protected void btnRegister_Click(object sender, EventArgs e)
{
//get the user information from user input
DetailUserInfo user = new DetailUserInfo();
user.Name = Request.Form["txtUserName"];
user.Password = Request.Form["txtPassword"];
user.Age = Convert.ToInt16(Request.Form["txtAge"]);
user.Sex = Convert.ToInt16(Request.Form["ddlSex"]);
user.Post = Request.Form["ddlPost"];
user.Department = Request.Form["ddlDepartment"];
user.UserGroup = GlobalSetting.SystemRoles.Normal;
//register the user
User userHandler = new User();
bool result = userHandler.register(user);
if (result)
{
//Server.Transfer("~/login.aspx");
ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "error", "alert('Your registry is being processed, please wait.')", true);
}
else
{
ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "error", "alert('Duplicated user name')", true);
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
//register the user
String userName = Request.Form["txtUserName"];
String password = Request.Form["txtPassword"];
User userHandler = new User();
DetailUserInfo userinfo = userHandler.login(userName, password);
if (userinfo != null)
{
Session["LOGINID"] = userinfo.ID;
Session["LOGINNAME"] = userName;
Session["USERGROUP"] = userinfo.UserGroup;;
if (!Request.UrlReferrer.LocalPath.ToLower().Contains("login.aspx") &&
!Request.UrlReferrer.LocalPath.ToLower().Contains("register.aspx"))
{
Response.Redirect(Request.UrlReferrer.AbsoluteUri);
}
//routing
switch (userinfo.UserGroup)
{
case GlobalSetting.SystemRoles.Admin:
Response.Redirect("~/Approve.aspx");
break;
default:
Response.Redirect("~/Home.aspx");
break;
}
}
}
//register new user
public Boolean register(DetailUserInfo userInfo)
{
dbAccess.open();
try
{
String sql = string.Format("select count(*) from [User] where name = '{0}'", userInfo.Name);
System.Data.DataTable dt = dbAccess.select(sql);
if (dt.Rows[0][0].ToString() != "0")
{
return(false);
}
//encrypt the password before save to database
using (MD5 md5Hash = MD5.Create())
{
userInfo.Password = GetMd5Hash(md5Hash, userInfo.Password);
}
//create database access object
sql = string.Format("INSERT INTO [DetailUser] ([Name] ,[Password] ,[Age] ,[Sex] ,[Post] ,[Department], [Status], [RegisterDate],[UserGroup]) "
+ "VALUES ('{0}','{1}',{2},{3},'{4}','{5}', '{6}',getDate(),'{7}') ",
userInfo.Name,
userInfo.Password,
userInfo.Age,
userInfo.Sex,
userInfo.Post,
userInfo.Department,
DetailUserInfo.UserStatus.Pending,
userInfo.UserGroup);
dbAccess.update(sql);
}
catch (Exception ex)
{
throw ex;
}
finally
{
dbAccess.close();
}
return(true);
}
//verify the user login
public DetailUserInfo login(string userName, string password)
{
//encrypt the password before save to database
using (MD5 md5Hash = MD5.Create())
{
password = GetMd5Hash(md5Hash, password);
}
//create database access object
String sql = string.Format("SELECT * FROM [DetailUser] where Name='{0}' and password = '******' and Status = 'Approved' ",
userName,
password);
dbAccess.open();
try
{
System.Data.DataTable dt = dbAccess.select(sql);
if (dt.Rows.Count > 0)
{
DetailUserInfo useInfo = new DetailUserInfo();
useInfo.ID = Convert.ToInt16(dt.Rows[0]["ID"]);
useInfo.Name = dt.Rows[0]["Name"].ToString();
useInfo.Password = dt.Rows[0]["Password"].ToString();
useInfo.Age = dt.Rows[0]["Age"] == DBNull.Value ? (short)0 : Convert.ToInt16(dt.Rows[0]["Age"]);
useInfo.Sex = Convert.ToInt16(dt.Rows[0]["Sex"]);
useInfo.Post = dt.Rows[0]["Post"].ToString();
useInfo.Department = dt.Rows[0]["Department"].ToString();
useInfo.UserGroup = dt.Rows[0]["UserGroup"].ToString();
return(useInfo);
}
}
catch (Exception ex)
{
throw ex;
}
finally
{
dbAccess.close();
}
return(null);
}
