :(
/// </summary>
/// <param name="ctx">the Http context that will be shared between master and child process</param>
private static void AllowChildRequestSessionAccess(HttpContext ctx)
{
SessionIDManager manager = new SessionIDManager();
string oldId = manager.GetSessionID(ctx);
string newId = manager.CreateSessionID(ctx);
bool isAdd = false, isRedir = false;
manager.SaveSessionID(ctx, newId, out isRedir, out isAdd);
HttpApplication ctx2 = (HttpApplication)HttpContext.Current.ApplicationInstance;
HttpModuleCollection mods = ctx2.Modules;
SessionStateModule ssm = (SessionStateModule)mods.Get("Session");
System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance);
SessionStateStoreProviderBase store = null;
System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;
foreach (System.Reflection.FieldInfo field in fields)
{
if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm);
if (field.Name.Equals("_rqId")) rqIdField = field;
if (field.Name.Equals("_rqLockId")) rqLockIdField = field;
if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field;
}
object lockId = rqLockIdField.GetValue(ssm);
if ((lockId != null) && (oldId != null)) store.ReleaseItemExclusive(ctx, oldId, lockId);
rqStateNotFoundField.SetValue(ssm, true);
rqIdField.SetValue(ssm, newId);
}
protected void Page_Load(object sender, EventArgs e)
{
System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager();
string oldId = manager.GetSessionID(Context);
string name = (string)Session["staffname"]; //TO GET THE WELCOME MESSAGE
if (Session["id"] == null)
{
Response.Redirect("Login.aspx");
}
String logintime = (string)Session["lasttime"];
current_test_status = "Archived";
current_test_status2 = "Completed";
st_role = (string)Session["staffrole"];
string login_staff_id = (string)Session["staffid"];
// Code disables caching by browser.
Response.Cache.SetCacheability(HttpCacheability.NoCache);// this tells the client not to cache responses in the History folder, so that when you use the back/forward buttons the client requests a new version of the response each time.
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
login_staff_ID = (string)Session["staffname"];
if (st_role == "Instructor" || st_role == "Chief Instructor" || st_role == "Guest")
{
SqlConnection con9 = obj.getcon();
con9.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con9;
cmd.CommandText = "select a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,UPPER(a.chiefinstructor_name) as chiefinstructor_name ,count(b.student_id) as student_id from testsession_details a ,student_vs_testsession_details b where a.testsession_status not in(@status1, @status2) and a.testsession_id=b.testsession_id group by a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,a.chiefinstructor_name ORDER BY a.testsession_id DESC ";
SqlParameter param1 = new SqlParameter("@status1", current_test_status);
SqlParameter param2 = new SqlParameter("@status2", current_test_status2);
cmd.Parameters.Add(param1);
cmd.Parameters.Add(param2);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
adapter.Fill(ds);
GridView1.DataSource = ds;
GridView1.DataBind();
con9.Close();
}
else if (st_role == "Director/Asst Director")//if role=Admin
{
SqlConnection con8 = obj.getcon();
con8.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con8;
cmd.CommandText = "select a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,UPPER(a.chiefinstructor_name) as chiefinstructor_name,count(b.student_id) as student_id from testsession_details a ,student_vs_testsession_details b where a.testsession_status<>@status1 and a.testsession_id=b.testsession_id group by a.admin_id,a.testsession_id,a.test_type,a.test_date,a.testsession_status,a.chiefinstructor_name ORDER BY a.testsession_id DESC ";
SqlParameter param1 = new SqlParameter("@status1", current_test_status);
cmd.Parameters.Add(param1);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
adapter.Fill(ds);
GridView1.DataSource = ds;
GridView1.DataBind();
con8.Close();
}
}
