protected void btnReg_Click(object sender, EventArgs e)
{
if (checkInputs())
{
string strInsert = "INSERT INTO Assets (TenantID, AssetType, ModelName, BrandName,SerialNo, Amount) VALUES (@tid, @type, @model, @brand, @serial, @amount)";
SqlParameter[] insertParam =
{
new SqlParameter("@tid", AntiXSSMethods.CleanString(ddlTenant.SelectedValue)),
new SqlParameter("@type", AntiXSSMethods.CleanString(ddlType.SelectedValue)),
new SqlParameter("@model", AntiXSSMethods.CleanString(txtModel.Text)),
new SqlParameter("@brand", AntiXSSMethods.CleanString(txtBrand.Text)),
new SqlParameter("@serial", AntiXSSMethods.CleanString(txtSerial.Text)),
new SqlParameter("@amount", StringCustomizers.CheckMoney(Convert.ToDouble(AntiXSSMethods.CleanString(txtAmount.Text))))
};
DataAccess.DataProcessExecuteNonQuery(strInsert, insertParam, conString);
AuditTrailFunctions.UpdateEmployeeAuditTrail("Added new Asset", EmployeeID);
Response.Redirect("~/Admin/ManageAssets.aspx");
}
else
{
lblAlert.Text = "Please check your input fields for invalid entries";
}
}
protected void btnResetPass_Click(object sender, EventArgs e)
{
string TableName = "";
string Username = AntiXSSMethods.CleanString(txtUsername.Text);
if (Username != "")
{
bool IsExisting = General.CheckIfExisting(Username);
if (IsExisting)
{
//role = 1 Employee, 2 Tenant, 3 Guardian, 4 - error that will most likely not happen! :)
int role = General.CheckRole(Username);
//Response.Write(role.ToString());
string newpass = StringCustomizers.RandomStr();
string encryptednewpass = Encryption.GenerateBCryptHash(newpass);
if (role == 1)
{
TableName = "Employees";
}
else if (role == 2)
{
TableName = "Tenants";
}
else if (role == 3)
{
TableName = "Guardians";
}
string UpdatePWD = "UPDATE " + TableName + " SET Pwd=@pwd WHERE UN=@UN";
SqlParameter[] Params =
{
new SqlParameter("@UN", Username),
new SqlParameter("@pwd", encryptednewpass)
};
DataAccess.DataProcessExecuteNonQuery(UpdatePWD, Params, ConnString);
//sends email
SqlParameter[] UN = { new SqlParameter("@UN", Username) };
string email = DataAccess.ReturnData("SELECT Email FROM " + TableName + " WHERE UN=@UN", UN, ConnString, "Email");
bool mailIsSent = sendmail(email, newpass);
if (mailIsSent)
{
lblAlert.Text = "Your password has been successfully reset. Please check your registered email's inbox for your new password. Don't forget to check your junk mailbox.";
}
else
{
lblAlert.Text = "Email is not sent. You may ask an administrator to reset your password for you.";
}
}
else
{
lblAlert.Text = "Username doesn't exist!";
}
}
else
{
lblAlert.Text = "No username entered!";
}
}
