protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString);
con.Open();
//create new customer
String query = "Select CustomerID from customer where email = @email";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@email", HttpUtility.HtmlEncode(txtEmail.Text));;
SqlDataReader myReader3 = cmd.ExecuteReader();
if (myReader3.HasRows)
{
while (myReader3.Read())
{
Session["ID"] = Convert.ToString(myReader3[0]);
}
myReader3.Close();
}
con.Close();
Session["Email"] = HttpUtility.HtmlEncode(txtEmail.Text);
try
{
System.Data.SqlClient.SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString());
lblStatus.Text = "Database Connection Successful";
sc.Open();
System.Data.SqlClient.SqlCommand findPass = new System.Data.SqlClient.SqlCommand();
findPass.Connection = sc;
// SELECT PASSWORD STRING WHERE THE ENTERED USERNAME MATCHES
findPass.CommandText = "SELECT PasswordHash FROM CustPass WHERE Username = @Username";
findPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtEmail.Text)));
SqlDataReader reader = findPass.ExecuteReader(); // create a reader
if (reader.HasRows) // if the username exists, it will continue
{
while (reader.Read()) // this will read the single record that matches the entered username
{
string storedHash = reader["PasswordHash"].ToString(); // store the database password into this variable
if (PasswordHash.ValidatePassword(txtPassword.Text, storedHash)) // if the entered password matches what is stored, it will show success
{
lblStatus.Text = "Success!";
Response.Redirect("CustomerServInfo1.aspx");
}
else
{
lblStatus.Text = "Password is incorrect.";
}
}
}
else // if the username doesn't exist, it will show failure
{
lblStatus.Text = "Login failed. User Does not Exist";
}
sc.Close();
}
catch
{
lblStatus.Text = "Database Error.";
}
}
protected void loginBtn_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString);
con.Open();
String query2 = "Select * from CustomerCredentials where Username = @Username";
SqlCommand cmd1 = new SqlCommand(query2, con);
cmd1.Parameters.AddWithValue("@Username", usrnameTxtBox.Text);
SqlDataReader reader = cmd1.ExecuteReader();
// Logic to make sure duplicate customer names cannot be added
if (reader.HasRows)
{
System.Windows.Forms.MessageBox.Show("This customer already exists.");
}
else
{
reader.Close();
// Connection and Insertion statements
String DBConn;
DBConn = WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString;
using (SqlConnection myConnection = new SqlConnection(DBConn))
{
SqlCommand MyCommand = new SqlCommand("INSERT INTO CustomerCredentials (Username) Values (@Username)", myConnection);
MyCommand.Parameters.Add(new SqlParameter("@Username", usrnameTxtBox.Text));
myConnection.Open();
MyCommand.ExecuteNonQuery();
SqlCommand passCommand = new SqlCommand("INSERT INTO Pass VALUES((select max(CustomerCredentialsID) from CustomerCredentials), @Username, @Password)", myConnection);
passCommand.Parameters.Add(new SqlParameter("@Username", usrnameTxtBox.Text));
passCommand.Parameters.Add(new SqlParameter("@Password", PasswordHash.HashPassword(pswrdTxtBox.Text)));
passCommand.ExecuteNonQuery();
usrnameTxtBox.Text = HttpUtility.HtmlEncode(usrnameTxtBox.Text);
pswrdTxtBox.Text = HttpUtility.HtmlEncode(pswrdTxtBox.Text);
//addCustomerTxtBox.Text = String.Empty;
usrnameTxtBox.Text = String.Empty;
pswrdTxtBox.Text = String.Empty;
Response.Redirect("CustomerLogin.aspx");
}
}
}
// Logs the user into the system
protected void btnLogin_Click(object sender, EventArgs e)
{
int count = 0;
// Checks the simple credentials table for a username and password
// This is used for so non-teachers can still login to the system
if (count == 0)
{
SqlConnection sqlConnection = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString.ToString());
SqlCommand sqlCommand = new SqlCommand();
sqlCommand.Connection = sqlConnection;
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.CommandText = "JeremyEzellLab3";
sqlCommand.Parameters.AddWithValue("@Username", txtUsername.Text.ToString());
sqlCommand.Parameters.AddWithValue("@Password", txtPassword.Text.ToString());
sqlConnection.Open();
SqlDataReader loginResults = sqlCommand.ExecuteReader();
if (loginResults.Read())
{
count++;
}
sqlConnection.Close();
}
// If non non-teacher account is found checks the AUTH database for a teacher login
if (count == 0)
{
// connect to database to retrieve stored password string
try
{
SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString());
sc.Open();
System.Data.SqlClient.SqlCommand findPass = new System.Data.SqlClient.SqlCommand();
findPass.Connection = sc;
// SELECT PASSWORD STRING WHERE THE ENTERED USERNAME MATCHES
findPass.CommandText = "select PasswordHash from Pass where Username = @Username";
findPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtUsername.Text)));
SqlDataReader reader = findPass.ExecuteReader(); // create a reader
if (reader.HasRows) // if the username exists, it will continue
{
while (reader.Read()) // this will read the single record that matches the entered username
{
string storedHash = reader["PasswordHash"].ToString(); // store the database password into this variable
if (PasswordHash.ValidatePassword(txtPassword.Text, storedHash)) // if the entered password matches what is stored, it will show success
{
count = 1;
btnLogin.Enabled = false;
txtUsername.Enabled = false;
txtPassword.Enabled = false;
}
}
}
sc.Close();
}
catch
{
lblLoginFeedback.Text = "Database Error.";
}
}
// Checks to make sure the username and password are valid
if (count == 1)
{
Session["Username"] = txtUsername.Text;
login.Visible = false;
logout.Visible = true;
lblLoggedInUser.Text = "Current User: "******"Username"].ToString();
}
else
{
lblLoginFeedback.Text = "Incorrect Username and/or Password! Please try again!";
}
}
protected void btnCreateNewEmp_Click(object sender, EventArgs e)
{
String sqlquery = "Insert Into Employee (EmpID, EmpName, EmpPosition, EmpCellNumber,EmpEmail) Values (@ID, @Name, @Position, @Cell, @Email);";
SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["Lab3"].ConnectionString);
SqlCommand cmd = new SqlCommand(sqlquery, con);
string fullname = txtFirstName.Text + ' ' + txtLastName.Text;
cmd.Parameters.AddWithValue("@ID", HttpUtility.HtmlEncode(txtUsername.Text));
cmd.Parameters.AddWithValue("@name", fullname);
cmd.Parameters.AddWithValue("@Position", HttpUtility.HtmlEncode(txtPosition.Text));
cmd.Parameters.AddWithValue("@Cell", HttpUtility.HtmlEncode(txtCell.Text));
cmd.Parameters.AddWithValue("@Email", HttpUtility.HtmlEncode(txtEmail.Text));
con.Open();
cmd.ExecuteNonQuery();
con.Close();
if (HttpUtility.HtmlEncode(txtFirstName.Text) != "" && HttpUtility.HtmlEncode(txtLastName.Text) != "" && HttpUtility.HtmlEncode(txtPassword.Text) != "" && HttpUtility.HtmlEncode(txtUsername.Text) != "") // all fields must be filled out
{
// COMMIT VALUES
try
{
System.Data.SqlClient.SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["AUTH"].ConnectionString.ToString());
lblStatus.Text = "Database Connection Successful";
sc.Open();
System.Data.SqlClient.SqlCommand createUser = new System.Data.SqlClient.SqlCommand();
createUser.Connection = sc;
// INSERT USER RECORD
createUser.CommandText = "INSERT INTO EmpPerson (FirstName, LastName, Username) VALUES (@FName, @LName, @Username)";
createUser.Parameters.Add(new SqlParameter("@FName", HttpUtility.HtmlEncode(txtFirstName.Text)));
createUser.Parameters.Add(new SqlParameter("@LName", HttpUtility.HtmlEncode(txtLastName.Text)));
createUser.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtUsername.Text)));
createUser.ExecuteNonQuery();
System.Data.SqlClient.SqlCommand setPass = new System.Data.SqlClient.SqlCommand();
setPass.Connection = sc;
// INSERT PASSWORD RECORD AND CONNECT TO USER
setPass.CommandText = "INSERT INTO EmpPass (Username, PasswordHash) VALUES (@Username, @Password)";
setPass.Parameters.Add(new SqlParameter("@Username", HttpUtility.HtmlEncode(txtUsername.Text)));
setPass.Parameters.Add(new SqlParameter("@Password", HttpUtility.HtmlEncode(PasswordHash.HashPassword(txtPassword.Text)))); // hash entered password
setPass.ExecuteNonQuery();
sc.Close();
lblStatus.Text = "Employee Created!";
}
catch
{
lblStatus.Text = "Database Error - User not committed.";
}
}
else
{
lblStatus.Text = "Fill all fields.";
}
Session["Email"] = HttpUtility.HtmlEncode(txtUsername.Text);
Response.Redirect("LoginPage.aspx");
}