protected void btnReg_Click(object sender, EventArgs e) { if (checkInputs()) { string strInsert = "INSERT INTO Assets (TenantID, AssetType, ModelName, BrandName,SerialNo, Amount) VALUES (@tid, @type, @model, @brand, @serial, @amount)"; SqlParameter[] insertParam = { new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)), new SqlParameter("@type", AntiXSSMethods.CleanString(ddlType.SelectedValue)), new SqlParameter("@model", AntiXSSMethods.CleanString(txtModel.Text)), new SqlParameter("@brand", AntiXSSMethods.CleanString(txtBrand.Text)), new SqlParameter("@serial", AntiXSSMethods.CleanString(txtSerial.Text)), new SqlParameter("@amount", StringCustomizers.CheckMoney(Convert.ToDouble(AntiXSSMethods.CleanString(txtAmount.Text)))) }; DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString); AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Asset", EmployeeID); Response.Redirect("~/Admin/ManageAssets.aspx"); } else { lblAlert.Text = "Please check your input fields for invalid entries"; } }
protected void btnResetPass_Click(object sender, EventArgs e) { string TableName = ""; string Username = AntiXSSMethods.CleanString(txtUsername.Text); if (Username != "") { bool IsExisting = General.CheckIfExisting(Username); if (IsExisting) { //role = 1 Employee, 2 Tenant, 3 Guardian, 4 - error that will most likely not happen! :) int role = General.CheckRole(Username); //Response.Write(role.ToString()); string newpass = StringCustomizers.RandomStr(); string encryptednewpass = Encryption.GenerateBCryptHash(newpass); if (role == 1) { TableName = "Employees"; } else if (role == 2) { TableName = "Tenants"; } else if (role == 3) { TableName = "Guardians"; } string UpdatePWD = "UPDATE " + TableName + " SET Pwd=@pwd WHERE UN=@UN"; SqlParameter[] Params = { new SqlParameter("@UN", Username), new SqlParameter("@pwd", encryptednewpass) }; DataAccess.DataProcessExecuteNonQuery(UpdatePWD, Params, ConnString); //sends email SqlParameter[] UN = { new SqlParameter("@UN", Username) }; string email = DataAccess.ReturnData("SELECT Email FROM " + TableName + " WHERE UN=@UN", UN, ConnString, "Email"); bool mailIsSent = sendmail(email, newpass); if (mailIsSent) { lblAlert.Text = "Your password has been successfully reset. Please check your registered email's inbox for your new password. Don't forget to check your junk mailbox."; } else { lblAlert.Text = "Email is not sent. You may ask an administrator to reset your password for you."; } } else { lblAlert.Text = "Username doesn't exist!"; } } else { lblAlert.Text = "No username entered!"; } }