protected void btn_submit_Click(object sender, EventArgs e) { if (validaPW(tb_password.Text) == true) { Encrypt.Encrypt enc = new Encrypt.Encrypt(); SqlConnection myConn = new SqlConnection(ConfigurationManager.ConnectionStrings["BackofficeConnectionString"].ConnectionString); SqlCommand myCommand = new SqlCommand(); myCommand.Parameters.AddWithValue("@email", tb_username.Text); myCommand.Parameters.AddWithValue("@pass", enc.EncryptWithPassphrase(tb_password.Text, "Andre")); myCommand.Parameters.AddWithValue("@nome", tb_name.Text); myCommand.Parameters.AddWithValue("@ativo", 1); myCommand.Parameters.AddWithValue("@cod_perfil", 4); SqlParameter val_output = new SqlParameter(); val_output.ParameterName = "@retorno"; val_output.Direction = ParameterDirection.Output; val_output.SqlDbType = SqlDbType.Int; myCommand.Parameters.Add(val_output); myCommand.CommandType = CommandType.StoredProcedure; myCommand.CommandText = "inserir_utilizador"; myCommand.Connection = myConn; myConn.Open(); myCommand.ExecuteNonQuery(); int valor_retornado = Convert.ToInt32(myCommand.Parameters["@retorno"].Value); myConn.Close(); if (valor_retornado == 0) { lbl_mensagem.Text = "The user already exists"; } else { lbl_mensagem.Visible = true; lbl_mensagem.Text = "User registered"; Response.Redirect("login.aspx"); } } else { lbl_mensagem.Text = "Your password is weak"; } }
protected void btn_login_Click(object sender, EventArgs e) { Encrypt.Encrypt enc = new Encrypt.Encrypt(); SqlConnection myConn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["BackofficeConnectionString"].ConnectionString); SqlCommand myCommand = new SqlCommand(); myCommand.Parameters.AddWithValue("@email", tb_username.Text); myCommand.Parameters.AddWithValue("@pw", enc.EncryptWithPassphrase(tb_password.Text, "Andre")); SqlParameter val_output = new SqlParameter(); val_output.ParameterName = "@retorno"; val_output.Direction = ParameterDirection.Output; val_output.SqlDbType = SqlDbType.Int; myCommand.Parameters.Add(val_output); SqlParameter val_output2 = new SqlParameter(); val_output2.ParameterName = "@retorno_perfil"; val_output2.Direction = ParameterDirection.Output; val_output2.SqlDbType = SqlDbType.VarChar; val_output2.Size = 30; myCommand.Parameters.Add(val_output2); SqlParameter val_output3 = new SqlParameter(); val_output3.ParameterName = "@retorno_utilizador"; val_output3.Direction = ParameterDirection.Output; val_output3.SqlDbType = SqlDbType.VarChar; val_output3.Size = 30; myCommand.Parameters.Add(val_output3); myCommand.CommandType = CommandType.StoredProcedure; myCommand.CommandText = "login"; myCommand.Connection = myConn; myConn.Open(); myCommand.ExecuteNonQuery(); int valor_retornado = Convert.ToInt32(myCommand.Parameters["@retorno"].Value); string valor_perfil = myCommand.Parameters["@retorno_perfil"].Value.ToString(); string utilizador = myCommand.Parameters["@retorno_utilizador"].Value.ToString(); Session["perfil_nome"] = valor_perfil; Session["perfil_ativo"] = valor_retornado; Session["utilizador"] = utilizador; myConn.Close(); if (valor_retornado == 0) { Session["login"] = "******"; Response.Redirect("app.aspx"); } else if (valor_retornado == 1) { Session["login"] = "******"; Response.Redirect("app.aspx"); } else if (valor_retornado == 2) { Session["login"] = "******"; Response.Redirect("app.aspx"); } }