public static string DateTimeToString(DateTime input) { try { return(input.ToString("d/M/yyyy @ h:mmtt")); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(string.Empty); } }
protected void CategoryGrid_Edit(object sender, GridViewEditEventArgs e) { try { categoryGrid.EditIndex = e.NewEditIndex; Load_Forms(Convert.ToInt32(postView.SelectedValue)); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void CommentGrid_Delete(object sender, GridViewDeleteEventArgs e) { int postId = Convert.ToInt32(postView.SelectedValue); try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "DELETE FROM comments WHERE commentid= @COMMENTID", CommandType = CommandType.Text, Connection = conn }; var param = new NpgsqlParameter { ParameterName = "@COMMENTID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars( commentGrid.DataKeys[e.RowIndex].Values[0].ToString()) }; cmd.Parameters.Add(param); cmd.ExecuteNonQuery(); } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } Reset_Page(postId); }
protected void GridView_Edit(object sender, GridViewEditEventArgs e) { try { userGrid.EditIndex = e.NewEditIndex; Load_Forms(); Load_Dropdown(); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
public static string Decrypt(string encrypted, string key) { try { byte[] encryptedArray = Convert.FromBase64String(encrypted); byte[] decryptedArray = SimpleDecryptWithPassword(encryptedArray, key); return(Encoding.UTF8.GetString(decryptedArray)); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(null); } }
protected void Load_Forms(string userId) { try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT userid, useralias, city, country, profileimg, profilebody FROM users WHERE userid= @USERID", conn); var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = userId }; cmd.Parameters.Add(idParam); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); if (ds.Tables[0].Rows.Count == 0) { errorLabel.Text = "Invalid user."; } else { userList.DataSource = ds; userList.DataBind(); errorLabel.Text = ""; } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator. Error:<br/>" + ex; } }
public static bool UpdatePassword(string id, string pass) { try { using (var conn = new NpgsqlConnection()) { // App-DB connection. conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "UPDATE Users SET (passwordhash) = (@PASSWORDHASH) WHERE userid= @USERID;", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = id }; cmd.Parameters.Add(idParam); var hashParam = new NpgsqlParameter { ParameterName = "@PASSWORDHASH", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = FooCryptHelper.CreateShaHash(pass) }; cmd.Parameters.Add(hashParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } return(true); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(false); } }
public static bool CheckIfUsernameExists(string username) { try { using (var conn = new NpgsqlConnection()) { // App-DB connection. conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "SELECT username FROM users WHERE username= @USERNAME", CommandType = CommandType.Text, Connection = conn }; var nameParam = new NpgsqlParameter { ParameterName = "@USERNAME", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = username }; cmd.Parameters.Add(nameParam); NpgsqlDataReader dr = cmd.ExecuteReader(); string result = String.Empty; while (dr.Read()) { result = dr["username"].ToString(); } dr.Close(); return(!String.IsNullOrEmpty(result)); } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(false); } }
public static string GetAccountForReset(string resetId, string token) { try { using (var conn = new NpgsqlConnection()) { // App-DB connection. conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "SELECT userid FROM resets WHERE resetid= @RESETID", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@RESETID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = resetId }; cmd.Parameters.Add(idParam); NpgsqlDataReader dr = cmd.ExecuteReader(); string result = String.Empty; while (dr.Read()) { result = dr["userid"].ToString(); } dr.Close(); return(!String.IsNullOrEmpty(result) ? FooCryptHelper.Decrypt(result, token) : null); } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(null); } }
protected void Load_Forms() { string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId; if (!FooStringHelper.IsValidAlphanumeric(userId, 16)) { errorLabel.Text = "Invalid request."; return; } try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT userid, useralias, email, address, city, country, profilebody, profileimg FROM users WHERE userid= @USERID", conn); var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(userId) }; cmd.Parameters.Add(idParam); using (NpgsqlDataReader dr = cmd.ExecuteReader()) { userView.DataSource = dr; userView.DataBind(); } } errorLabel.Text = ""; } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void PostGrid_SelectedIndexChanged(object sender, EventArgs e) { try { int postId = Convert.ToInt32(postGrid.Rows[postGrid.SelectedIndex].Cells[0].Text); Load_Forms(postId); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
public static string GetEmailForAccount(string userId) { try { using (var conn = new NpgsqlConnection()) { // App-DB connection. conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "SELECT email FROM users WHERE userid= @USERID", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = userId }; cmd.Parameters.Add(idParam); NpgsqlDataReader dr = cmd.ExecuteReader(); string result = String.Empty; while (dr.Read()) { result = dr["email"].ToString(); } dr.Close(); return(!String.IsNullOrEmpty(result) ? result : null); } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(null); } }
protected void PostView_ItemDeleting(object sender, DetailsViewDeleteEventArgs e) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "DELETE FROM posts WHERE postid= @POSTID", CommandType = CommandType.Text, Connection = conn }; var param = new NpgsqlParameter { ParameterName = "@POSTID", NpgsqlDbType = NpgsqlDbType.Integer, Size = 8, Direction = ParameterDirection.Input, Value = Convert.ToInt32(postView.SelectedValue) }; cmd.Parameters.Add(param); cmd.ExecuteNonQuery(); } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } Reset_Page(-1); }
protected void Load_Form() { try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchid, merchname, merchprice, merchbrief FROM merchandise WHERE merchenabled= true ORDER BY merchname", conn); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); if (ds.Tables[0].Rows.Count == 0) { errorLabel.Text = "There are no items."; } else { merchList.DataSource = ds; merchList.DataBind(); errorLabel.Text = ""; } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void MerchGrid_SelectedIndexChanged(object sender, EventArgs e) { try { string merchId = merchGrid.Rows[merchGrid.SelectedIndex].Cells[0].Text; if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(string.Empty); return; } Load_Forms(merchId); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void Load_Form() { try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT T1.postid, T1.posttime, T1.catid, T1.posttitle, T1.postbrief, T1.postenabled, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T1.postenabled= true ORDER BY T1.posttime", conn); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); if (ds.Tables[0].Rows.Count == 0) { errorLabel.Text = "There are no posts."; } else { postList.DataSource = ds; postList.DataBind(); errorLabel.Text = ""; } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void submitButton_Click(object sender, EventArgs e) { string reviewBody = reviewText.Text; string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId; string merchId = Request.QueryString["id"]; if (string.IsNullOrEmpty(reviewBody)) { RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); reviewErrorLabel.Text = "Incomplete input."; return; } if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); reviewErrorLabel.Text = "Invalid input."; return; } try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "INSERT INTO reviews(reviewid, reviewtime, userid, merchid, reviewbody) VALUES (@REVIEWID, @REVIEWTIME, @USERID, @MERCHID, @REVIEWBODY)", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@REVIEWID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RandomString(16) }; cmd.Parameters.Add(idParam); var timeParam = new NpgsqlParameter { ParameterName = "@REVIEWTIME", NpgsqlDbType = NpgsqlDbType.Timestamp, Size = 32, Direction = ParameterDirection.Input, Value = DateTime.Now }; cmd.Parameters.Add(timeParam); var userParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(userId) }; cmd.Parameters.Add(userParam); var merchParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(merchParam); var bodyParam = new NpgsqlParameter { ParameterName = "@REVIEWBODY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 1024, Direction = ParameterDirection.Input, Value = reviewBody }; cmd.Parameters.Add(bodyParam); cmd.ExecuteNonQuery(); cmd.Dispose(); reviewErrorLabel.Text = ""; reviewText.Text = ""; } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); reviewErrorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current); Load_Forms(merchId); }
public static bool RegisterNewUser(string id, string alias, string email, string address, string city, string country, string username, string pass, string groupId) { try { using (var conn = new NpgsqlConnection()) { // App-DB connection. conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "INSERT INTO Users (userId, userName, userAlias, passwordHash, groupId, email, address, city, country, profileimg) VALUES (@USERID, @USERNAME, @USERALIAS, @PASSWORDHASH, @GROUPID, @EMAIL, @ADDRESS, @CITY, @COUNTRY, 'profile_default.jpg');", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = id }; cmd.Parameters.Add(idParam); var nameParam = new NpgsqlParameter { ParameterName = "@USERNAME", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = username }; cmd.Parameters.Add(nameParam); var aliasParam = new NpgsqlParameter { ParameterName = "@USERALIAS", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = alias }; cmd.Parameters.Add(aliasParam); var hashParam = new NpgsqlParameter { ParameterName = "@PASSWORDHASH", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = FooCryptHelper.CreateShaHash(pass) }; cmd.Parameters.Add(hashParam); var groupParam = new NpgsqlParameter { ParameterName = "@GROUPID", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = groupId }; cmd.Parameters.Add(groupParam); var emailParam = new NpgsqlParameter { ParameterName = "@EMAIL", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = email }; cmd.Parameters.Add(emailParam); var addressParam = new NpgsqlParameter { ParameterName = "@ADDRESS", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 128, Direction = ParameterDirection.Input, Value = address }; cmd.Parameters.Add(addressParam); var cityParam = new NpgsqlParameter { ParameterName = "@CITY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = city }; cmd.Parameters.Add(cityParam); var countryParam = new NpgsqlParameter { ParameterName = "@COUNTRY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = country }; cmd.Parameters.Add(countryParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } return(true); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(false); } }
public static UserObject GetUserObjByEmail(string email) { try { using (var conn = new NpgsqlConnection()) { // App-DB connection. conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "SELECT useralias, userid, username, groupid FROM users WHERE email= @EMAIL", CommandType = CommandType.Text, Connection = conn }; var emailParam = new NpgsqlParameter { ParameterName = "@EMAIL", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = email }; cmd.Parameters.Add(emailParam); NpgsqlDataReader dr = cmd.ExecuteReader(); string userAlias = String.Empty; string userName = String.Empty; string userId = String.Empty; string groupId = String.Empty; while (dr.Read()) { userAlias = dr["useralias"].ToString(); userId = dr["userid"].ToString(); groupId = dr["groupid"].ToString(); userName = dr["userName"].ToString(); } dr.Close(); if (!String.IsNullOrEmpty(userAlias) && !String.IsNullOrEmpty(userId) && !String.IsNullOrEmpty(userName) && !String.IsNullOrEmpty(groupId)) { var userObj = new UserObject { Username = userName, UserAlias = userAlias, UserId = userId, GroupId = groupId }; return(userObj); } return(null); } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); return(null); } }
protected void MerchView_Databound(object sender, EventArgs e) { if (merchView.CurrentMode == DetailsViewMode.ReadOnly && merchView.Rows.Count > 1) { var merchEnabledLabel = (Label)merchView.FindControl("merchEnabledLabel"); using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString()) }; cmd.Parameters.Add(idParam); bool postEnabled = Convert.ToBoolean(cmd.ExecuteScalar()); merchEnabledLabel.Text = postEnabled ? "Yes" : "No"; } } else { var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox"); try { if (merchView.CurrentMode == DetailsViewMode.Edit) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString()) }; cmd.Parameters.Add(idParam); NpgsqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { merchEnabledCheckbox.Checked = Convert.ToBoolean(dr["merchenabled"]); } dr.Close(); } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); string merchId = merchView.SelectedValue.ToString(); if (!FooStringHelper.IsValidAlphanumeric(merchId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(string.Empty); return; } Reset_Page(merchId); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } }
protected void CategoryGrid_Command(object sender, GridViewCommandEventArgs e) { int postId = Convert.ToInt32(postView.SelectedValue); var txtCatNameFooter = (TextBox)categoryGrid.FooterRow.FindControl("txtCatNameFooter"); if (!string.IsNullOrEmpty(txtCatNameFooter.Text)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { if (e.CommandName.Equals("AddNew")) { // Define connection string. using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "INSERT INTO categories(catid, catname) VALUES (@CATID, @NAME)", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@CATID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RandomString(16) }; cmd.Parameters.Add(idParam); var nameParam = new NpgsqlParameter { ParameterName = "@NAME", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtCatNameFooter.Text }; cmd.Parameters.Add(nameParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(postId); }
protected void CategoryGrid_Update(object sender, GridViewUpdateEventArgs e) { int postId = Convert.ToInt32(postView.SelectedValue); var txtCatName = (TextBox)categoryGrid.Rows[e.RowIndex].FindControl("txtCatName"); if (!string.IsNullOrEmpty(txtCatName.Text)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { // Define connection string. using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "UPDATE categories SET catname= @NAME WHERE catid= @CATID", CommandType = CommandType.Text, Connection = conn }; var nameParam = new NpgsqlParameter { ParameterName = "@NAME", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtCatName.Text }; cmd.Parameters.Add(nameParam); var idParam = new NpgsqlParameter { ParameterName = "@CATID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars( categoryGrid.DataKeys[e.RowIndex].Values[0].ToString()) }; cmd.Parameters.Add(idParam); cmd.ExecuteNonQuery(); } } else { errorLabel.Text = "Invalid request."; } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(postId); }
protected void Insert_NewImage(string merchId, HttpPostedFile file) { string fileName = "profile_default.jpg"; string path = HttpContext.Current.Server.MapPath("~/uploads"); if (!Directory.Exists(path)) { Directory.CreateDirectory(path); } if (file != null) { var uploadCompleted = false; byte[] fileBytes = FooFileHelper.GetFileBytesFromHttpStream(file); if (FooFileHelper.IsImage(fileBytes) && fileBytes.Length < 2097152) { if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE") { string[] files = file.FileName.Split(new[] { '\\' }); fileName = files[files.Length - 1]; } else { fileName = file.FileName; } fileName = FooStringHelper.RandomFileName(fileName); string filePath = Path.Combine(path, fileName); try { File.WriteAllBytes(filePath, fileBytes); uploadCompleted = true; } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Upload failed."; } } else { errorLabel.Text = "Invalid file."; } if (uploadCompleted) { try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchimg FROM merchandise WHERE merchid= @MERCHID", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(idParam); NpgsqlDataReader dr = cmd.ExecuteReader(); string imageFile = string.Empty; while (dr.Read()) { imageFile = dr["merchimg"].ToString(); } dr.Close(); if (imageFile != string.Empty && imageFile != "merch_default.jpg") { string currentFile = Path.Combine(path, imageFile); if (File.Exists(currentFile)) { File.Delete(currentFile); } } } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "UPDATE merchandise SET (merchimg) = (@MERCHIMG) WHERE merchid= @MERCHID", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(idParam); var imgParam = new NpgsqlParameter { ParameterName = "@MERCHIMG", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = fileName }; cmd.Parameters.Add(imgParam); cmd.ExecuteNonQuery(); } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } } }
protected void PostView_Databound(object sender, EventArgs e) { if (postView.CurrentMode == DetailsViewMode.ReadOnly && postView.Rows.Count > 1) { var postEnabledLabel = (Label)postView.FindControl("postEnabledLabel"); using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT postenabled FROM posts WHERE postid= @POSTID", conn); var idParam = new NpgsqlParameter { ParameterName = "@POSTID", NpgsqlDbType = NpgsqlDbType.Integer, Direction = ParameterDirection.Input, Value = Convert.ToInt32(postView.SelectedValue) }; cmd.Parameters.Add(idParam); bool postEnabled = Convert.ToBoolean(cmd.ExecuteScalar()); postEnabledLabel.Text = postEnabled ? "Yes" : "No"; } } else { var catDropdown = (DropDownList)postView.FindControl("catDropdown"); var postEnabledCheckbox = (CheckBox)postView.FindControl("postEnabledCheckbox"); try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT catid, catname FROM categories", conn); using (NpgsqlDataReader dr = cmd.ExecuteReader()) { catDropdown.DataSource = dr; catDropdown.DataValueField = "catid"; catDropdown.DataTextField = "catname"; catDropdown.DataBind(); } } if (postView.CurrentMode == DetailsViewMode.Edit) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT catid, postenabled FROM posts WHERE postid= @POSTID", conn); var idParam = new NpgsqlParameter { ParameterName = "@POSTID", NpgsqlDbType = NpgsqlDbType.Integer, Size = 8, Direction = ParameterDirection.Input, Value = Convert.ToInt32(postView.SelectedValue) }; cmd.Parameters.Add(idParam); NpgsqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { postEnabledCheckbox.Checked = Convert.ToBoolean(dr["postenabled"]); catDropdown.SelectedValue = dr["catid"].ToString(); } dr.Close(); } } } catch (Exception ex) { Reset_Page(Convert.ToInt32(postView.SelectedValue)); FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } }
protected void Load_Forms(int postId) { try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand(); if (postId == -1) { cmd.CommandText = "SELECT T1.postid, T1.catid, T1.posttitle, T1.postbrief, T1.postbody, T1.postenabled, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid ORDER BY T1.postid DESC LIMIT 1"; cmd.Connection = conn; } else { cmd.CommandText = "SELECT T1.postid, T1.catid, T1.posttitle, T1.postbrief, T1.postbody, T1.postenabled, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T1.postid= @POSTID"; cmd.Connection = conn; var idParam = new NpgsqlParameter { ParameterName = "@POSTID", NpgsqlDbType = NpgsqlDbType.Integer, Size = 8, Direction = ParameterDirection.Input, Value = postId }; cmd.Parameters.Add(idParam); } var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); postView.DataSource = ds; postView.DataBind(); } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT postid, posttime, posttitle FROM posts", conn); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); postGrid.DataSource = ds; postGrid.DataBind(); } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT catid, catname FROM categories", conn); using (NpgsqlDataReader dr = cmd.ExecuteReader()) { if (dr.HasRows) { categoryGrid.DataSource = dr; categoryGrid.DataBind(); } else { var dt = new DataTable(); dt.Columns.Add("catid"); dt.Columns.Add("catname"); DataRow row = dt.NewRow(); row["catid"] = "null"; row["catname"] = "null"; dt.Rows.Add(row); categoryGrid.DataSource = dt; categoryGrid.DataBind(); categoryGrid.Rows[0].Visible = false; categoryGrid.Rows[0].Controls.Clear(); } } } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT T1.commentid, T1.commenttime, T1.userid, T1.postid, T1.commentbody, T2.userid, T2.useralias, T3.postid, T3.posttitle FROM comments AS T1 LEFT OUTER JOIN users AS T2 ON T1.userid = T2.userid LEFT OUTER JOIN posts AS T3 ON T1.postid = T3.postid", conn); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); commentGrid.DataSource = ds; commentGrid.DataBind(); } errorLabel.Text = ""; } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void Insert_NewImage(string fileName, string userId) { try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT profileimg FROM users WHERE userid= @USERID", conn); var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = userId }; cmd.Parameters.Add(idParam); NpgsqlDataReader dr = cmd.ExecuteReader(); string imageFile = string.Empty; while (dr.Read()) { imageFile = dr["profileimg"].ToString(); } dr.Close(); if (imageFile != string.Empty && imageFile != "profile_default.jpg") { string path = HttpContext.Current.Server.MapPath("~/uploads"); string currentFile = Path.Combine(path, imageFile); File.Delete(currentFile); } } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "UPDATE users SET (profileimg) = (@PROFILEIMG) WHERE userid= @USERID", conn); var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(userId) }; cmd.Parameters.Add(idParam); var imgParam = new NpgsqlParameter { ParameterName = "@PROFILEIMG", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = fileName }; cmd.Parameters.Add(imgParam); cmd.ExecuteNonQuery(); } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void Load_Forms(string merchId) { try { bool isValidItem = false; using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT merchid, merchname, merchprice, merchimg, merchbody FROM merchandise WHERE merchenabled= true AND merchid= @MERCHID LIMIT 1", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(idParam); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); if (ds.Tables[0].Rows.Count == 0) { errorLabel.Text = "Invalid item."; } else { merchList.DataSource = ds; merchList.DataBind(); errorLabel.Text = ""; isValidItem = true; } } if (!isValidItem) { return; } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT T1.reviewid, T1.reviewtime, T1.reviewbody, T1.merchid, T2.userid, T2.useralias, T2.profileimg FROM reviews AS T1 LEFT OUTER JOIN users AS T2 ON T1.userid = T2.userid WHERE T1.merchid= @MERCHID", conn); var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(idParam); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); if (ds.Tables[0].Rows.Count == 0) { reviewLabel.Text = "No reviews."; } else { reviewList.DataSource = ds; reviewList.DataBind(); reviewLabel.Text = ""; } } if (!User.Identity.IsAuthenticated) { reviewText.Visible = false; submitButton.Visible = false; reviewErrorLabel.Text = "You must be logged in to leave a review."; } reviewPanel.Visible = true; } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void UserView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e) { UserObject userObj = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current); string userId = userObj.UserId; string userName = userObj.Username; if (!FooStringHelper.IsValidAlphanumeric(userId, 16)) { errorLabel.Text = "Invalid request."; Reset_Page(); return; } var txtUserAlias = (TextBox)userView.FindControl("txtUserAlias"); var txtUserEmail = (TextBox)userView.FindControl("txtUserEmail"); var txtUserAddress = (TextBox)userView.FindControl("txtUserAddress"); var txtUserCity = (TextBox)userView.FindControl("txtUserCity"); var txtUserCountry = (TextBox)userView.FindControl("txtUserCountry"); var txtUserBody = (TextBox)userView.FindControl("txtUserBody"); var imageUploadForm = (FileUpload)userView.FindControl("imageUploadForm"); if (!string.IsNullOrEmpty(txtUserAlias.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) && !string.IsNullOrEmpty(txtUserAddress.Text) && !string.IsNullOrEmpty(txtUserCity.Text) && !string.IsNullOrEmpty(txtUserCountry.Text) && !string.IsNullOrEmpty(txtUserBody.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) && FooStringHelper.IsValidEmailAddress(txtUserEmail.Text) && !FooEmailHelper.CheckIfEmailExists(txtUserEmail.Text, userName)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "UPDATE users SET (useralias, email, address, city, country, profilebody) = (@USERALIAS, @EMAIL, @ADDRESS, @CITY, @COUNTRY, @PROFILEBODY) WHERE userid= @USERID", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@USERID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = FooStringHelper.RemoveInvalidChars(userId) }; cmd.Parameters.Add(idParam); var aliasParam = new NpgsqlParameter { ParameterName = "@USERALIAS", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserAlias.Text }; cmd.Parameters.Add(aliasParam); var emailParam = new NpgsqlParameter { ParameterName = "@EMAIL", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = txtUserEmail.Text }; cmd.Parameters.Add(emailParam); var addressParam = new NpgsqlParameter { ParameterName = "@ADDRESS", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 128, Direction = ParameterDirection.Input, Value = txtUserAddress.Text }; cmd.Parameters.Add(addressParam); var cityParam = new NpgsqlParameter { ParameterName = "@CITY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserCity.Text }; cmd.Parameters.Add(cityParam); var countryParam = new NpgsqlParameter { ParameterName = "@COUNTRY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtUserCountry.Text }; cmd.Parameters.Add(countryParam); var bodyParam = new NpgsqlParameter { ParameterName = "@PROFILEBODY", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 1024, Direction = ParameterDirection.Input, Value = txtUserBody.Text }; cmd.Parameters.Add(bodyParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } if (imageUploadForm.HasFile) { string path = HttpContext.Current.Server.MapPath("~/uploads"); if (!Directory.Exists(path)) { Directory.CreateDirectory(path); } HttpPostedFile file = HttpContext.Current.Request.Files[0]; if (file.ContentLength < 2097152) { string fileName; if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE") { string[] files = file.FileName.Split(new[] { '\\' }); fileName = files[files.Length - 1]; } else { fileName = file.FileName; } fileName = FooStringHelper.RandomFileName(fileName); string filePath = Path.Combine(path, fileName); try { file.SaveAs(filePath); Insert_NewImage(fileName, userId); Reset_Page(); } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Upload failed."; } } else { errorLabel.Text = "Invalid file."; } } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(); }
protected void Load_Forms(string catId) { try { using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT catname FROM categories WHERE catid= @CATID ORDER BY catname", conn); var catParam = new NpgsqlParameter { ParameterName = "@CATID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = catId }; cmd.Parameters.Add(catParam); object catName = cmd.ExecuteScalar(); if (catName != null) { catLabel.Text = catName.ToString(); } } using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand( "SELECT T1.postid, T1.posttime, T1.catid AS queryid, T1.posttitle, T1.postbrief, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T2.catid= @CATID AND postenabled= true ORDER BY T1.posttime", conn); var catParam = new NpgsqlParameter { ParameterName = "@CATID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = catId }; cmd.Parameters.Add(catParam); var da = new NpgsqlDataAdapter(cmd); var ds = new DataSet(); da.Fill(ds); if (ds.Tables[0].Rows.Count == 0) { errorLabel.Text = "Empty category."; } else { postList.DataSource = ds; postList.DataBind(); errorLabel.Text = ""; } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } }
protected void PostView_ItemInserting(object sender, DetailsViewInsertEventArgs e) { var txtPostTitle = (TextBox)postView.FindControl("txtPostTitle"); var txtPostBrief = (TextBox)postView.FindControl("txtPostBrief"); var txtPostBody = (TextBox)postView.FindControl("txtPostBody"); var postEnabledCheckbox = (CheckBox)postView.FindControl("postEnabledCheckbox"); var catDropdown = (DropDownList)postView.FindControl("catDropdown"); if (!string.IsNullOrEmpty(txtPostTitle.Text) && !string.IsNullOrEmpty(txtPostBrief.Text) && !string.IsNullOrEmpty(txtPostBody.Text)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { // Define connection string. using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "INSERT INTO posts(catid, posttime, posttitle, postbrief, postbody, postenabled) VALUES (@CATID, @POSTTIME, @POSTTITLE, @POSTBRIEF, @POSTBODY, @POSTENABLED)", CommandType = CommandType.Text, Connection = conn }; var catParam = new NpgsqlParameter { ParameterName = "@CATID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = catDropdown.SelectedValue }; cmd.Parameters.Add(catParam); var timeParam = new NpgsqlParameter { ParameterName = "@POSTTIME", NpgsqlDbType = NpgsqlDbType.Timestamp, Size = 32, Direction = ParameterDirection.Input, Value = DateTime.Now }; cmd.Parameters.Add(timeParam); var titleParam = new NpgsqlParameter { ParameterName = "@POSTTITLE", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 32, Direction = ParameterDirection.Input, Value = txtPostTitle.Text }; cmd.Parameters.Add(titleParam); var briefParam = new NpgsqlParameter { ParameterName = "@POSTBRIEF", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 1024, Direction = ParameterDirection.Input, Value = txtPostBrief.Text }; cmd.Parameters.Add(briefParam); var bodyParam = new NpgsqlParameter { ParameterName = "@POSTBODY", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = Server.HtmlDecode(txtPostBody.Text) }; cmd.Parameters.Add(bodyParam); var enabledParam = new NpgsqlParameter { ParameterName = "@POSTENABLED", NpgsqlDbType = NpgsqlDbType.Boolean, Direction = ParameterDirection.Input, Value = postEnabledCheckbox.Checked }; cmd.Parameters.Add(enabledParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(-1); }