protected void buttonSelect_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(myConnStr);
//counts number of rows where value exists
SqlCommand cmdSelectCount = new SqlCommand("SELECT COUNT(*) FROM tblCandidate WHERE candCode = '" + textboxEnterCode.Text + "'", con);
try
{
con.Open();
//returns first row and first column value of query result
vc.matchCount = cmdSelectCount.ExecuteScalar().ToString();
//if a row in the database contains the entered candidate code
if (vc.getMatchCount() == "1")
{
SqlCommand cmdSelectCand = new SqlCommand("SELECT * FROM tblCandidate WHERE candCode = '" + textboxEnterCode.Text + "'", con);
SqlDataReader read = cmdSelectCand.ExecuteReader();
while (read.Read())
{
//stores firstName and lastName value in label
lblConfirmMsg.Text = "You have chosen " + (read["candFirstName"].ToString() + " " + read["candLastName"].ToString() + ". Please confirm your choice below:");
}
read.Close();
if (lblConfirmMsg.Text != "")
{
buttonYes.Visible = true;
buttonNo.Visible = true;
}
}
//if a row in the database doesn't contain the entered username
else
{
lblErrorMsg.Visible = true;
textboxEnterCode.Text = "";
textboxEnterCode.Focus();
}
}
catch (Exception er)
{
Response.Write("<script language='javascript'> alert('Error! Database connection failed. Please try again.');</script>");
textboxEnterCode.Text = "";
textboxEnterCode.Focus();
}
finally
{
con.Close();
}
}
protected void buttonLogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(myConnStr);
try
{
con.Open();
//counts number of rows where both values exist
SqlCommand cmdSelectCount = new SqlCommand("SELECT COUNT(*) FROM tblAdmin WHERE adminUsername = '******' AND adminPassword = '******'", con);
//returns first row and first column value of query result
vc.matchCount = cmdSelectCount.ExecuteScalar().ToString();
//if a row in the database contains the entered username and password
if (vc.getMatchCount() == "1")
{
SqlCommand select2Cmd = new SqlCommand("SELECT * FROM tblAdmin WHERE adminUsername = '******' AND adminPassword = '******'", con);
SqlDataReader read = select2Cmd.ExecuteReader();
while (read.Read())
{
//stores firstName and lastName value in string variable
theAdmin.adminName = (read["adminFirstName"].ToString() + " " + read["adminLastName"].ToString());
}
read.Close();
//creates session for user
Session["adminName"] = theAdmin.adminName;
Response.Redirect("AdminMenu.aspx");
}
//if a row in the database doesn't contain the entered username and password
else
{
lblErrorMsg.Visible = true;
clearTextbox();
textboxUsername.Focus();
}
}
catch (Exception er)
{
Response.Write("<script language='javascript'> alert(''Error! Database connection failed. Please try again.');location.href='AdminLogin.aspx'');</script>");
}
finally
{
con.Close();
}
}
protected void buttonRegister_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(myConnStr);
try
{
con.Open();
//counts number of rows where the value exists
SqlCommand cmdSelectCount = new SqlCommand("SELECT COUNT(*) FROM tblStaff WHERE staffUsername = @username", con);
cmdSelectCount.Parameters.AddWithValue("@username", textboxUsername.Text);
//returns first row and first column value of query result
vc.matchCount = cmdSelectCount.ExecuteScalar().ToString();
//if a row in the database contains the entered username
if (vc.getMatchCount() != "1")
{
SqlCommand cmdInsertStaff = new SqlCommand("INSERT INTO tblStaff (staffFirstName, staffLastName, staffUsername, staffPassword, staffVoteStatus) VALUES (@fName,@lName, @username, @password, 0)", con);
cmdInsertStaff.Parameters.AddWithValue("@fName", textboxFName.Text);
cmdInsertStaff.Parameters.AddWithValue("@lName", textboxLName.Text);
cmdInsertStaff.Parameters.AddWithValue("@username", textboxUsername.Text);
cmdInsertStaff.Parameters.AddWithValue("@password", textboxPassword.Text);
cmdInsertStaff.ExecuteNonQuery();
Response.Write("<script language='javascript'> alert('Record has been added successfully!');location.href='VoterLogin.aspx'</script>");
}
//if a row in the database doesn't contain the entered username
else
{
Response.Write("<script language='javascript'> alert('Username already exists!');</script>");
clearTextbox();
textboxUsername.Focus();
}
}
catch (Exception er)
{
Response.Write("<script language='javascript'> alert('Error! Database connection failed. Please try again.');location.href='VoterRegister.aspx'</script>");
}
finally
{
con.Close();
}
}
protected void buttonLogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(myConnStr);
try
{
con.Open();
//counts number of rows where both values exist
SqlCommand cmdSelectCount = new SqlCommand("SELECT COUNT(*) FROM tblStaff WHERE staffUsername = '******' AND staffPassword = '******'", con);
//returns first row and first column value of query result
vc.matchCount = cmdSelectCount.ExecuteScalar().ToString();
//if a row in the database contains the entered username and password
if (vc.getMatchCount() == "1")
{
SqlCommand cmdSelectStaffVoted = new SqlCommand("SELECT staffVoteStatus FROM tblStaff WHERE staffUsername = '******' AND staffPassword = '******'", con);
//returns first row and first column value of query result
vc.voteCount = cmdSelectStaffVoted.ExecuteScalar().ToString();
//if the staff hasn't voted
if (vc.getVoteCount() != "1")
{
SqlCommand cmdSelectStaff = new SqlCommand("SELECT * FROM tblStaff WHERE staffUsername = '******' AND staffPassword = '******'", con);
SqlDataReader read = cmdSelectStaff.ExecuteReader();
while (read.Read())
{
//stores firstName, lastName and staffID values in string variables
theStaff.staffName = (read["staffFirstName"].ToString() + " " + read["staffLastName"].ToString());
theStaff.staffID = Convert.ToInt32(read["staffID"]);
}
read.Close();
//creates a session for user
Session["staffName"] = theStaff.staffName;
Session["staffID"] = theStaff.staffID;
//query string to send staff ID information to next page
Response.Redirect("VoterMenu.aspx?staffID=" + Session["staffID"]);
}
//if the staff has voted
else
{
Response.Write("<script language='javascript'> alert('You have already voted!');location.href='Home.aspx'</script>");
}
}
//if a row in the database doesn't contain the entered username and password
else
{
lblErrorMsg.Visible = true;
clearTextbox();
textboxUsername.Focus();
}
}
catch (Exception er)
{
Response.Write("<script language='javascript'> alert('Error! Database connection failed. Please enter your details again.');</script>");
clearTextbox();
textboxUsername.Focus();
}
finally
{
con.Close();
}
}