protected void RadButtonSave_Click(object sender, EventArgs e) { //Save all the user details if (UserID > 0) { #region "Update the user" try { string strPasswordHashed = string.Empty; string strMenuIDs = string.Empty; string strResult = string.Empty; string strUserFullName = string.Empty; string strEmailUsername = string.Empty; string strEmailPassword = string.Empty; string strTelephone = string.Empty; string strBenifits = string.Empty; PricingUser _User = new PricingUser(); if (panl_Changepassword.Visible == true) { _User = UserPassswordCheck(RadTextBoxUsername.Text.Trim(), RadTextBoxCurrentPassword.Text.Trim()); if (_User.Result == "Success") { if (RadTextBoxNewPassword.Text.Trim() == RadTextBoxConfirmPassword.Text.Trim()) { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); strPasswordHashed = ComputeHash(RadTextBoxNewPassword.Text.Trim(), "SHA512", null); strUserFullName = RadTextBoxUserFullname.Text.Trim(); strEmailUsername = RadTxtEmailUsername.Text.Trim(); //strEmailPassword = RadTxtEmailPassword.Text.Trim(); strEmailPassword = Encrypt(RadTxtEmailPassword.Text.Trim(), mySalt); strTelephone = RadTxtTelephone.Text.Trim(); if (strEmailPassword == "") strEmailPassword = HiddenFieldEmailPwd.Value.ToString(); sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_UPDATE_UserOwnDetails"; sqlParam = new SqlParameter("UserID", UserID); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Username", RadTextBoxUsername.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", strPasswordHashed); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("UserFullName", strUserFullName); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailUsername", strEmailUsername); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailPassword", strEmailPassword); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Telephone", strTelephone); sqlCommandX.Parameters.Add(sqlParam); sqlCommandX.ExecuteNonQuery(); //Close the window //ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); lblInfo.Text = "Save was successful"; Image1.Visible = true; } else { lblInfo.Text = "The new password does not match the confirmation password"; } } else { lblInfo.Text = "The current password you entered is not correct"; } } else { //Update the userwithout changing the password sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); strPasswordHashed = ComputeHash(RadTextBoxNewPassword.Text.Trim(), "SHA512", null); strUserFullName = RadTextBoxUserFullname.Text.Trim(); strEmailUsername = RadTxtEmailUsername.Text.Trim(); //strEmailPassword = RadTxtEmailPassword.Text.Trim(); strEmailPassword = Encrypt(RadTxtEmailPassword.Text.Trim(), mySalt); //string decryptedstring = Decrypt(encryptedstring, mySalt); strTelephone = RadTxtTelephone.Text.Trim(); if (strEmailPassword == "") strEmailPassword = HiddenFieldEmailPwd.Value.ToString(); sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_UPDATE_UserOwnDetails"; sqlParam = new SqlParameter("UserID", UserID); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Username", RadTextBoxUsername.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", ""); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("UserFullName", strUserFullName); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailUsername", strEmailUsername); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailPassword", strEmailPassword); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Telephone", strTelephone); sqlCommandX.Parameters.Add(sqlParam); sqlCommandX.ExecuteNonQuery(); //Close the window //ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); lblInfo.Text = "Save was successful"; Image1.Visible = true; } } catch (Exception ex) { lblInfo.Text = ex.Message; } finally { sqlConnectionX.Close(); } #endregion } }
private PricingUser UserPassswordCheck(string Username, string password) { PricingUser DBUser = new PricingUser(); try { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_Pricing_UserAuth"; sqlParam = new SqlParameter("UserName", Username); sqlCommandX.Parameters.Add(sqlParam); sqlDR = sqlCommandX.ExecuteReader(); while (sqlDR.Read()) { DBUser.UserID = sqlDR.GetInt32(0); DBUser.Username = sqlDR.GetString(1); DBUser.Password = sqlDR.GetString(2); } sqlDR.Close(); sqlCommandX.Cancel(); sqlCommandX.Dispose(); //Check the password is correct bool flag = VerifyHash(password, "SHA512", DBUser.Password); if (flag != true) { if (DBUser.Result != null) { DBUser.Result += "incorrect"; } else { DBUser.Result = "incorrect"; } } else { DBUser.Result = "Success"; DBUser.Password = ""; } } catch (Exception) { //mySubscriber.ResultMessage = ex.Message; } finally { sqlDR.Close(); sqlDR.Dispose(); sqlConnectionX.Close(); } return DBUser; }
protected void RadButtonSave_Click(object sender, EventArgs e) { //Save all the user details if (UserID > 0) { #region "Update the user" try { string strPasswordHashed = string.Empty; string strMenuIDs = string.Empty; string strResult = string.Empty; string strUserFullName = string.Empty; string strEmailUsername = string.Empty; string strEmailPassword = string.Empty; string strTelephone = string.Empty; string strBenifits = string.Empty; bool blnEMLoading = false; bool blnResetPassword = false; PricingUser _User = new PricingUser(); if (panl_Changepassword.Visible == true) { if (CheckBoxRestPassword.Checked == true) { blnResetPassword = true; } if (blnResetPassword == false) { _User = UserPassswordCheck(RadTextBoxUsername.Text.Trim(), RadTextBoxCurrentPassword.Text.Trim()); } else { _User.Result = "Success"; } if (_User.Result == "Success") { if (blnResetPassword == false) { if (RadTextBoxNewPassword.Text.Trim() != RadTextBoxConfirmPassword.Text.Trim()) { lblInfo.Text = "The new password does not match the confirmation password"; } } else { if (RadTextBoxNewPasswordReset.Text.Trim() != RadTextBoxConfirmPasswordReset.Text.Trim()) { lblInfo.Text = "The new password does not match the confirmation password"; } } if (lblInfo.Text == "") { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); #region "Menus" List<string> userMenuList = new List<string>(); foreach (RadTreeNode node in RadTreeViewUserMenus.GetAllNodes()) { if (node.Checked == true) { if (node.ParentNode != null) { if (userMenuList.Contains(node.ParentNode.Value) == false) { userMenuList.Add(node.ParentNode.Value.ToString()); } } userMenuList.Add(node.Value.ToString()); } } #endregion strMenuIDs = string.Join<string>(",", userMenuList); if (blnResetPassword == false) { strPasswordHashed = ComputeHash(RadTextBoxNewPassword.Text.Trim(), "SHA512", null); //strPasswordHashed = ComputeHash(RadTextBoxPassword.Text.Trim(), "SHA512", null); } else { strPasswordHashed = ComputeHash(RadTextBoxNewPasswordReset.Text.Trim(), "SHA512", null); } strUserFullName = RadTextBoxUserFullname.Text.Trim(); strEmailUsername = RadTxtEmailUsername.Text.Trim(); //strEmailPassword = RadTxtEmailPassword.Text.Trim(); strEmailPassword = Encrypt(RadTxtEmailPassword.Text.Trim(), mySalt); strTelephone = RadTxtTelephone.Text.Trim(); if (RadBtnChkFDB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "FDB"; else strBenifits += ",FDB"; } if (RadBtnChkADB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "ADB"; else strBenifits += ",ADB"; } if (RadBtnChkADCB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "ACDB"; else strBenifits += ",ACDB"; } if (RadBtnChkEMLoading.Checked == true) { blnEMLoading = true; } else { blnEMLoading = false; } if (strEmailPassword == "") strEmailPassword = HiddenFieldEmailPwd.Value.ToString(); sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_UPDATE_User"; sqlParam = new SqlParameter("UserID", UserID); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Username", RadTextBoxUsername.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", strPasswordHashed); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("MenuIDs", strMenuIDs); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("UserFullName", strUserFullName); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailUsername", strEmailUsername); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailPassword", strEmailPassword); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Telephone", strTelephone); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Benifits", strBenifits); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EMLoading", blnEMLoading); sqlCommandX.Parameters.Add(sqlParam); sqlCommandX.ExecuteNonQuery(); sqlConnectionX.Close(); //Close the window ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); } } else { lblInfo.Text = "The current password you entered is not correct"; } } else { //Update the userwithout changing the password sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); #region "Menus" List<string> userMenuList = new List<string>(); foreach (RadTreeNode node in RadTreeViewUserMenus.GetAllNodes()) { if (node.Checked == true) { if (node.ParentNode != null) { if (userMenuList.Contains(node.ParentNode.Value) == false) { userMenuList.Add(node.ParentNode.Value.ToString()); } } userMenuList.Add(node.Value.ToString()); } } #endregion strMenuIDs = string.Join<string>(",", userMenuList); strPasswordHashed = ComputeHash(RadTextBoxNewPassword.Text.Trim(), "SHA512", null); //strPasswordHashed = ComputeHash(RadTextBoxPassword.Text.Trim(), "SHA512", null); strUserFullName = RadTextBoxUserFullname.Text.Trim(); strEmailUsername = RadTxtEmailUsername.Text.Trim(); //strEmailPassword = RadTxtEmailPassword.Text.Trim(); strEmailPassword = Encrypt(RadTxtEmailPassword.Text.Trim(), mySalt); //string decryptedstring = Decrypt(encryptedstring, mySalt); strTelephone = RadTxtTelephone.Text.Trim(); if (RadBtnChkFDB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "FDB"; else strBenifits += ",FDB"; } if (RadBtnChkADB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "ADB"; else strBenifits += ",ADB"; } if (RadBtnChkADCB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "ACDB"; else strBenifits += ",ACDB"; } if (RadBtnChkEMLoading.Checked == true) { blnEMLoading = true; } else { blnEMLoading = false; } if (strEmailPassword == "") strEmailPassword = HiddenFieldEmailPwd.Value.ToString(); sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_UPDATE_User"; sqlParam = new SqlParameter("UserID", UserID); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Username", RadTextBoxUsername.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", ""); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("MenuIDs", strMenuIDs); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("UserFullName", strUserFullName); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailUsername", strEmailUsername); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailPassword", strEmailPassword); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Telephone", strTelephone); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Benifits", strBenifits); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EMLoading", blnEMLoading); sqlCommandX.Parameters.Add(sqlParam); sqlCommandX.ExecuteNonQuery(); sqlConnectionX.Close(); //Close the window ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); } } catch (Exception ex) { lblInfo.Text = ex.Message; } finally { } #endregion } else { #region "create the new user" try { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); string strPasswordHashed = string.Empty; string strMenuIDs = string.Empty; string strUserFullName = string.Empty; string strEmailUsername = string.Empty; string strEmailPassword = string.Empty; string strTelephone = string.Empty; string strBenifits = string.Empty; bool blnEMLoading = false; bool blnResetPassword = false; string strResult = string.Empty; #region "Menus" List<string> userMenuList = new List<string>(); foreach (RadTreeNode node in RadTreeViewUserMenus.GetAllNodes()) { if (node.Checked == true) { if (node.ParentNode != null) { if (userMenuList.Contains(node.ParentNode.Value) == false) { userMenuList.Add(node.ParentNode.Value.ToString()); } } userMenuList.Add(node.Value.ToString()); } } #endregion strMenuIDs = string.Join<string>(",", userMenuList); strPasswordHashed = ComputeHash(RadTextBoxPassword.Text.Trim(), "SHA512", null); strUserFullName = RadTextBoxUserFullname.Text.Trim(); strEmailUsername = RadTxtEmailUsername.Text.Trim(); //strEmailPassword = RadTxtEmailPassword.Text.Trim(); strEmailPassword = Encrypt(RadTxtEmailPassword.Text.Trim(), mySalt); //string decryptedstring = Decrypt(encryptedstring, mySalt); strTelephone = RadTxtTelephone.Text.Trim(); if (RadBtnChkFDB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "FDB"; else strBenifits += ",FDB"; } if (RadBtnChkADB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "ADB"; else strBenifits += ",ADB"; } if (RadBtnChkADCB.Checked == true) { if (strBenifits.Length == 0) strBenifits = "ACDB"; else strBenifits += ",ACDB"; } if (RadBtnChkEMLoading.Checked == true) { blnEMLoading = true; } else { blnEMLoading = false; } sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_INSERT_User"; sqlParam = new SqlParameter("Username", RadTextBoxUsername.Text.Trim()); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Password", strPasswordHashed); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("MenuIDs", strMenuIDs); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("UserFullName", strUserFullName); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailUsername", strEmailUsername); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EmailPassword", strEmailPassword); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Telephone", strTelephone); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("Benifits", strBenifits); sqlCommandX.Parameters.Add(sqlParam); sqlParam = new SqlParameter("EMLoading", blnEMLoading); sqlCommandX.Parameters.Add(sqlParam); SqlDataReader dr = sqlCommandX.ExecuteReader(); while (dr.Read()) { strResult = dr.GetString(0); } if (strResult == "Ok") { //Close the window ScriptManager.RegisterStartupScript(Page, Page.GetType(), "mykey", "CloseAndRebind();", true); } else { lblInfo.Text = strResult; } } catch (Exception ex) { lblInfo.Text = ex.Message; } finally { sqlConnectionX.Close(); } #endregion } }