protected void DiscAllButton_Click(object sender, EventArgs e) { string updaterId = "", updateCode = "DISC_DWA"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(DeptNameLabel.Text); values.Add(""); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add("all"); int status = DataConsumer.executeProcedure("dept_ward_disc", values); StatusLabel.CssClass = "success"; StatusLabel.Text = "Successful removal.<br/>Department name: " + DeptNameLabel.Text + ".<br/>Number of wards removed: " + ListView1.Items.Count; BindListView(); CancelButton_Click(new object(), new EventArgs()); }
protected void EmailButton_Click(object sender, EventArgs e) { try { string emailInfo = DataProvider.ChangePassword.getEmailPassword(EmailBox.Text.Trim().ToUpper()); //get user's email DataTable dt = HospitalClass.getDataTable(emailInfo); if (dt.Rows.Count > 0) { string firstName = HospitalClass.PascalCasing(dt.Rows[0][0].ToString()); string userId = dt.Rows[0][1].ToString(); string password = HospitalClass.Decrypt(dt.Rows[0][2].ToString()); string message = string.Format("Good day user {0}.\r\n\r\nYour user Id is: {1}\r\nYour password is: {2}", firstName, userId, password); MailMessage myMessage = new MailMessage(); myMessage.Body = message; //myMessage.From = new MailAddress(EmailBox.Text, UsernameBox.Text); //Unneccesary, set at web.config myMessage.To.Add(new MailAddress(EmailBox.Text.Trim())); SmtpClient mySender = new SmtpClient(); mySender.Send(myMessage); //uses config file settings to send message string updaterId = "", updateCode = "PWD_SND"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else if (Session["Admin"] != null) { updaterId = (string)Session["Admin"]; } else { updaterId = (string)Session["User"]; } List <string> values = new List <string>(); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add((string)Session["User"]); int status = DataConsumer.executeProcedure("audit_trail_proc", values); EmailLabel.CssClass = "success normal"; EmailLabel.Text = "Successful.<br/>Check your E-mail box for details."; } else { EmailLabel.CssClass = "error paraNormal"; if (EmailBox.Text.Length == 0) { EmailLabel.Text = "Please enter an email"; } else { EmailLabel.Text = "Email does not exist"; } } } catch (Exception ex) { EmailLabel.CssClass = "error paraNormal"; EmailLabel.Text = "Error: " + ex.Message; } }
protected void DeletePicButton_Click(object sender, EventArgs e) { string chkQuery = DataProvider.LoggedInPage.getPicAddress((string)Session["User"]); DataTable dt = HospitalClass.getDataTable(chkQuery); if (dt.Rows.Count > 0 && dt.Rows[0][0].ToString() != "~\\Images\\UploadProfilePicture.PNG") { chkQuery = "delete"; string updaterId = UpdaterId(); //delete picture from server if (dt.Rows.Count == 1) { System.IO.File.Delete(Server.MapPath(dt.Rows[0][0].ToString())); } //update information at the database List <string> values = new List <string>(); values.Add((string)Session["User"]); values.Add("~\\Images\\UploadProfilePicture.PNG"); values.Add(HospitalClass.getTransactionId()); values.Add("IMG_DEL"); values.Add(updaterId); values.Add(chkQuery); int status = DataConsumer.executeProcedure("image_upload", values); ProfilePic.ImageUrl = "~\\Images\\UploadProfilePicture.PNG"; UploadPicLabel.CssClass = "success"; UploadPicLabel.Text = "Deleted"; } else { UploadPicLabel.CssClass = "error"; UploadPicLabel.Text = "No picture exists"; } }
protected void LogOutLinkButton_Click(object sender, EventArgs e) { string updateCode = "", updaterId = "", userId = ""; //set update code if (Session["User"].ToString().StartsWith("SUP")) { updateCode = "SUP_LGO"; } else if (Session["User"].ToString().StartsWith("ADM")) { updateCode = "ADM_LGO"; } else if (Session["User"].ToString().StartsWith("DC")) { updateCode = "DOC_LGO"; } else if (Session["User"].ToString().StartsWith("ST")) { updateCode = "STF_LGO"; } else { updateCode = "PAT_LGO"; } //set updater id if (Session["SuperUser"] != null) { updaterId = Session["SuperUser"].ToString(); } else if (Session["Admin"] != null) { updaterId = Session["Admin"].ToString(); } else { updaterId = Session["User"].ToString(); } //set user id userId = Session["User"].ToString(); //dispose sessions Session["SuperUser"] = null; Session["Admin"] = null; Session["User"] = null; List <string> values = new List <string>(); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(userId); int status = DataConsumer.executeProcedure("audit_trail_proc", values); Response.Redirect("~/Login.aspx"); }
protected void DeleteButton_Click(object sender, EventArgs e) { try { addDelDiv.Visible = false; if (ListView1.SelectedIndex >= 0) { string deptName = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text; if (((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptWardsLabel")).Text == "0") { string updaterId = "", updateCode = "DEPT_DEL"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(""); values.Add(deptName); values.Add(""); values.Add(""); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add("delete"); int status = DataConsumer.executeProcedure("dept_proc", values); StatusLabel.CssClass = "success normal"; StatusLabel.Text = "Successful department deletion.<br>Department Id: " + ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptIdLabel")).Text + "<br/>Department Name: " + deptName + "."; SortButton_Click(new object(), new EventArgs()); } else { StatusLabel.CssClass = "error normal"; StatusLabel.Text = "This department is already linked to ward(s).<br/>Disconnect/Unrelate before deleting."; } } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "No item selected for deletion"; } ListView1.SelectedIndex = -1; } catch (Exception ex) { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void DivAddButton_Click(object sender, EventArgs e) { if (DivOrganList.SelectedIndex != 0 && DivDescBox.Text.Length > 2 && DivStatusList.SelectedIndex != 0 && DivUserIdBox.Text.StartsWith("PAT")) { string updaterId = "", updateCode = "DISB_ADD"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(DivOrganList.SelectedItem.Text); values.Add(DivDescBox.Text); values.Add(DivStatusList.SelectedItem.Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(DivUserIdBox.Text); values.Add("insert"); int status = DataConsumer.executeProcedure("pat_disab_proc", values); DivStatusLabel.CssClass = "success normal"; DivStatusLabel.Text = "Successfully added.<br/>Patient Id: " + DivUserIdBox.Text + ". <br/>Affected Organ: " + DivOrganList.SelectedItem.Text; StatusLabel.CssClass = "success paraNormal"; StatusLabel.Text = "Done"; BindListView(); BindSearchListView(); } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "User input error below"; DivStatusLabel.CssClass = "error paraNormal"; if (!DivUserIdBox.Text.StartsWith("PAT")) { DivStatusLabel.Text = "This user is not a patient. Please login using patient id"; } else if (DivOrganList.SelectedIndex == 0) { DivStatusLabel.Text = "Please select an organ"; } else if (DivDescBox.Text.Length <= 2) { DivStatusLabel.Text = "Please enter a valid description"; } else { DivStatusLabel.Text = "Please select a status"; } } ListView1.SelectedIndex = -1; }
protected void DeleteButton_Click(object sender, EventArgs e) { if (ListView1.SelectedIndex >= 0) { string updaterId = "", updateCode = ""; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } if (RoleList.SelectedIndex == 0) { updateCode = "DOC_WKDL"; } else { updateCode = "STF_WKDL"; } List <string> values = new List <string>(); values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkPlaceLabel")).Text); values.Add(""); values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("PositionLabel")).Text); values.Add(""); values.Add(""); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("UserIdLabel")).Text); if (RoleList.SelectedIndex == 0) { values.Add("doc delete"); } else { values.Add("stf delete"); } int status = DataConsumer.executeProcedure("docstf_wk_proc", values); StatusLabel.CssClass = "success paraNormal"; StatusLabel.Text = "Successfully deleted"; BindListView(); BindSearchListView(); } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "No item selected for deletion"; } ListView1.SelectedIndex = -1; }
protected void ChangeButton_Click(object sender, EventArgs e) { try { string checkPassword = DataProvider.ChangePassword.getPassword(Session["User"].ToString()); //get the former password and check DataTable dt = HospitalClass.getDataTable(checkPassword); if (dt.Rows[0][0].ToString() == HospitalClass.Encrypt(OldPasswordBox.Text) && OldPasswordBox.Text != NewPasswordBox.Text) { string updaterId = "", updateCode = "PWD_CHG"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else if (Session["Admin"] != null) { updaterId = (string)Session["Admin"]; } else { updaterId = (string)Session["User"]; } List <string> values = new List <string>(); values.Add(HospitalClass.Encrypt(NewPasswordBox.Text)); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add((string)Session["User"]); int status = DataConsumer.executeProcedure("pwd_change", values); UserStatusLabel.CssClass = "success paraNormal"; UserStatusLabel.Text = "Password was successfully changed"; } else { UserStatusLabel.CssClass = "error normal"; if (OldPasswordBox.Text == NewPasswordBox.Text) { UserStatusLabel.Text = "Same password entered"; } else { UserStatusLabel.Text = "Wrong password entered.<br/>Meet the system administrator for assistance"; } } } catch (Exception ex) { UserStatusLabel.CssClass = "error paraNormal"; UserStatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void getPasswordButton_Click(object sender, EventArgs e) { try { string getPassword = DataProvider.ChangePassword.getPassword(UserIdBox.Text.Trim().ToUpper()); //get the user's password DataTable dt = HospitalClass.getDataTable(getPassword); if (UserIdBox.Text.Trim().Length == 6 || UserIdBox.Text.Trim().Length == 11 && dt.Rows.Count > 0) //unnecessary due to access restrictions { string updaterId = "", updateCode = "PWD_GET"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(UserIdBox.Text.Trim().ToUpper()); int status = DataConsumer.executeProcedure("audit_trail_proc", values); PasswordStatusLabel.CssClass = "success paraNormal"; PasswordStatusLabel.Text = "Your password is: " + HospitalClass.Decrypt(dt.Rows[0][0].ToString()); //display password } else { PasswordStatusLabel.CssClass = "error paraNormal"; if (dt.Rows.Count == 0) { PasswordStatusLabel.Text = UserIdBox.Text.Trim().ToUpper() + " is not a user on this system"; } else if (UserIdBox.Text.Length == 0) { PasswordStatusLabel.Text = "User Id cannot be empty"; } else { PasswordStatusLabel.Text = UserIdBox.Text.Trim().ToUpper() + " is not a valid id"; } } } catch (Exception ex) { UserStatusLabel.CssClass = "error paraNormal"; UserStatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void SubmitButton_Click(object sender, EventArgs e) { string checkTopicExist = DataProvider.AddInformationPage.checkTopic(TopicBox.Text.Trim()); DataTable dt = HospitalClass.getDataTable(checkTopicExist); if ((UserIdBox.Text.Length >= 3 && UserIdBox.Text.Length <= 32) && (TopicBox.Text.Trim().Length >= 2 && TopicBox.Text.Length <= 32) && (InfoBox.Text.Length >= 4 && InfoBox.Text.Length <= 256) && RecipientList.SelectedIndex != 0 && dt.Rows.Count == 0) { List <string> values = new List <string>(); values.Add(InfoBox.Text); values.Add(RecipientList.SelectedItem.Value); values.Add(HospitalClass.PascalCasing(TopicBox.Text.Trim())); values.Add(HospitalClass.getTransactionId()); values.Add("INFO_ADD"); values.Add(UpdaterId()); values.Add(UserIdBox.Text); values.Add(""); values.Add("insert"); int status = DataConsumer.executeProcedure("info_proc", values); StatusLabel.CssClass = "success"; StatusLabel.Text = "Successful.<br/>Updater: " + UpdaterId() + "."; } else { StatusLabel.CssClass = "error"; if (dt.Rows.Count != 0) { StatusLabel.Text = "This topic already exists. Choose another topic name"; } else if (RecipientList.SelectedIndex == 0) { StatusLabel.Text = "Please select a recipient classification"; } else if (!(UserIdBox.Text.Length >= 3 && UserIdBox.Text.Length <= 32)) { StatusLabel.Text = "Please enter a valid user Id.<br/>Between 6 and 32 characters"; } else if ((TopicBox.Text.Length >= 2 && TopicBox.Text.Length <= 32)) { StatusLabel.Text = "Please enter a valid topic.<br/>Between 2 and 32 characters"; } else { StatusLabel.Text = "Please enter valid information.<br/>Between 4 and 256 characters"; } } }
protected void RelateButton_Click(object sender, EventArgs e) { string updaterId = "", updateCode = "DEPT_WRD"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); for (int i = 0; i < ListView1.Items.Count; i++) { values.Add(DeptNameLabel.Text); values.Add(((Label)ListView1.Items[i].FindControl("WardNameLabel")).Text); values.Add(""); values.Add(""); values.Add(""); values.Add("add"); int status = DataConsumer.executeProcedure("dept_ward_rel", values); values.Clear(); } values.Add(DeptNameLabel.Text); values.Add(""); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add("final"); int statusFinal = DataConsumer.executeProcedure("dept_ward_rel", values); StatusLabel.CssClass = "success"; StatusLabel.Text = "Successful relationship.<br/>Department Name: " + DeptNameLabel.Text + "<br/>Ward added: " + ListView1.Items.Count.ToString() + "."; clearWardTemp(); DeptNameLabel.Text = ""; noDeptSelected(); populateDeptList(); }
protected void DiscOneButton_Click(object sender, EventArgs e) { if (ListView1.SelectedIndex >= 0) { string updaterId = "", updateCode = "DISC_DW1"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(DeptNameLabel.Text); values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardNameLabel")).Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add("one"); int status = DataConsumer.executeProcedure("dept_ward_disc", values); StatusLabel.CssClass = "success"; StatusLabel.Text = "Successful removal.<br/>Disconnected ward name: " + ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardNameLabel")).Text; BindListView(); if (ListView1.Items.Count <= 0) { CancelButton_Click(new object(), new EventArgs()); } } else { StatusLabel.CssClass = "error paraNormal"; if (ListView1.SelectedIndex < 0) { StatusLabel.Text = "No item selected for disconnection/unrelation"; } } ListView1.SelectedIndex = -1; }
protected void DeleteButton_Click(object sender, EventArgs e) { if (ListView1.SelectedIndex >= 0) { string topic = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text; List <string> values = new List <string>(); values.Add(topic); values.Add(HospitalClass.getTransactionId()); values.Add("INFO_DEL"); values.Add(UpdaterId()); int status = DataConsumer.executeProcedure("info_del_proc", values); TopicDelLabel.CssClass = "success"; TopicDelLabel.Text = "Topic Deleted: " + topic; SortButton_Click(new object(), new EventArgs()); } else { TopicDelLabel.CssClass = "error paraNormal"; TopicDelLabel.Text = "No item selected for deletion"; } }
protected void SearchDeleteButton_Click(object sender, EventArgs e) { if (SearchListView.SelectedIndex >= 0) { string updaterId = "", updateCode = "DISB_DEL"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(""); values.Add(((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchDescLabel")).Text); values.Add(((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchOrganLabel")).Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(SearchUserIdLabel.Text); values.Add("delete"); int status = DataConsumer.executeProcedure("pat_disab_proc", values); BindSearchListView(); BindListView(); SearchStatusLabel.CssClass = "success normal"; SearchStatusLabel.Text = "Successfully deleted"; } else { SearchStatusLabel.CssClass = "error normal"; SearchStatusLabel.Text = "No item selected for deletion"; } SearchListView.SelectedIndex = -1; }
protected void ModifyDivButton_Click(object sender, EventArgs e) { string createId = "", workPlace = ""; string dateRegex = @"^(?:0[1-9]|[12]\d|3[01])([\/.-])(?:0[1-9]|1[012])\1(?:19|20)\d\d$"; bool check = true; if (HoldLabel.Text == "Search") { check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("WorkPlaceLabel")).Text == DivWorkPlaceBox.Text; check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("WorkTypeLabel")).Text == DivWorkTypeBox.Text; check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("PositionLabel")).Text == DivPositionBox.Text; check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("DateStartLabel")).Text == DivStartDateBox.Text; check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("DateEndLabel")).Text == DivEndDateBox.Text; createId = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("IdLabel")).Text; workPlace = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("WorkPlaceLabel")).Text; } else { check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkPlaceLabel")).Text == DivWorkPlaceBox.Text; check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkTypeLabel")).Text == DivWorkTypeBox.Text; check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("PositionLabel")).Text == DivPositionBox.Text; check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DateStartLabel")).Text == DivStartDateBox.Text; check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DateEndLabel")).Text == DivEndDateBox.Text; createId = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("IdLabel")).Text; workPlace = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WorkPlaceLabel")).Text; } if (!check && Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex) && Regex.IsMatch(DivEndDateBox.Text.Trim(), dateRegex)) { string updaterId = "", updateCode = ""; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } if (RoleList.SelectedIndex == 0) { updateCode = "DOC_WKUD"; } else { updateCode = "STF_WKUD"; } List <string> values = new List <string>(); values.Add(DivWorkPlaceBox.Text); values.Add(DivWorkTypeBox.Text); values.Add(DivPositionBox.Text); values.Add(DivStartDateBox.Text); values.Add(DivEndDateBox.Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(createId); if (RoleList.SelectedIndex == 0) { values.Add("doc update"); } else { values.Add("stf update"); } int status = DataConsumer.executeProcedure("docstf_wk_proc", values); addDelDiv.Visible = false; ListView1.SelectedIndex = -1; SearchListView.SelectedIndex = -1; StatusLabel.CssClass = "success normal"; StatusLabel.Text = "Successful update.<br/>User Id: " + DivUserIdBox.Text + "<br/>Work place: " + workPlace; BindListView(); BindSearchListView(); } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "User input error below"; string form = "(Format: 25/12/2000 or 25-12-2000)."; DivStatusLabel.CssClass = "error paraNormal"; if (check) { DivStatusLabel.Text = "No changes made"; } else if (!Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex)) { DivStatusLabel.Text = "Invalid start date. " + form; } else { DivStatusLabel.Text = "Invalid end date. " + form; } } }
protected void UploadPicButton_Click(object sender, EventArgs e) { try { if (FileUpload1.HasFile && (FileUpload1.FileName.ToLower().EndsWith(".gif") || FileUpload1.FileName.ToLower().EndsWith(".jpg") || FileUpload1.FileName.ToLower().EndsWith(".bmp") || FileUpload1.FileName.ToLower().EndsWith(".png")) && FileUpload1.PostedFile.ContentLength <= 1048576) { string path = @"~\Uploads\"; string savedPath = Server.MapPath(path) + FileUpload1.FileName; //better for saving into IIS FileUpload1.SaveAs(savedPath); ////To test image dimensions //System.Drawing.Image i = System.Drawing.Image.FromFile(savedPath); //if (i.PhysicalDimension.Height != 200 || i.PhysicalDimension.Width != 200) //{ // FileUpload1.Dispose(); // i.Dispose(); // File.Delete(savedPath); // throw new Exception("Incompatible dimensions. <br>Image must be 200px by 200px!"); //} string chkQuery = DataProvider.LoggedInPage.getPictureAvailability((string)Session["User"]); DataTable dt = HospitalClass.getDataTable(chkQuery); string updateCode = ""; if (dt.Rows.Count > 0) { chkQuery = "update"; updateCode = "IMG_UPD"; } else { chkQuery = "insert"; updateCode = "IMG_UPL"; } string updaterId = UpdaterId(); List <string> values = new List <string>(); values.Add((string)Session["User"]); values.Add(path + FileUpload1.FileName); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(chkQuery); int status = DataConsumer.executeProcedure("image_upload", values); string insertPicData = "update tobehospital.images set img=:image where user_id='" + (string)Session["User"] + "'"; status = DataConsumer.sendPictureToDatabase(insertPicData, FileUpload1.FileBytes); ProfilePic.ImageUrl = path + FileUpload1.FileName; UploadPicLabel.CssClass = "success"; UploadPicLabel.Text = "Done"; } else { UploadPicLabel.CssClass = "error"; if (!FileUpload1.HasFile) { UploadPicLabel.Text = "Choose a picture"; } else if (FileUpload1.PostedFile.ContentLength > 1048576) { UploadPicLabel.Text = "Too Large"; } else { UploadPicLabel.Text = "Wrong Format"; } } } catch (Exception ex) { UploadPicLabel.CssClass = "error"; UploadPicLabel.Text = "Error" + ex.Message; HospitalClass.Log(ex); } }
protected void DeleteButton_Click(object sender, EventArgs e) { try { addDelDiv.Visible = false; if (ListView1.SelectedIndex >= 0) { string wardName = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardNameLabel")).Text; string wardNoQuery = DataProvider.Wards.roomDeptAvail(wardName); //check for room linkage DataTable dt = HospitalClass.getDataTable(wardNoQuery); if (dt.Rows[0][0].ToString() == "0" && ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardDeptLabel")).Text == "None") { string updaterId = "", updateCode = "WARD_DEL"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(""); values.Add(wardName); values.Add(""); values.Add(""); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add("delete"); int status = DataConsumer.executeProcedure("ward_proc", values); StatusLabel.CssClass = "success normal"; StatusLabel.Text = "Successful ward deletion.<br>Ward ID: " + ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("WardIdLabel")).Text + "<br/>Ward Name: " + wardName + "."; ListView1.SelectedIndex = -1; SortButton_Click(new object(), new EventArgs()); } else { StatusLabel.CssClass = "error normal"; if (dt.Rows[0][0].ToString() != "0") { StatusLabel.Text = "This ward is already linked to room(s).<br/>Disconnect/Unrelate before deleting."; } else { StatusLabel.Text = "This ward is linked to a parent department.<br/>Disconnect/Unrelate before deleting"; } } } else { StatusLabel.CssClass = "error paraNormal"; if (ListView1.SelectedIndex < 0) { StatusLabel.Text = "No item selected for deletion"; } } } catch (Exception ex) { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void DivModifyButton_Click(object sender, EventArgs e) { try { addDelDiv.Visible = true; //check for changes bool check = DivNameBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text.ToUpper(); check = check && DivIdBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptIdLabel")).Text.ToUpper(); check = check && DivDescBox.Text == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptDescLabel")).Text; //check for existence string checkDeptIdName = DataProvider.Departments.deptIdName(DivIdBox.Text.Trim().ToUpper(), HospitalClass.PascalCasing(DivNameBox.Text.Trim())); DataTable dt = HospitalClass.getDataTable(checkDeptIdName); //check fo acceptance of change bool check2 = DivNameBox.Text.ToUpper() != ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text.ToUpper(); check2 = check2 && DivIdBox.Text.ToUpper() != ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptIdLabel")).Text.ToUpper(); if (DivNameBox.Text.Trim().Length >= 2 && DivDescBox.Text.Length >= 3 && DivIdBox.Text.Trim().Length >= 1 && !check && ((check2 && dt.Rows.Count == 0) || (!check2 && dt.Rows.Count == 1))) { string updaterId = "", updateCode = "DEPT_UPD"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(DivIdBox.Text.Trim().ToUpper()); values.Add(HospitalClass.PascalCasing(DivNameBox.Text.Trim())); values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DeptNameLabel")).Text); values.Add(DivDescBox.Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add("update"); int status = DataConsumer.executeProcedure("dept_proc", values); StatusLabel.CssClass = "success normal"; StatusLabel.Text = "Successful ward modification.<br/>Department ID: " + DivIdBox.Text.Trim().ToUpper() + "<br/>Department Name:" + HospitalClass.PascalCasing(DivNameBox.Text.Trim()) + "."; addDelDiv.Visible = false; SortButton_Click(new object(), new EventArgs()); ListView1.SelectedIndex = -1; } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "User input error below"; DivStatusLabel.CssClass = "error normal"; if (DivNameBox.Text.Trim().Length < 2) { DivStatusLabel.Text = "Enter a valid department name"; } else if (DivDescBox.Text.Length < 3) { DivStatusLabel.Text = "Enter a valid department description"; } else if (DivIdBox.Text.Trim().Length < 1) { DivStatusLabel.Text = "Enter a department ID"; } else if (check) { DivStatusLabel.Text = "No change made"; } else { DivStatusLabel.Text = "Department ID/name already exists for another department"; } } } catch (Exception ex) { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void DivAddButton_Click(object sender, EventArgs e) { try { addDelDiv.Visible = true; if (DivNameBox.Text.Trim().Length >= 2 && DivDescBox.Text.Length >= 3 && DivIdBox.Text.Trim().Length >= 1) { //check for existence string checkDeptIdName = DataProvider.Departments.deptIdName(DivIdBox.Text.Trim().ToUpper(), HospitalClass.PascalCasing(DivNameBox.Text.Trim())); DataTable dt = HospitalClass.getDataTable(checkDeptIdName); if (dt.Rows.Count == 0) { string updaterId = "", updateCode = "DEPT_ADD"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(DivIdBox.Text.Trim().ToUpper()); values.Add(HospitalClass.PascalCasing(DivNameBox.Text.Trim())); values.Add(""); values.Add(DivDescBox.Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add("insert"); int status = DataConsumer.executeProcedure("dept_proc", values); DivStatusLabel.CssClass = "success normal"; DivStatusLabel.Text = "Successful ward addition. <br/>Department ID: " + DivIdBox.Text.Trim().ToUpper() + "<br/>Department Name:" + HospitalClass.PascalCasing(DivNameBox.Text.Trim()) + "."; StatusLabel.CssClass = "success paraNormal"; StatusLabel.Text = "Done"; SortButton_Click(new object(), new EventArgs()); } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "User input error below"; DivStatusLabel.CssClass = "error normal"; if (dt.Rows[0][0].ToString() == DivIdBox.Text.Trim().ToUpper()) { DivStatusLabel.Text = "Department ID already exists"; } else { DivStatusLabel.Text = "Department name already exists"; } } } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "User input error below"; DivStatusLabel.CssClass = "error normal"; if (DivIdBox.Text.Trim().Length < 1) { DivStatusLabel.Text = "Enter a valid department id"; } else if (DivNameBox.Text.Length < 2) { DivStatusLabel.Text = "Enter a valid department name"; } else { DivStatusLabel.Text = "Enter a valid department description"; } } ListView1.SelectedIndex = -1; } catch (Exception ex) { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void ValidateButton_Click(object sender, EventArgs e) { try { //check if the user id is within the necessary bounds string lastIdQuery = DataProvider.RegAdminSup.LastIdQuery(UserIdBox.Text.Trim().Substring(0, 3)); DataTable lastDt = HospitalClass.getDataTable(lastIdQuery); string lastPossibleId = getNewSuperuserAdminId(lastDt); if (GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 && TypeList.SelectedIndex != 0 && GroupList.SelectedIndex != 0 && PriList.SelectedIndex != 0 && SecList.SelectedIndex != 0 && UniList.SelectedIndex != 0 && int.Parse(lastPossibleId.Substring(3, 3)) >= int.Parse(UserIdBox.Text.Trim().Substring(3, 3))) { string userId = UserIdBox.Text; string updaterId = (string)Session["SuperUser"]; string updateCode = ""; string operation = ""; bool execute = true; if (int.Parse(lastPossibleId.Substring(3, 3)) == int.Parse(UserIdBox.Text.Trim().Substring(3, 3))) { operation = "insert"; if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP")) { updateCode = "SUP_REG"; } else { updateCode = "ADM_REG"; } string existQuery = DataProvider.RegAdminSup.ExistQuery(EmailBox.Text.ToUpper().Trim()); DataTable emailDt = HospitalClass.getDataTable(existQuery); if (emailDt.Rows.Count > 0) { execute = false; StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "This email address is already registered"; } } else { operation = "update"; if (UserIdBox.Text.ToUpper().Trim().StartsWith("SUP")) { updateCode = "SUP_UPD"; } else { updateCode = "ADM_UPD"; } if (UserIdBox.Text.StartsWith("SUP") && UserIdBox.Text != Session["SuperUser"].ToString()) { execute = false; StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "You cannot update this user's information"; } } if (execute) { List <string> values = new List <string>(); values.Add(GroupList.SelectedItem.Text); //1 values.Add(TypeList.SelectedItem.Text); values.Add(CountryOriBox.Text); values.Add(CountryResBox.Text); values.Add(DobBox.Text); values.Add(EmailBox.Text.Trim()); //6 values.Add(FirstNameBox.Text.Trim()); values.Add(GenderList.SelectedItem.Text); values.Add(HomeAdrBox.Text); values.Add(IdNoBox.Text); values.Add(IdTypeList.SelectedItem.Text); //11 values.Add(LastNameBox.Text); values.Add(LocalOriBox.Text); values.Add(LocalResBox.Text); values.Add(MaritalList.SelectedItem.Text); values.Add(NextAdrBox.Text); //16 values.Add(NextEmailBox.Text); values.Add(NextNameBox.Text); values.Add(NextRelBox.Text); values.Add(NextPhoneBox.Text); values.Add(OtherNameBox.Text); //21 values.Add(PhoneBox.Text); values.Add(SchoolIdBox.Text); values.Add(StateOriBox.Text); values.Add(StateResBox.Text); values.Add(OtherInfoBox.Text); //26 values.Add(PriBox.Text); values.Add(PriList.SelectedItem.Text); values.Add(SecBox.Text); values.Add(SecList.SelectedItem.Text); values.Add(UniBox.Text); //31 values.Add(UniList.SelectedItem.Text); values.Add(OtherBox1.Text); values.Add(OtherCert1.Text); values.Add(OtherBox2.Text); values.Add(OtherCert2.Text); //36 values.Add(RefNameBox1.Text); values.Add(RefRelBox1.Text); values.Add(RefPhoneBox1.Text); values.Add(RefEmailBox1.Text); values.Add(RefAdrBox1.Text); //41 values.Add(RefNameBox2.Text); values.Add(RefRelBox2.Text); values.Add(RefPhoneBox2.Text); values.Add(RefEmailBox2.Text); values.Add(RefAdrBox2.Text); //46 values.Add(updateCode); values.Add(updaterId); values.Add(userId.ToUpper().Trim()); values.Add(HospitalClass.Encrypt(PasswordBox.Text)); values.Add(HospitalClass.getTransactionId()); values.Add(operation); //52 int status = DataConsumer.executeProcedure("superuser_admin_val", values); Session["FirstName"] = FirstNameBox.Text; StatusLabel.Text = "Operation Successful.<br/>Performer: " + updaterId + ".<br/>Operation: " + operation; StatusLabel.CssClass = "success paraNormal"; } } else { StatusLabel.CssClass = "error paraNormal"; if (int.Parse(lastPossibleId.Substring(3, 3)) < int.Parse(UserIdBox.Text.Trim().Substring(3, 3))) { StatusLabel.Text = "Invalid User Id. Perform a new registration"; } else if (GenderList.SelectedIndex == 0) { StatusLabel.Text = "Please select your gender"; } else if (MaritalList.SelectedIndex == 0) { StatusLabel.Text = "Please select your marital status"; } else if (IdTypeList.SelectedIndex == 0) { StatusLabel.Text = "Please select your Identificaton type"; } else if (TypeList.SelectedIndex == 0) { StatusLabel.Text = "Please select your blood type"; } else if (GroupList.SelectedIndex == 0) { StatusLabel.Text = "Please select your blood group"; } else if (PriList.SelectedIndex == 0) { StatusLabel.Text = "Please select your primary school certificate. (Select none if unavailable)"; } else if (SecList.SelectedIndex == 0) { StatusLabel.Text = "Please select your secondary school certificate. (Select none if unavailable)"; } else { StatusLabel.Text = "Please select your university certificate grade. (Select none if unavailable)"; } } } catch (Exception ex) { StatusLabel.CssClass = "error normal"; StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void ExecuteButton_Click(object sender, EventArgs e) { try { TableDiv.Visible = false; //visisbility depends on operation if (QueryBox.Text.Trim().Length > 6) { StatusLabel.CssClass = "success"; string query = QueryBox.Text.Trim().Substring(0, 6).ToUpper(); string updatecode = query; if (query == "SELECT") { DataTable dt = HospitalClass.getDataTable(QueryBox.Text.Trim()); TableLabel.Text = HospitalClass.drawDataTableInHtml(dt, 1036); //draw the data table on a label control as html TableDiv.Visible = true; StatusLabel.CssClass = "success paraNormal"; StatusLabel.Text = "Successful."; } else { int status = DataConsumer.executeQuery(QueryBox.Text.Trim()); StatusLabel.Text = "Successful.<br/>Rows affected: " + status + "Rows."; if (System.Text.RegularExpressions.Regex.IsMatch(query, "(^(DROP)|(TRUNC)|(DELETE))")) { updatecode = "DELETE"; } if (!(query == "CREATE" || query == "INSERT" || query == "UPDATE" || System.Text.RegularExpressions.Regex.IsMatch(query, "(^(DROP)|(TRUNC)|(DELETE))"))) { updatecode = "OTHER"; } } TransBox.Text = HospitalClass.getTransactionId(); if (UpdCodeOverrideBox.Text.Trim().Length == 0) { UpdateCodeBox.Text = "A_" + updatecode; } else { UpdateCodeBox.Text = UpdCodeOverrideBox.Text; } UpdaterBox.Text = Session["SuperUser"].ToString(); UserIdBox.Text = Session["User"].ToString(); DateUpdBox.Text = DateTime.Now.ToShortDateString() + ", " + DateTime.Now.ToLongTimeString(); if (AuditCheckBox.Checked) { List <string> values = new List <string>(); values.Add(TransBox.Text); values.Add(UpdateCodeBox.Text); values.Add(UpdaterBox.Text); values.Add(UserIdBox.Text); int status = DataConsumer.executeProcedure("audit_trail_proc", values); AuditLabel.CssClass = "success"; AuditLabel.Text = "ADDED"; } else { AuditLabel.ForeColor = System.Drawing.Color.Brown; AuditLabel.Text = "NOT ADDED"; } } else { StatusLabel.CssClass = "error"; StatusLabel.Text = "Invalid query"; } } catch (Exception ex) { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "Error: " + ex.Message; if (ex.GetType().ToString() != "System.Data.OracleClient.OracleException") { HospitalClass.Log(ex); } } }
protected void ValidateButton_Click(object sender, EventArgs e) { try { bool verify = true; if (Session["User"].ToString().StartsWith("PAT")) { verify = GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 && TypeList.SelectedIndex != 0 && GroupList.SelectedIndex != 0; } else { verify = GenderList.SelectedIndex != 0 && MaritalList.SelectedIndex != 0 && IdTypeList.SelectedIndex != 0 && TypeList.SelectedIndex != 0 && GroupList.SelectedIndex != 0 && PriList.SelectedIndex != 0 && SecList.SelectedIndex != 0 && UniList.SelectedIndex != 0; } if (verify) { //submit values after verification string userId = UserIdBox.Text; string updaterId = ""; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } string updateCode = ""; if (Session["User"].ToString().StartsWith("PAT")) { updateCode = "PAT_UPD"; } else if (Session["User"].ToString().StartsWith("DC")) { updateCode = "DOC_UPD"; } else { updateCode = "STF_UPD"; } List <string> values = new List <string>(); values.Add(GroupList.SelectedItem.Text); //1 values.Add(TypeList.SelectedItem.Text); values.Add(CountryOriBox.Text); values.Add(CountryResBox.Text); values.Add(DobBox.Text); values.Add(EmailBox.Text); //6 values.Add(FirstNameBox.Text); values.Add(GenderList.SelectedItem.Text); values.Add(HomeAdrBox.Text); values.Add(IdNoBox.Text); values.Add(IdTypeList.SelectedItem.Text); //11 values.Add(LastNameBox.Text); values.Add(LocalOriBox.Text); values.Add(LocalResBox.Text); values.Add(MaritalList.SelectedItem.Text); values.Add(NextAdrBox.Text); //16 values.Add(NextEmailBox.Text); values.Add(NextNameBox.Text); values.Add(NextRelBox.Text); values.Add(NextPhoneBox.Text); values.Add(OtherNameBox.Text); //21 values.Add(PhoneBox.Text); values.Add(SchoolIdBox.Text); values.Add(StateOriBox.Text); values.Add(StateResBox.Text); values.Add(OtherInfoBox.Text); //26 values.Add(PriBox.Text); values.Add(PriList.SelectedItem.Text); values.Add(SecBox.Text); values.Add(SecList.SelectedItem.Text); values.Add(UniBox.Text); //31 values.Add(UniList.SelectedItem.Text); values.Add(OtherBox1.Text); values.Add(OtherCert1.Text); values.Add(OtherBox2.Text); values.Add(OtherCert2.Text); //36 values.Add(RefNameBox1.Text); values.Add(RefRelBox1.Text); values.Add(RefPhoneBox1.Text); values.Add(RefEmailBox1.Text); values.Add(RefAdrBox1.Text); //41 values.Add(RefNameBox2.Text); values.Add(RefRelBox2.Text); values.Add(RefPhoneBox2.Text); values.Add(RefEmailBox2.Text); values.Add(RefAdrBox2.Text); //46 values.Add(updateCode); values.Add(updaterId); values.Add(userId); values.Add(HospitalClass.getTransactionId()); //50 int status = DataConsumer.executeProcedure("user_val", values); Session["FirstName"] = FirstNameBox.Text; Session["RegStatus"] = "Validated"; StatusLabel.Text = "Update Successful.<br/>Performer: " + updaterId; StatusLabel.CssClass = "success paraNormal"; } else { StatusLabel.CssClass = "error paraNormal"; if (GenderList.SelectedIndex == 0) { StatusLabel.Text = "Please select your gender"; } else if (MaritalList.SelectedIndex == 0) { StatusLabel.Text = "Please select your marital status"; } else if (IdTypeList.SelectedIndex == 0) { StatusLabel.Text = "Please select your Identificaton type"; } else if (TypeList.SelectedIndex == 0) { StatusLabel.Text = "Please select your blood type"; } else if (GroupList.SelectedIndex == 0) { StatusLabel.Text = "Please select your blood group"; } else if (PriList.SelectedIndex == 0) { StatusLabel.Text = "Please select your primary school certificate. (Select none if unavailable)"; } else if (SecList.SelectedIndex == 0) { StatusLabel.Text = "Please select your secondary school certificate. (Select none if unavailable)"; } else if (UniList.SelectedIndex == 0) { StatusLabel.Text = "Please select your university certificate grade. (Select none if unavailable)"; } else { StatusLabel.Text = "Fill all relevalt information"; //will not occur } } } catch (Exception ex) { StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void SubmitButton_Click(object sender, EventArgs e) { try { StatusDiv.Visible = true; StatusLabel.Visible = true; bool buttonChk; if (DocRadioButton.Checked) { buttonChk = DocRoleList.SelectedIndex != 0; } else if (StfRadioButton.Checked) { buttonChk = StfRoleList.SelectedIndex != 0; } else { buttonChk = true; } string existQuery = DataProvider.RegistrationPage.ExistQuery(EmailBox.Text.ToUpper().Trim()); DataTable dt = HospitalClass.getDataTable(existQuery); bool checkName = HospitalClass.sqlProtect(FirstNameBox.Text); bool checkPassword = HospitalClass.sqlProtect(PasswordBox.Text); if (buttonChk && GenderList.SelectedIndex != 0 && dt.Rows.Count == 0 && checkName && checkPassword) //validate selection of drop down list values { if (DocRadioButton.Checked == true) { role = DocRoleList.SelectedItem.Value; updateCode = "DOC_REG"; } else if (StfRadioButton.Checked == true) { role = StfRoleList.SelectedItem.Value; updateCode = "STF_REG"; } else { role = "PAT"; updateCode = "PAT_REG";; } string month, year; if (DateTime.Now.Month < 10) { month = "0" + DateTime.Now.Month; } else { month = DateTime.Now.Month.ToString(); } year = (DateTime.Now.Year.ToString()).Remove(0, 2); string lastIdQuery = DataProvider.RegistrationPage.LastIdQuery(role.Remove(2)); DataTable lastDt = HospitalClass.getDataTable(lastIdQuery); if (lastDt.Rows.Count == 0) //first role user registration { if (PatientRadioButton.Checked || !CheckBoxDiv.Visible) { userId = role + month + year + "0001"; } else { userId = role + month + year + "001"; } } else //generate new id for patient, doctor or staff { string lastId = (string)lastDt.Rows[0][0]; string editId; if (PatientRadioButton.Checked || !CheckBoxDiv.Visible) { editId = lastId.Remove(0, lastId.Length - 4); } else { editId = lastId.Remove(0, lastId.Length - 3); } int newIdInt = int.Parse(editId) + 1; string newId; if (newIdInt < 10) { newId = editId.Remove(editId.Length - 1) + newIdInt.ToString(); } else if (newIdInt < 100) { newId = editId.Remove(editId.Length - 2) + newIdInt.ToString(); } else if (newIdInt < 1000) { newId = editId.Remove(editId.Length - 3) + newIdInt.ToString(); } else { newId = newIdInt.ToString(); } userId = role + month + year + newId; } if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else if (Session["Admin"] != null) { updaterId = (string)Session["Admin"]; } else { updaterId = userId; } List <string> values = new List <string>(); values.Add(EmailBox.Text.Trim()); values.Add(FirstNameBox.Text.Trim()); values.Add(GenderList.SelectedItem.Text); values.Add(LastnameBox.Text.Trim()); values.Add(OtherNameBox.Text.Trim()); values.Add(HospitalClass.Encrypt(PasswordBox.Text)); values.Add(PhoneBox.Text); values.Add(updateCode); values.Add(updaterId); values.Add(userId); values.Add(HospitalClass.getTransactionId()); int status = DataConsumer.executeProcedure("initial_reg", values); StatusLabel.CssClass = "success big"; StatusLabel.Text = "You have been successfully registered.<br/>Your ID is: " + userId + ".<br/>"; goToLogin.Visible = true; InfoDiv.Visible = false; RegLabel.Visible = false; CheckBoxDiv.Visible = false; } else { if (!checkName) { StatusLabel.Text = "Unsecure name entry. Please remove all ' and -- symbols"; } else if (!checkPassword) { StatusLabel.Text = "Unsecure password choice. Please remove all ' and -- symbols"; } else if (GenderList.SelectedIndex == 0) { StatusLabel.Text = "Please select your sex"; } else if (dt.Rows.Count > 0) { StatusLabel.Text = "This email address has already been registered"; } else { StatusLabel.Text = "Please choose a classification/role"; } } } catch (Exception ex) { StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void SubmitButton_Click(object sender, EventArgs e) { try { bool checkId = HospitalClass.sqlProtect(UserIdBox.Text); //security for user id input against sqlInjection bool checkPwd = HospitalClass.sqlProtect(PasswordBox.Text); //security for password input against sqlInjection if (UserIdBox.Text.Length != 0 && checkId && checkPwd) { string passwordQuery = DataProvider.LoginPage.PasswordQuery(UserIdBox.Text.ToUpper().Trim()); DataTable dt = HospitalClass.getDataTable(passwordQuery); if (dt.Rows.Count > 0) { string encryptPassword = HospitalClass.Encrypt(PasswordBox.Text); int checkPassword = 0; string userIdPass = ""; foreach (DataRow row in dt.Rows) { if (encryptPassword == row[0].ToString()) //check if password correlate { checkPassword = 1; userIdPass = row[1].ToString(); //check first name repetition } userId = row[1].ToString(); if (userIdPass.Length > 0) { userId = userIdPass; } } if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else if (Session["Admin"] != null) { updaterId = (string)Session["Admin"]; } else { updaterId = userId; } bool rights; if (userId.StartsWith("ADM") || userId.StartsWith("SUP")) { rights = false; } else { rights = true; } //for either a basic user or a privileged user if ((Session["SuperUser"] != null || Session["Admin"] != null || (checkPassword == 1 && rights)) || (!rights && checkPassword == 1)) { bool auditTrailValidator = false; string oldUser = ""; //to check the access of an administrator or a superuser if (Session["SuperUser"] != null) { oldUser = Session["SuperUser"].ToString(); } else if (Session["Admin"] != null) { oldUser = Session["Admin"].ToString(); } Session["User"] = userId; //using linq to datasets to query the datatable (to guard against two users with the same first name) Session["FirstName"] = (from FirstName in dt.AsEnumerable() where FirstName.Field <string>("USER_ID") == userId select FirstName.Field <string>("FIRST_NAME")).First().ToString(); Session["RegStatus"] = (from Status in dt.AsEnumerable() where Status.Field <string>("USER_ID") == userId select Status.Field <string>("STATUS")).First().ToString(); //login for users if ((Session["SuperUser"] != null || Session["Admin"] != null || checkPassword == 1) && rights) { if (userId.StartsWith("PAT")) { updateCode = "PAT_LGN"; } else if (userId.StartsWith("DC")) { updateCode = "DOC_LGN"; } else { updateCode = "STF_LGN"; }; Response.Redirect("~/LoggedInPage.aspx", false); auditTrailValidator = true; } //login for admin and superuser else if (!rights && checkPassword == 1) { if (userId.StartsWith("SUP")) { Session["SuperUser"] = userId; updateCode = "SUP_LGN"; } else { Session["Admin"] = userId; updateCode = "ADM_LGN"; } Response.Redirect("~/LoggedInPage.aspx", false); auditTrailValidator = true; } //extraneous login for superuser and administrator else { //to catch unauthorized access to another privileged user's account if ((Session["SuperUser"] != null && !userId.StartsWith("SUP")) || oldUser == userId) //for privileged user relogin { Session["User"] = userId; if (oldUser == userId) { Session["Info"] = "Welcome Back"; } if (userId.ToUpper().StartsWith("ADM")) { updateCode = "ADM_LGN"; } else { updateCode = "SUP_LGN"; } Response.Redirect("~/LoggedInPage.aspx", false); auditTrailValidator = true; } else { StatusLabel.Text = "You do not have access to this profile"; if (oldUser.StartsWith("SUP")) { Session["User"] = Session["SuperUser"].ToString(); } else { Session["User"] = Session["Admin"].ToString(); } auditTrailValidator = false; } } if (auditTrailValidator) { object[] values = new object[4]; values[0] = (HospitalClass.getTransactionId()); values[1] = (updateCode); values[2] = (updaterId); values[3] = (userId); int status = DataConsumer.executeProc("audit_trail_proc", values); } } else { if (PasswordBox.Text.Length == 0) { StatusLabel.Text = "Please enter your password"; } else { StatusLabel.Text = "Wrong user Id/password combination.<br/>Note: Password is case-sensitive."; } } } else { StatusLabel.Text = "You are not a user on our database. Please register."; } } else { if (UserIdBox.Text.Length == 0) { StatusLabel.Text = "Please enter your user id, first name or email address"; } else if (!checkId) { StatusLabel.Text = "Unsecure user Id"; } else { StatusLabel.Text = "Unsecure password"; } } } catch (Exception ex) { StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); //ex.Logger(); } }
protected void SubmitButton_Click(object sender, EventArgs e) { try { if (UnsubscribeCheckBox.Checked && ReasonBox.Text.Trim().Length > 3) { string updateCode = "", updaterId = ""; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } if (UserIdBox.Text.StartsWith("ST")) { updateCode = "UNSB_STF"; } else { updateCode = "UNSB_" + HospitalClass.getTableName(UserIdBox.Text.Substring(0, 2)).Substring(0, 3).ToUpper(); } //delete picture from iis server string picAddressQuery = DataProvider.Unsubscribe.getPicAddress(UserIdBox.Text); System.Data.DataTable dt = HospitalClass.getDataTable(picAddressQuery); if (dt.Rows.Count == 1) { System.IO.File.Delete(Server.MapPath(dt.Rows[0][0].ToString())); } //delete from database and update necessary tables List <string> values = new List <string>(); values.Add(ReasonBox.Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(UserIdBox.Text); values.Add(HospitalClass.getTableName(UserIdBox.Text.Substring(0, 2))); int status = DataConsumer.executeProcedure("unsb_proc", values); //return user privileges if (Session["SuperUser"] != null) { if (Session["SuperUser"].ToString() != Session["User"].ToString()) { Session["User"] = Session["SuperUser"].ToString(); } else { Session["SuperUser"] = null; Session["Admin"] = null; Session["User"] = null; Response.Redirect("~/Login.aspx"); } } else if (Session["Admin"] != null) { if (Session["Admin"].ToString() != Session["User"].ToString()) { Session["User"] = Session["Admin"].ToString(); } else { Session["SuperUser"] = null; Session["Admin"] = null; Session["User"] = null; Response.Redirect("~/Login.aspx"); } } SubmitButton.Visible = false; StatusLabel.CssClass = "success"; StatusLabel.Text = "Successful Unsubscription.<br>User Id: " + UserIdBox.Text; } else { StatusLabel.CssClass = "error"; if (!UnsubscribeCheckBox.Checked) { StatusLabel.Text = "Unsubscription was not enforced"; } else { StatusLabel.Text = "Please enter a valid reason"; } } } catch (Exception ex) { StatusLabel.CssClass = "error"; StatusLabel.Text = "Error: " + ex.Message; HospitalClass.Log(ex); } }
protected void DivAddButton_Click(object sender, EventArgs e) { string check = ""; if (RoleList.SelectedIndex == 0) { check = DataProvider.DoctorStaffHistory.checkExistDoc(DivUserIdBox.Text, DivWorkPlaceBox.Text.Trim(), DivPositionBox.Text.Trim()); } else { check = DataProvider.DoctorStaffHistory.checkExistStf(DivUserIdBox.Text, DivWorkPlaceBox.Text.Trim(), DivPositionBox.Text.Trim()); } System.Data.DataTable dt = HospitalClass.getDataTable(check); bool validateDoc = DivUserIdBox.Text.StartsWith("DC") && RoleList.SelectedIndex == 0; bool validateStf = DivUserIdBox.Text.StartsWith("ST") && RoleList.SelectedIndex == 1; string dateRegex = @"^(?:0[1-9]|[12]\d|3[01])([\/.-])(?:0[1-9]|1[012])\1(?:19|20)\d\d$"; if (DivWorkPlaceBox.Text.Trim().Length > 1 && DivWorkTypeBox.Text.Trim().Length > 1 && DivPositionBox.Text.Trim().Length > 1 && dt.Rows.Count == 0 && Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex) && Regex.IsMatch(DivEndDateBox.Text.Trim(), dateRegex) && (validateDoc || validateStf)) { string updaterId = "", updateCode = ""; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } if (RoleList.SelectedIndex == 0) { updateCode = "DOC_WKAD"; } else { updateCode = "STF_WKAD"; } List <string> values = new List <string>(); values.Add(DivWorkPlaceBox.Text.Trim()); values.Add(DivWorkTypeBox.Text.Trim()); values.Add(DivPositionBox.Text.Trim()); values.Add(DivStartDateBox.Text.Trim()); values.Add(DivEndDateBox.Text.Trim()); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(DivUserIdBox.Text); if (RoleList.SelectedIndex == 0) { values.Add("doc insert"); } else { values.Add("stf insert"); } int status = DataConsumer.executeProcedure("docstf_wk_proc", values); DivStatusLabel.CssClass = "success normal"; DivStatusLabel.Text = "Successfully added.<br>Work place: " + DivWorkPlaceBox.Text.Trim() + "."; StatusLabel.CssClass = "success paraNormal"; StatusLabel.Text = "Done"; BindListView(); BindSearchListView(); } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "User input error below"; string form = "(Format: 25/12/2000 or 25-12-2000)."; DivStatusLabel.CssClass = "error paraNormal"; if (!(validateDoc || validateStf)) { if (RoleList.SelectedIndex == 0) { DivStatusLabel.Text = "Invalid user. User must be a doctor"; } else { DivStatusLabel.Text = "Invalid user. User must be a staff"; } } else if (dt.Rows.Count > 0) { DivStatusLabel.Text = "This entry already exists"; } else if (DivWorkPlaceBox.Text.Trim().Length <= 1) { DivStatusLabel.Text = "Please enter a valid work place"; } else if (DivWorkTypeBox.Text.Trim().Length <= 1) { DivStatusLabel.Text = "Please enter a valid work type"; } else if (DivPositionBox.Text.Trim().Length <= 1) { DivStatusLabel.Text = "Please enter a valid position"; } else if (!Regex.IsMatch(DivStartDateBox.Text.Trim(), dateRegex)) { DivStatusLabel.Text = "Invalid start date. " + form; } else { DivStatusLabel.Text = "Invalid end date. " + form; } } ListView1.SelectedIndex = -1; }
protected void DivModifyButton_Click(object sender, EventArgs e) { addDelDiv.Visible = true; //check for changes bool check = DivTopicBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text.ToUpper(); check = check && DivIdBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("SenderLabel")).Text.ToUpper(); check = check && DivDescBox.Text == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("InformationLabel")).Text; check = check && RecipientList.SelectedItem.Text == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("RecipientLabel")).Text; //check for existence string checkTopic = DataProvider.DeleteInformationPage.checkTopic(HospitalClass.PascalCasing(DivTopicBox.Text.Trim())); DataTable dt = HospitalClass.getDataTable(checkTopic); //check for acceptance of change bool check2 = DivTopicBox.Text.ToUpper() == ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text.ToUpper(); if (DivTopicBox.Text.Trim().Length >= 2 && DivDescBox.Text.Length >= 3 && DivIdBox.Text.Trim().Length >= 1 && RecipientList.SelectedIndex != 0 && !check && ((!check2 && dt.Rows.Count == 0) || (check2 && dt.Rows.Count == 1))) { string updaterId = "", updateCode = "INFO_UPD"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(DivDescBox.Text); values.Add(RecipientList.SelectedItem.Value); values.Add(HospitalClass.PascalCasing(DivTopicBox.Text.Trim())); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(DivIdBox.Text); values.Add(((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("TopicLabel")).Text); values.Add("update"); int status = DataConsumer.executeProcedure("info_proc", values); TopicDelLabel.CssClass = "success normal"; TopicDelLabel.Text = "Successful information modification.<br/> Updater: " + updaterId; addDelDiv.Visible = false; SortButton_Click(new object(), new EventArgs()); ListView1.SelectedIndex = -1; } else { TopicDelLabel.CssClass = "error paraNormal"; TopicDelLabel.Text = "User input error below"; DivStatusLabel.CssClass = "error paraNormal"; if (DivIdBox.Text.Trim().Length < 1) { DivStatusLabel.Text = "Enter a valid ID"; } else if (DivTopicBox.Text.Trim().Length < 2) { DivStatusLabel.Text = "Enter a valid topic name"; } else if (DivDescBox.Text.Length < 3) { DivStatusLabel.Text = "Enter valid information"; } else if (RecipientList.SelectedIndex == 0) { DivStatusLabel.Text = "Please select a recipient"; } else if (check) { DivStatusLabel.Text = "No change made"; } else { DivStatusLabel.Text = "The topic already exists"; } } }
protected void ModifyDivButton_Click(object sender, EventArgs e) { string createId = "", organ = ""; bool check = true; if (HoldLabel.Text == "Search") { check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchOrganLabel")).Text == DivOrganList.SelectedItem.Text; check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchDescLabel")).Text == DivDescBox.Text; check &= ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchStatusLabel")).Text == DivStatusList.SelectedItem.Text; createId = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchIdLabel")).Text; organ = ((Label)SearchListView.Items[SearchListView.SelectedIndex].FindControl("SearchOrganLabel")).Text; } else { check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("OrganLabel")).Text == DivOrganList.SelectedItem.Text; check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("DescLabel")).Text == DivDescBox.Text; check &= ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("StatusLabel")).Text == DivStatusList.SelectedItem.Text; createId = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("IdLabel")).Text; organ = ((Label)ListView1.Items[ListView1.SelectedIndex].FindControl("OrganLabel")).Text; } if (!check && DivStatusList.SelectedIndex != 0) { string updaterId = "", updateCode = "DISB_UPD"; if (Session["SuperUser"] != null) { updaterId = (string)Session["SuperUser"]; } else { updaterId = (string)Session["Admin"]; } List <string> values = new List <string>(); values.Add(DivOrganList.SelectedItem.Text); values.Add(DivDescBox.Text); values.Add(DivStatusList.SelectedItem.Text); values.Add(HospitalClass.getTransactionId()); values.Add(updateCode); values.Add(updaterId); values.Add(createId); values.Add("update"); int status = DataConsumer.executeProcedure("pat_disab_proc", values); addDelDiv.Visible = false; ListView1.SelectedIndex = -1; SearchListView.SelectedIndex = -1; StatusLabel.CssClass = "success normal"; StatusLabel.Text = "Successful update.<br/>User Id: " + DivUserIdBox.Text + "<br/>Organ: " + organ; BindListView(); BindSearchListView(); } else { StatusLabel.CssClass = "error paraNormal"; StatusLabel.Text = "User input error below"; DivStatusLabel.CssClass = "error paraNormal"; if (check) { DivStatusLabel.Text = "No changes made"; } else { DivStatusLabel.Text = "Please select a treatment status"; } } }