/// <summary> /// saves changes into data base /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void save_btn_Click(object sender, EventArgs e) { //passed validation if (dataTableName.Equals("users")) { SqlCommand sqlCommand; sqlConnection.Open(); string sqlCmd = "UPDATE [Users] SET username = @newUsername, password = @newPassword, email = @newEmail, content_creator = @newContentCreator, content_consumer = @newContentConsumer, validated = @newValidated, RandomKey = @newRandomKey, user_color = @newUserColor, admin = @newAdmin Where Id = @oldId"; for (int i = 1; i < table.Controls.Count - 1; i++) {// goes through all rows that are not Header or Footer TableRow tr = (TableRow)table.Controls[i]; if (!((Image)tr.Controls[tr.Controls.Count - 1].Controls[1]).CssClass.Contains("not-changed")) {// row is changed sqlCommand = new SqlCommand(sqlCmd, sqlConnection); //cannot change id sqlCommand.Parameters.AddWithValue("@newUsername", ((TextBox)tr.Controls[1].Controls[0]).Text); sqlCommand.Parameters.AddWithValue("@newPassword", ((TextBox)tr.Controls[2].Controls[0]).Text); sqlCommand.Parameters.AddWithValue("@newEmail", ((TextBox)tr.Controls[3].Controls[0]).Text); if (((CheckBox)tr.Controls[4].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newContentCreator", "True"); } else { sqlCommand.Parameters.AddWithValue("@newContentCreator", "False"); } if (((CheckBox)tr.Controls[5].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newContentConsumer", "True"); } else { sqlCommand.Parameters.AddWithValue("@newContentConsumer", "False"); } if (((CheckBox)tr.Controls[6].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newValidated", "True"); } else { sqlCommand.Parameters.AddWithValue("@newValidated", "False"); } sqlCommand.Parameters.AddWithValue("@newRandomKey", ((TextBox)tr.Controls[7].Controls[0]).Text); sqlCommand.Parameters.AddWithValue("@newUserColor", ((TextBox)tr.Controls[8].Controls[0]).Text); if (((CheckBox)tr.Controls[9].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newAdmin", "True"); } else { sqlCommand.Parameters.AddWithValue("@newAdmin", "False"); } sqlCommand.Parameters.AddWithValue("@oldId", ((TableCell)tr.Controls[0]).ToolTip); sqlCommand.ExecuteNonQuery(); } } TableFooterRow footerRow = (TableFooterRow)table.Controls[table.Controls.Count - 1]; if (((TextBox)footerRow.Controls[1].Controls[0]).Text.Length > 0 && InsertRowFull(footerRow, 1)) { string insertCommand = "INSERT INTO [Users] VALUES(@newUsername, @newPassword, @newEmail, @newContentCreator, @newContentConsumer, @newValidated, @newRandomKey, @newUserColor, @newAdmin)"; sqlCommand = new SqlCommand(insertCommand, sqlConnection); sqlCommand.Parameters.AddWithValue("@newUsername", ((TextBox)footerRow.Controls[1].Controls[0]).Text); sqlCommand.Parameters.AddWithValue("@newPassword", ((TextBox)footerRow.Controls[2].Controls[0]).Text); sqlCommand.Parameters.AddWithValue("@newEmail", ((TextBox)footerRow.Controls[3].Controls[0]).Text); if (((CheckBox)footerRow.Controls[4].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newContentCreator", "True"); } else { sqlCommand.Parameters.AddWithValue("@newContentCreator", "False"); } if (((CheckBox)footerRow.Controls[5].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newContentConsumer", "True"); } else { sqlCommand.Parameters.AddWithValue("@newContentConsumer", "False"); } if (((CheckBox)footerRow.Controls[6].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newValidated", "True"); } else { sqlCommand.Parameters.AddWithValue("@newValidated", "False"); } sqlCommand.Parameters.AddWithValue("@newRandomKey", ((TextBox)footerRow.Controls[7].Controls[0]).Text); sqlCommand.Parameters.AddWithValue("@newUserColor", ((TextBox)footerRow.Controls[8].Controls[0]).Text); if (((CheckBox)footerRow.Controls[9].Controls[0]).Checked) { sqlCommand.Parameters.AddWithValue("@newAdmin", "True"); } else { sqlCommand.Parameters.AddWithValue("@newAdmin", "False"); } sqlCommand.ExecuteNonQuery(); //Update WebService int id = 0; sqlCmd = "SELECT Id FROM [Users] WHERE username = @username;"; sqlCommand = new SqlCommand(sqlCmd, sqlConnection); sqlCommand.Parameters.AddWithValue("@username", ((TextBox)footerRow.Controls[1].Controls[0]).Text); SqlDataReader reader = sqlCommand.ExecuteReader(); if (reader.Read()) { id = reader.GetInt32(0); } maker_service.WebService ws = new maker_service.WebService(); ws.InsertUser(id); } sqlConnection.Close(); Response.Redirect(Request.Url.AbsoluteUri); } if (dataTableName.Equals("models")) { ws.OpenConnection(); string sqlCmd = "UPDATE [Models] SET User_Id = @newUser_Id, Creation_Date = @newCreation_Date, XML_File_Link = @newXML, name = @newName, description = @newDescription, Thumbnail = @newThumbnail Where Model_Id = @oldId"; for (int i = 1; i < table.Controls.Count - 1; i++) {// goes through all rows that are not Header or Footer TableRow tr = (TableRow)table.Controls[i]; if (!((Image)tr.Controls[tr.Controls.Count - 1].Controls[1]).CssClass.Contains("not-changed")) {// row is changed string[] parameterNames = { "@newUser_Id", "@newCreation_Date", "@newXML", "@newName", "@newDescription", "@newThumbnail", "@oldId" }; string[] parameterValues = new string[parameterNames.Length]; //cannot change id parameterValues[0] = ((TextBox)tr.Controls[1].Controls[0]).Text; parameterValues[1] = ((TextBox)tr.Controls[2].Controls[0]).Text; parameterValues[2] = ((TextBox)tr.Controls[3].Controls[0]).Text; parameterValues[3] = ((TextBox)tr.Controls[4].Controls[0]).Text; parameterValues[4] = ((TextBox)tr.Controls[5].Controls[0]).Text; parameterValues[5] = ((TextBox)tr.Controls[6].Controls[0]).Text; parameterValues[6] = ((TableCell)tr.Controls[0]).ToolTip; string[] parameterTypes = { "string", "datetime", "string", "string", "string", "string", "string" }; ws.GenericVoidQueryWithParameters(sqlCmd, parameterNames, parameterValues, parameterTypes); } } TableFooterRow footerRow = (TableFooterRow)table.Controls[table.Controls.Count - 1]; if (((TextBox)footerRow.Controls[1].Controls[0]).Text.Length > 0 && InsertRowFull(footerRow, 1)) { string[] parameterNames = { "@newUser_Id", "@newCreation_Date", "@newXML", "@newName", "@newDescription", "@newThumbnail", "@oldId" }; string[] parameterValues = new string[parameterNames.Length]; //cannot change id parameterValues[0] = ((TextBox)footerRow.Controls[1].Controls[0]).Text; parameterValues[1] = ((TextBox)footerRow.Controls[2].Controls[0]).Text; parameterValues[2] = ((TextBox)footerRow.Controls[3].Controls[0]).Text; parameterValues[3] = ((TextBox)footerRow.Controls[4].Controls[0]).Text; parameterValues[4] = ((TextBox)footerRow.Controls[5].Controls[0]).Text; parameterValues[5] = ((TextBox)footerRow.Controls[6].Controls[0]).Text; parameterValues[6] = ((TableCell)footerRow.Controls[0]).ToolTip; string[] parameterTypes = { "int", "datetime", "string", "string", "string", "string", "int" }; string insertCommand = "INSERT INTO [Models] VALUES(@newUser_Id, @newCreation_Date, @newXML, @newName, @newDescription, @newThumbnail);"; ws.GenericVoidQueryWithParameters(insertCommand, parameterNames, parameterValues, parameterTypes); } ws.CloseConnection(); Response.Redirect(Request.Url.AbsoluteUri); } if (dataTableName.Equals("downloads")) { ws.OpenConnection(); string sqlCmd = "UPDATE [Downloads] SET User_Id = @newUser_Id, Model_Id = @newModel_Id, Download_Date = @newDownload_Date WHERE Download_Id = @oldId"; for (int i = 1; i < table.Controls.Count - 1; i++) {// goes through all rows that are not Header or Footer TableRow tr = (TableRow)table.Controls[i]; if (!((Image)tr.Controls[tr.Controls.Count - 1].Controls[1]).CssClass.Contains("not-changed")) {// row is changed string[] parameterNames = { "@newUser_Id", "@newModel_Id", "@newDownload_Date", "@oldId" }; string[] parameterValues = new string[parameterNames.Length]; //cannot change id parameterValues[0] = ((TextBox)tr.Controls[1].Controls[0]).Text; parameterValues[1] = ((TextBox)tr.Controls[2].Controls[0]).Text; parameterValues[2] = ((TextBox)tr.Controls[3].Controls[0]).Text; parameterValues[3] = ((TableCell)tr.Controls[0]).ToolTip; string[] parameterTypes = { "int", "int", "datetime", "int" }; ws.GenericVoidQueryWithParameters(sqlCmd, parameterNames, parameterValues, parameterTypes); } } TableFooterRow footerRow = (TableFooterRow)table.Controls[table.Controls.Count - 1]; if (((TextBox)footerRow.Controls[1].Controls[0]).Text.Length > 0 && InsertRowFull(footerRow, 1)) { string[] parameterNames = { "@newUser_Id", "@newModel_Id", "@newDownload_Date" }; string[] parameterValues = new string[parameterNames.Length]; //cannot change id parameterValues[0] = ((TextBox)footerRow.Controls[1].Controls[0]).Text; parameterValues[1] = ((TextBox)footerRow.Controls[2].Controls[0]).Text; parameterValues[2] = ((TextBox)footerRow.Controls[3].Controls[0]).Text; string[] parameterTypes = { "int", "int", "datetime" }; string insertCommand = "INSERT INTO [Downloads] VALUES(@newUser_Id, @newModel_Id, @newDownload_Date);"; ws.GenericVoidQueryWithParameters(insertCommand, parameterNames, parameterValues, parameterTypes); } ws.CloseConnection(); Response.Redirect(Request.Url.AbsoluteUri); } if (dataTableName.Equals("ratings")) { ws.OpenConnection(); string sqlCmd = "UPDATE [Ratings] SET User_Id = @newUser_Id, Model_Id = @newModel_Id, Value = @newValue WHERE Rate_Id = @oldId"; for (int i = 1; i < table.Controls.Count - 1; i++) {// goes through all rows that are not Header or Footer TableRow tr = (TableRow)table.Controls[i]; if (!((Image)tr.Controls[tr.Controls.Count - 1].Controls[1]).CssClass.Contains("not-changed")) {// row is changed string[] parameterNames = { "@newUser_Id", "@newModel_Id", "@newValue", "@oldId" }; string[] parameterValues = new string[parameterNames.Length]; //cannot change id parameterValues[0] = ((TextBox)tr.Controls[1].Controls[0]).Text; parameterValues[1] = ((TextBox)tr.Controls[2].Controls[0]).Text; parameterValues[2] = ((TextBox)tr.Controls[3].Controls[0]).Text; parameterValues[3] = ((TableCell)tr.Controls[0]).ToolTip; string[] parameterTypes = { "int", "int", "int", "int" }; ws.GenericVoidQueryWithParameters(sqlCmd, parameterNames, parameterValues, parameterTypes); } } TableFooterRow footerRow = (TableFooterRow)table.Controls[table.Controls.Count - 1]; if (((TextBox)footerRow.Controls[1].Controls[0]).Text.Length > 0 && InsertRowFull(footerRow, 1)) { string[] parameterNames = { "@newUser_Id", "@newModel_Id", "@newValue" }; string[] parameterValues = new string[parameterNames.Length]; //cannot change id parameterValues[0] = ((TextBox)footerRow.Controls[1].Controls[0]).Text; parameterValues[1] = ((TextBox)footerRow.Controls[2].Controls[0]).Text; parameterValues[2] = ((TextBox)footerRow.Controls[3].Controls[0]).Text; string[] parameterTypes = { "int", "int", "int" }; string insertCommand = "INSERT INTO [Ratings] VALUES(@newUser_Id, @newModel_Id, @newValue);"; ws.GenericVoidQueryWithParameters(insertCommand, parameterNames, parameterValues, parameterTypes); } ws.CloseConnection(); Response.Redirect(Request.Url.AbsoluteUri); } }
/// <summary> /// sign up functionality /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void SignUp(object sender, EventArgs e) { SqlConnection sqlConnection = new SqlConnection(resources.ResourceManager.GetString("Connection_String")); sqlConnection.Open(); string sqlCmd = "SELECT * FROM [Users] WHERE username = @username;"; SqlCommand sqlCommand = new SqlCommand(sqlCmd, sqlConnection); sqlCommand.Parameters.AddWithValue("@username", usernameBox.Text); SqlDataReader reader = sqlCommand.ExecuteReader(); if (reader.HasRows) {// print error message HtmlGenericControl errorMessageDiv = new HtmlGenericControl("div"); errorMessageDiv.Attributes["class"] = "TrenchFont WelcomeMessage"; HtmlGenericControl errorMessageP = new HtmlGenericControl("p"); errorMessageP.Attributes["style"] = "color:indianred;"; errorMessageP.InnerHtml = "This username is already taken, please try again with a different one"; errorMessageDiv.Controls.Add(errorMessageP); WelcomeMessage.Controls.Add(errorMessageDiv); reader.Close(); } else { reader.Close(); //Generate Id int key = KeyGenerator(); string color = ColorGenerator(); //Submit form sqlCmd = "INSERT INTO [Users] VALUES(@username,@password,@email,@content_creator,@content_consumer,'False',@key,@color,'False');"; sqlCommand = new SqlCommand(sqlCmd, sqlConnection); sqlCommand.Parameters.AddWithValue("@username", usernameBox.Text); sqlCommand.Parameters.AddWithValue("@password", passwordBox.Text); sqlCommand.Parameters.AddWithValue("@email", emailBox.Text); sqlCommand.Parameters.AddWithValue("@content_creator", content_creator.Text); sqlCommand.Parameters.AddWithValue("@content_consumer", content_consumer.Text); sqlCommand.Parameters.AddWithValue("@key", key);//random key used for validation sqlCommand.Parameters.AddWithValue("@color", color); sqlCommand.ExecuteNonQuery(); //Update WebService int id = 0; sqlCmd = "SELECT Id FROM [Users] WHERE username = @username;"; sqlCommand = new SqlCommand(sqlCmd, sqlConnection); sqlCommand.Parameters.AddWithValue("@username", usernameBox.Text); reader = sqlCommand.ExecuteReader(); if (reader.Read()) { id = reader.GetInt32(0); } maker_service.WebService ws = new maker_service.WebService(); ws.InsertUser(id); //send verification email MailMessage mail = new MailMessage(); mail.From = new MailAddress(resources.ResourceManager.GetString("Site_Email_Address"), "Model Makertron 2100 - v2.0"); mail.To.Add(new MailAddress(emailBox.Text)); mail.Subject = "Verify your new Account!"; mail.IsBodyHtml = false; string message = "Dear " + usernameBox.Text + ","; message += "\nCongratulations on your registration to Model Makertron 2100 - v2.0!"; message += "\nTo verify it was you who tried to register to Model Makertron 2100 - v2.0 click the link below."; message += "\nIf it wasn't you who registered ignore this mail."; message += "\nhttp://localhost:57143/Pages/VerificationPage/VerificationPage.aspx?" + key; mail.Body = message; SmtpClient smtp = new SmtpClient(); smtp.Host = "smtp.gmail.com"; smtp.EnableSsl = true; NetworkCredential networkCred = new NetworkCredential(resources.ResourceManager.GetString("Site_Email_Address"), resources.ResourceManager.GetString("Site_Email_Password")); smtp.UseDefaultCredentials = true; smtp.Credentials = networkCred; try { smtp.Port = 587; smtp.Send(mail); //print verification message HtmlGenericControl registrationMessageDiv = new HtmlGenericControl("div"); registrationMessageDiv.Attributes["class"] = "TrenchFont WelcomeMessage"; HtmlGenericControl registrationMessageP = new HtmlGenericControl("p"); registrationMessageP.InnerHtml = "Verification Email has been sent to your email account!"; registrationMessageDiv.Controls.Add(registrationMessageP); WelcomeMessage.Controls.Add(registrationMessageDiv); } catch { try {// make sure email sending did not fail because of port issues smtp.Port = 465; smtp.Send(mail); //print verification message HtmlGenericControl registrationMessageDiv = new HtmlGenericControl("div"); registrationMessageDiv.Attributes["class"] = "TrenchFont WelcomeMessage"; HtmlGenericControl registrationMessageP = new HtmlGenericControl("p"); registrationMessageP.InnerHtml = "Verification Email has been sent to your email account!"; registrationMessageDiv.Controls.Add(registrationMessageP); WelcomeMessage.Controls.Add(registrationMessageDiv); } catch {// something is wrong with email address HtmlGenericControl error = new HtmlGenericControl("div"); error.Attributes["class"] = "TrenchFont WelcomeMessage error"; HtmlGenericControl errorP = new HtmlGenericControl("p"); errorP.InnerHtml = "Email address is not correct!"; error.Controls.Add(errorP); WelcomeMessage.Controls.Add(error); } } } sqlConnection.Close(); ////reset values usernameBox.Text = ""; emailBox.Text = ""; passwordBox.Text = ""; content_creator.Text = "False"; content_consumer.Text = "False"; }