protected void Page_Load(object sender, EventArgs e) { // Deny normal user access if (Session["userType"].ToString() == Reference.USR_MEM) { ScriptManager.RegisterStartupScript(this, this.GetType(), "redirect", "alert('You do not have access to this page'); window.location='" + Request.ApplicationPath + "ProfileInfo.aspx';", true); } else { User userObj = new User(); UserManagement uDao = new UserManagement(); userObj = uDao.getUserByID(Session["selectedID"].ToString()); lbName.Text = userObj.Name; lbEmail.Text = userObj.Email; lbContact.Text = userObj.ContactNumber; lbUserType.Text = uDao.getUserType(userObj.Type); lbCompany.Text = userObj.CompanyName; lbStatus.Text = uDao.getUserStatus(userObj.Status); } }
protected void fp_onclick(object sender, EventArgs e) { string Email = fpEmail.Text; string Pswd = CreatePassword(8); string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt"); //string lastUpdBy = Session["userID"].ToString(); //string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt"); User userObj = new User(); User userObj1 = new User(); UserManagement uDao = new UserManagement(); userObj1 = uDao.checkEmail(Email); int EmailMatch = 0; if (userObj1 != null) { EmailMatch = 1; } if (EmailMatch == 1) // if email matches { userObj = uDao.getUserByEmail(Email); // get email from sql // Password codes below // make a new byte array byte[] salt; // generate salt new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]); // hash and salt using PBKDF2 var pbkdf2 = new Rfc2898DeriveBytes(Pswd, salt, 10000); // place string in byte array byte[] hash = pbkdf2.GetBytes(20); // make new byte array to store hashed password + salt // 36 --> 16(salt) + 20(hash) byte[] hashbytes = new byte[36]; Array.Copy(salt, 0, hashbytes, 0, 16); Array.Copy(hash, 0, hashbytes, 16, 20); string PasswordHash = Convert.ToBase64String(hashbytes); string PasswordSalt = Convert.ToBase64String(salt); // Database codes insert below Boolean insCnt = uDao.updateUserPassword(Email, PasswordHash, PasswordSalt, lastUpdOn); // Email codes below string body = "Dear User, " + Environment.NewLine + Environment.NewLine + "Your Password Is Successfully Reset! " + Environment.NewLine + "This Is Your Current Login Password: "******". Please Proceed To Change Your Password Upon Your Login. Thank you. " + Environment.NewLine + Environment.NewLine + Environment.NewLine + "Regards, " + Environment.NewLine + "Targeted Marketing Admin Team"; string subject = "Password Successfully Reset!"; string toEmail = Email; sendMail(subject, body, toEmail); string script = "alert('Password successfully reset! Please check your new password at your email!');"; ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true); } else { string script = "alert('Email not registered. Please re-enter a correct email.');"; ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true); } }
protected void login_onclick(object sender, EventArgs e) { string Email = unTB.Text; User userObj = new User(); User userObj1 = new User(); UserManagement uDao = new UserManagement(); userObj1 = uDao.checkEmail(Email); int EmailMatch = 0; if (userObj1 != null) { EmailMatch = 1; } if (EmailMatch == 1) { userObj = uDao.getUserByEmail(Email); int pswdMatch = 1; //noted,CheEe(002):comment this to bypass the login!!! string pswdHash = userObj.PasswordHash; // convert into bytes byte[] hashbytes = Convert.FromBase64String(pswdHash); // take the salt out of the string byte[] salt = new byte[16]; Array.Copy(hashbytes, 0, salt, 0, 16); // hash the entered password var pbkdf2 = new Rfc2898DeriveBytes(pwTB.Text, salt, 10000); byte[] hash = pbkdf2.GetBytes(20); for (int i = 0; i < 20; i++) { if (hashbytes[i + 16] != hash[i]) { pswdMatch = 0; } } if (pswdMatch == 1) { Session["userID"] = userObj.UserID; //System.Diagnostics.Debug.Write(Session["userID"]); Session["userType"] = userObj.Type; if ((string)Session["userType"] == Reference.USR_ADM || (string)Session["userType"] == Reference.USR_MEM) { Response.Redirect("ProfileInfo.aspx"); } } else { string script = "alert('Password is incorrect. Please re-enter the correct password.');"; ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true); } } else { string script = "alert('Email not registered. Please re-enter a correct email.');"; ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true); } }
protected void btnDelete_Command(object sender, CommandEventArgs e) { if (e.CommandName == "DeleteMessage") { SqlConnection conn = null; SqlDataReader reader = null; // instantiate and open connection conn = new SqlConnection(Reference.Constr); conn.Open(); int index = Convert.ToInt32(e.CommandArgument); // Retrieve the row that contains the button // from the Rows collection. GridViewRow row = gvUser.Rows[index]; LinkButton btnButton1 = sender as LinkButton; GridViewRow gvRow1 = (GridViewRow)btnButton1.NamingContainer; //SqlCommand cmdCount = new SqlCommand("select count(*) as total from Advertisement as a inner join Company as c on a.companyID=c.CompanyID where c.CompanyID=@ID", conn); User uObj = new User(); UserManagement uDao = new UserManagement(); Label lb_msgId = (Label)gvRow1.FindControl("lb_UserID"); // string CurrentSession = Session["UserID"].ToString(); uObj = uDao.getUserByID(lb_msgId.Text); string userName = uObj.Name; if (lb_msgId.Text.ToString() == Session["UserID"].ToString()) { deleteFailure.Visible = true; alertSuccess.Visible = false; updateSuccess.Visible = false; createSuccess.Visible = false; labelDelete.Text = "You cannot delete yourself"; } else { deleteFailure.Visible = false; alertSuccess.Visible = true; updateSuccess.Visible = false; createSuccess.Visible = false; msgSuccess.Text = userName + " Has Been Deleted Successfully!"; Boolean insCnt = uDao.deleteQns(lb_msgId.Text); } //VIC: never inform if the delete is successful or not? Database db = new Database(); SqlCommand cmd = new SqlCommand("Select * from [User] WHERE Type != @paraType and Status = 1"); cmd.Parameters.AddWithValue("@paraType", (string)Session["userType"]); DataSet ds = db.getDataSet(cmd); //gvUser.DataSource = ds; gvUser.DataBind(); } }
protected void btnCreate_User(object sender, EventArgs e) { // if((tbName.Text == "" || tbConNo.Text == "" || ddlUserType.SelectedValue==""|| tbEmail.Text=="")) // { // alertWarning.Visible = true; // msgWarning.Text = "Please ensure you have filled in all required fields"; // } string Name = tbName.Text; string Type = ddlUserType.SelectedItem.Value; string Email = tbEmail.Text; string ContactNumber = tbConNo.Text; string Pswd = CreatePassword(8); int Status = 1; int CreatedBy = Convert.ToInt32(Session["userID"]); string CreatedOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt"); int CompanyID = Convert.ToInt32(ddlCompany.SelectedValue); if (Type == "NULL") { alertWarning.Visible = true; msgWarning.Text = "Please Select User Type!"; } else { if (Type == Reference.USR_MEM && CompanyID == 0) { alertWarning.Visible = true; msgWarning.Text = "Please Select Company!"; } else { // make a new byte array byte[] salt; // generate salt new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]); // hash and salt using PBKDF2 var pbkdf2 = new Rfc2898DeriveBytes(Pswd, salt, 10000); // place string in byte array byte[] hash = pbkdf2.GetBytes(20); // make new byte array to store hashed password + salt // 36 --> 16(salt) + 20(hash) byte[] hashbytes = new byte[36]; Array.Copy(salt, 0, hashbytes, 0, 16); Array.Copy(hash, 0, hashbytes, 16, 20); string PasswordHash = Convert.ToBase64String(hashbytes); string PasswordSalt = Convert.ToBase64String(salt); UserManagement uDao = new UserManagement(); User uObj = new User(); uObj = uDao.checkEmail(Email); int EmailExist = 1; if (uObj == null) { EmailExist = 0; } if (EmailExist == 0) { if (Type == Reference.USR_ADM) { Boolean insCnt = uDao.createAdmin(Name, Email, ContactNumber, Type, PasswordHash, PasswordSalt, Status, CreatedBy, CreatedOn); System.Diagnostics.Debug.WriteLine("Working"); } else { Boolean insCnt = uDao.createUser(Name, Email, ContactNumber, Type, PasswordHash, PasswordSalt, Status, CompanyID, CreatedBy, CreatedOn); } string body = "Dear " + Name + ", " + Environment.NewLine + Environment.NewLine + "Your Account Has Been Successfully Created! " + Environment.NewLine + "This Is Your First-Time Login Password: "******". Please Proceed To Change Your Password Upon Your First Login. Thank you. " + Environment.NewLine + Environment.NewLine + Environment.NewLine + "Regards, " + Environment.NewLine + "Targeted Marketing Admin Team"; string subject = "Account Successfully Created!"; string toEmail = Email; sendMail(subject, body, toEmail); // This is the line where the email is sent //VIC: after successful creation, the fields should be cleared to min the risk of user clicking on the submit button again ddlUserType.SelectedIndex = 0; ddlCompany.SelectedIndex = 0; tbName.Text = String.Empty; tbEmail.Text = String.Empty; tbConNo.Text = String.Empty; alertSuccess.Visible = true; alertWarning.Visible = false; msgSuccess.Text = Name + " Has Been Created Successfully!"; Session["CreateUser"] = 2; Response.Redirect("UserList.aspx"); } //VIC: do not need to check if contact already exist else if (EmailExist > 0) { tbEmail.Text = String.Empty; alertWarning.Visible = true; alertSuccess.Visible = false; msgWarning.Text = "Email Already In-Use. Please Try Again!"; } } //Session["CreateUser"] = 2; //Response.Redirect("UserList.aspx"); } }
protected void btnUpdate_Click(object sender, EventArgs e) { UserManagement uDao = new UserManagement(); User uObj = new User(); if (Session["userType"].ToString() == Reference.USR_ADM) { uObj = uDao.getAdminByID(Session["userID"].ToString()); } else { uObj = uDao.getUserByID(Session["userID"].ToString()); } string uName = tbName.Text; string uContact = tbContact.Text; string lastUpdBy = Session["userID"].ToString(); string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt"); //initialise hash password string uPswdHash = ""; //initalise salted password string uPswdSalt = ""; int testing = 1; //pswdmatch=1 int pswdMatch = 1; //if empty make password hash and salt same if (CurrentPassword.Text == "" && CurrentPassword.Visible == false || tbPswd.Text == "" || tbCPswd.Text == "" || (tbPswd.Text == "" && tbCPswd.Text == "")) { uPswdHash = (string)uObj.PasswordHash; uPswdSalt = (string)uObj.PasswordSalt; Boolean insCnt = uDao.updateCurrentUser(Session["userID"].ToString(), uName, uContact, uPswdHash, uPswdSalt, lastUpdBy, lastUpdOn); tbName.Text = String.Empty; tbContact.Text = String.Empty; alertSuccess.Visible = true; } else { string passwordhashlol = uObj.PasswordHash; // convert into bytes byte[] hashbyteslol = Convert.FromBase64String(passwordhashlol); // take the salt out of the string byte[] saltlol = new byte[16]; Array.Copy(hashbyteslol, 0, saltlol, 0, 16); // hash the entered Current password var pbkdf2lol = new Rfc2898DeriveBytes(CurrentPassword.Text, saltlol, 10000); byte[] hashlol = pbkdf2lol.GetBytes(20); for (int i = 0; i < 20; i++) { if (hashbyteslol[i + 16] != hashlol[i]) { pswdMatch = 0; } } if (pswdMatch == 1) { if (tbPswd.Text == tbCPswd.Text) { byte[] salt; // generate salt new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]); // hash and salt using PBKDF2 var pbkdf2 = new Rfc2898DeriveBytes(tbCPswd.Text, salt, 10000); // place string in byte array byte[] hash = pbkdf2.GetBytes(20); // make new byte array to store hashed password + salt // 36 --> 16(salt) + 20(hash) byte[] hashbytes = new byte[36]; Array.Copy(salt, 0, hashbytes, 0, 16); Array.Copy(hash, 0, hashbytes, 16, 20); string PasswordHash = Convert.ToBase64String(hashbytes); string PasswordSalt = Convert.ToBase64String(salt); uPswdHash = PasswordHash; uPswdSalt = PasswordSalt; Boolean insCnt = uDao.updateCurrentUser(Session["userID"].ToString(), uName, uContact, uPswdHash, uPswdSalt, lastUpdBy, lastUpdOn); tbName.Text = String.Empty; tbContact.Text = String.Empty; alertSuccess.Visible = true; alertDanger.Visible = false; } } else { alertDanger.Visible = true; alertSuccess.Visible = false; } } }
public void BindGrid() { SqlConnection conn = null; SqlDataReader reader = null; // instantiate and open connection conn = new SqlConnection(Reference.Constr); conn.Open(); if (Session["userType"].ToString() == Reference.USR_ADM) { // 1. declare command object with parameter SqlCommand cmd = new SqlCommand( " SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " + "[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1", conn); SqlDataAdapter sda = new SqlDataAdapter(); DataTable dt = new DataTable(); cmd.Connection = conn; sda.SelectCommand = cmd; sda.Fill(dt); // get data stream GridView1.DataSource = dt; GridView1.DataBind(); } else { User uObj = new User(); UserManagement uDao = new UserManagement(); uObj = uDao.getUserByID(Session["userID"].ToString()); // 1. declare command object with parameter SqlCommand cmd = new SqlCommand( " SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate] FROM " + "[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and [Company].status = 1 and [Company].CompanyID=@comID", conn); // 2. define parameters used in command object SqlParameter param = new SqlParameter(); param.ParameterName = "@comID"; param.Value = uObj.CompanyID.ToString(); // 3. add new parameter to command object cmd.Parameters.Add(param); SqlDataAdapter sda = new SqlDataAdapter(); DataTable dt = new DataTable(); cmd.Connection = conn; sda.SelectCommand = cmd; sda.Fill(dt); // get data stream GridView1.DataSource = dt; GridView1.DataBind(); } if (GridView1.Rows.Count == 0) { } }
protected void btnDelete_Command(object sender, CommandEventArgs e) { SqlConnection conn = null; SqlDataReader reader = null; // instantiate and open connection conn = new SqlConnection(Reference.Constr); conn.Open(); if (e.CommandName == "DeleteAdMessage") { int index = Convert.ToInt32(e.CommandArgument); // Retrieve the row that contains the button // from the Rows collection. GridViewRow row = GridView1.Rows[index]; LinkButton btnButton1 = sender as LinkButton; GridViewRow gvRow1 = (GridViewRow)btnButton1.NamingContainer; Advertisement aObj = new Advertisement(); Advertisement_Management aDao = new Advertisement_Management(); Label lb_msgId = (Label)gvRow1.FindControl("lb_AdvertID"); aObj = aDao.getAdvByID(lb_msgId.Text); // bObj = bDao.getBillboardByID(lb_msgId.Text); // string BBCode = bObj.BillboardCode; //Boolean insCnt = bDao.deleteBillboard(lb_msgId.Text); Boolean DeleteAd = aDao.deleteAdvert(lb_msgId.Text); //VIC: never inform if the delete is successful or not? alertSuccessDelete.Visible = true; alertSuccessCreate.Visible = false; alertSuccessUpdate.Visible = false; Label3.Text = " Advert '" + aObj.Name + "' Has Been Deleted Successfully!"; //" SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " + // "[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1", conn); Database db = new Database(); if (Session["userType"].ToString() == Reference.USR_ADM) { SqlCommand cmd = new SqlCommand("SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " + "[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1", conn); SqlDataAdapter sda = new SqlDataAdapter(); DataTable dt = new DataTable(); sda.SelectCommand = cmd; sda.Fill(dt); GridView1.DataSource = dt; GridView1.DataBind(); } else { User uObj = new User(); UserManagement uDao = new UserManagement(); uObj = uDao.getUserByID(Session["userID"].ToString()); SqlCommand cmd = new SqlCommand("SELECT [Advertisement].AdvID,[Company].Name as CompanyName, [Advertisement].Name as AdvertName, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " + "[Advertisement] inner join [Company] on Company.CompanyID =[Advertisement].CompanyID where [Advertisement].status = 1 and[Company].status = 1 and [Advertisement].CompanyID=@comID", conn); SqlParameter param = new SqlParameter(); param.ParameterName = "@comID"; param.Value = uObj.CompanyID.ToString(); cmd.Parameters.Add(param); SqlDataAdapter sda = new SqlDataAdapter(); DataTable dt = new DataTable(); sda.SelectCommand = cmd; sda.Fill(dt); GridView1.DataSource = dt; GridView1.DataBind(); } } }
protected void btnRun_Click(object sender, EventArgs e) { // " select [Company].Name as CompanyName ,[Advertisement].Name as AdvertName,[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate" + //" from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + // "where [Advertisement].status=1 order by " + e.SortExpression + " " + strSortDirection, conn); if (Session["userType"].ToString() == Reference.USR_ADM) { //admin input if (startDateTB.Text == "" && endDateTB.Text == "") { string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" + ",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + "where [Advertisement].status=1 and ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" + " + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') "; SqlCommand xp = new SqlCommand(str, con); xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text; //xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text; con.Open(); xp.ExecuteNonQuery(); SqlDataAdapter da = new SqlDataAdapter(); da.SelectCommand = xp; DataSet ds = new DataSet(); da.Fill(ds, "Name"); GridView1.DataSource = ds; GridView1.DataBind(); } else { DateTime sdate = DateTime.Parse(startDateTB.Text); DateTime edate = DateTime.Parse(endDateTB.Text); string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" + ",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + "where [Advertisement].status=1 and [Advertisement].StartDate>=@sDate and [Advertisement].EndDate<=@eDate and" + " ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" + " + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') "; SqlCommand xp = new SqlCommand(str, con); xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text; xp.Parameters.Add("@sDate", SqlDbType.DateTime).Value = sdate; xp.Parameters.Add("@eDate", SqlDbType.DateTime).Value = edate; //xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text; con.Open(); xp.ExecuteNonQuery(); SqlDataAdapter da = new SqlDataAdapter(); da.SelectCommand = xp; DataSet ds = new DataSet(); da.Fill(ds, "Name"); GridView1.DataSource = ds; GridView1.DataBind(); } } else { //user input if (startDateTB.Text == "" && endDateTB.Text == "") { User uObj = new User(); UserManagement uDao = new UserManagement(); uObj = uDao.getUserByID(Session["userID"].ToString()); string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" + ",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + "where [Company].CompanyID=@ID and [Advertisement].status=1 and ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" + " + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') "; SqlCommand xp = new SqlCommand(str, con); xp.Parameters.Add("@ID", SqlDbType.NVarChar).Value = uObj.CompanyID.ToString(); xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text; //xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text; con.Open(); xp.ExecuteNonQuery(); SqlDataAdapter da = new SqlDataAdapter(); da.SelectCommand = xp; DataSet ds = new DataSet(); da.Fill(ds, "Name"); GridView1.DataSource = ds; GridView1.DataBind(); } else { DateTime sdate = DateTime.Parse(startDateTB.Text); DateTime edate = DateTime.Parse(endDateTB.Text); string str = " select AdvID, [Company].Name as CompanyName,[Advertisement].Name as AdvertName" + ",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + "where [Advertisement].status=1 and [Advertisement].StartDate>=@sDate and [Advertisement].EndDate<=@eDate and" + " ([Advertisement].Name like '%' + @search + '%' OR [Company].Name like '%' + @search + '%' OR ItemType like '%'" + " + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') "; SqlCommand xp = new SqlCommand(str, con); xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text; xp.Parameters.Add("@sDate", SqlDbType.DateTime).Value = sdate; xp.Parameters.Add("@eDate", SqlDbType.DateTime).Value = edate; //xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text; con.Open(); xp.ExecuteNonQuery(); SqlDataAdapter da = new SqlDataAdapter(); da.SelectCommand = xp; DataSet ds = new DataSet(); da.Fill(ds, "Name"); GridView1.DataSource = ds; GridView1.DataBind(); } } //string str = " select [Company].Name as CompanyName,[Advertisement].Name as AdvertName" + // ",[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + // "where [Company].CompanyID=@ID and [Advertisement].status=1 and ([Advertisement].Name like '%' + @search + '%' OR ItemType like '%'" + // " + @search + '%' OR StartDate like '%' + @search + '%' OR EndDate like '%' + @search + '%') "; //SqlCommand xp = new SqlCommand(str, vid); //xp.Parameters.Add("@ID", SqlDbType.NVarChar).Value = Session["CompanyID"].ToString(); //xp.Parameters.Add("@search", SqlDbType.NVarChar).Value = txtSearch.Text; ////xp.Parameters.Add("@search2", SqlDbType.NVarChar).Value = txtSearch.Text; //vid.Open(); //xp.ExecuteNonQuery(); //SqlDataAdapter da = new SqlDataAdapter(); //da.SelectCommand = xp; //DataSet ds = new DataSet(); //da.Fill(ds, "Name"); //GridView1.DataSource = ds; //GridView1.DataBind(); }
protected void GridView1_Sorting(object sender, GridViewSortEventArgs e) { SortDirection sortDirection = SortDirection.Ascending; string sortField = string.Empty; SortGridview((GridView)sender, e, out sortDirection, out sortField); string strSortDirection = sortDirection == SortDirection.Ascending ? "ASC" : "DESC"; SqlConnection conn = null; SqlDataReader reader = null; // instantiate and open connection conn = new SqlConnection(Reference.Constr); conn.Open(); // " SELECT [Advertisement].AdvID,[Company].Name, [Advertisement].Name, [Advertisement].Item, [Advertisement].ItemType,[StartDate], [EndDate]FROM " + //"[Advertisement] inner join[Company] on Company.CompanyID =[Advertisement].CompanyID where[Advertisement].status = 1 and[Company].status = 1" if (Session["UserType"].ToString() == Reference.USR_ADM) { SqlCommand cmd = new SqlCommand( " select AdvID, [Company].Name as CompanyName ,[Advertisement].Name as AdvertName,[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate" + " from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + "where [Advertisement].status=1 order by " + e.SortExpression + " " + strSortDirection, conn); SqlDataAdapter sda = new SqlDataAdapter(); DataTable dt = new DataTable(); cmd.Connection = conn; sda.SelectCommand = cmd; sda.Fill(dt); GridView1.DataSource = dt; GridView1.DataBind(); } else { User uObj = new User(); UserManagement uDao = new UserManagement(); uObj = uDao.getUserByID(Session["userID"].ToString()); SqlCommand cmd = new SqlCommand( " select AdvID, [Company].Name as CompanyName ,[Advertisement].Name as AdvertName,[Advertisement].Item,[Advertisement].ItemType,[Advertisement].StartDate,[Advertisement].EndDate" + " from [Advertisement] inner join [Company] on [Advertisement].CompanyID =[Company].CompanyID " + "where [Company].CompanyID=@ID and [Advertisement].status=1 order by " + e.SortExpression + " " + strSortDirection, conn); // 2. define parameters used in command object SqlParameter param = new SqlParameter(); param.ParameterName = "@ID"; param.Value = uObj.CompanyID.ToString(); // 3. add new parameter to command object cmd.Parameters.Add(param); SqlDataAdapter sda = new SqlDataAdapter(); DataTable dt = new DataTable(); cmd.Connection = conn; sda.SelectCommand = cmd; sda.Fill(dt); GridView1.DataSource = dt; GridView1.DataBind(); } }
protected void ButtonConfirm_Click(object sender, EventArgs e) { //initialise imagelink and getvalue string imagelink = ""; string getvalue = ""; for (int i = 0; i < CheckBoxList2.Items.Count; i++) { if (CheckBoxList2.Items[i].Selected) { getvalue += CheckBoxList2.Items[i].Text + ","; getvalue = getvalue.TrimEnd(); } } //if uploaded file then save if (FileUpload1.HasFile) { string fileExt = System.IO.Path.GetExtension(FileUpload1.FileName); FileUpload1.SaveAs(Server.MapPath("~/Images/") + FileUpload1.FileName); } //if any field missing give warning! //unused codes if (Literal1.Text == "" || startDateTB.Text == "" || endDateTB.Text == "" || adCategoryTB.Text == "" || billboardDisplayTB.Text == "" || getvalue == "") { //alertWarning.Visible = true; //warningLocation.Text = "Please ensure you have filled in all required fields"; } //if never agree to terms and conditions,display warning //unused codes else if (CheckBox1.Checked == false) { //alertWarning.Visible = true; //warningLocation.Text = "Please agree with T&C"; } else { //alertWarning.Visible = false; DateTime aDate = DateTime.Now; imagelink = "Images/" + Literal1.Text; DateTime sdate = DateTime.Parse(startDateTB.Text); DateTime edate = DateTime.Parse(endDateTB.Text); int companyID = Convert.ToInt32(DropDownListCompany.SelectedItem.Value); int AdvertisementID = GetMaxIDAdvertisement(); string mainconn = ConfigurationManager.ConnectionStrings["Targeted_Marketing_DisplayConnectionString"].ConnectionString; SqlConnection sqlconn = new SqlConnection(Reference.Constr); String adv = "Insert into [Advertisement](Name,Item,ItemType,Duration,CompanyID,StartDate,EndDate,Status,CreatedBy,CreatedOn)" + " Values(@Name,@Item,@ItemType,@Duration,@CompanyID,@StartDate,@EndDate,@Status,@CreatedBy,@CreatedOn)"; SqlCommand sqlcomm = new SqlCommand(adv); sqlcomm.Connection = sqlconn; sqlconn.Open(); if ((string)Session["userType"] == Reference.USR_ADM) { sqlcomm.Parameters.AddWithValue("@CreatedOn", DateTime.Now); sqlcomm.Parameters.AddWithValue("@Name", adNameTB.Text); sqlcomm.Parameters.AddWithValue("@Item", imagelink); sqlcomm.Parameters.AddWithValue("@ItemType", Literal2.Text); sqlcomm.Parameters.AddWithValue("@StartDate", sdate); sqlcomm.Parameters.AddWithValue("@EndDate", edate); sqlcomm.Parameters.AddWithValue("@CompanyID", companyID); sqlcomm.Parameters.AddWithValue("@Status", "1"); sqlcomm.Parameters.AddWithValue("@CreatedBy", "2"); sqlcomm.Parameters.AddWithValue("@Duration", videoDurationTB.Text); sqlcomm.ExecuteNonQuery(); sqlconn.Close(); } else { User userObj = new User(); UserManagement uDao = new UserManagement(); userObj = uDao.getUserByID(Session["userID"].ToString()); sqlcomm.Parameters.AddWithValue("@CreatedOn", DateTime.Now); sqlcomm.Parameters.AddWithValue("@Name", adNameTB.Text); sqlcomm.Parameters.AddWithValue("@Item", imagelink); sqlcomm.Parameters.AddWithValue("@ItemType", Literal2.Text); sqlcomm.Parameters.AddWithValue("@StartDate", sdate); sqlcomm.Parameters.AddWithValue("@EndDate", edate); sqlcomm.Parameters.AddWithValue("@CompanyID", userObj.CompanyID); sqlcomm.Parameters.AddWithValue("@Status", "1"); sqlcomm.Parameters.AddWithValue("@CreatedBy", "2"); sqlcomm.Parameters.AddWithValue("@Duration", videoDurationTB.Text); sqlcomm.ExecuteNonQuery(); sqlconn.Close(); } SqlConnection sqlcon = new SqlConnection(Reference.Constr); string sqlquery = "Insert into [AdvertisementCategory](AdvID,CategoryID) values(@AdvID,@CategoryID)"; SqlCommand sqlcom = new SqlCommand(sqlquery, sqlcon); sqlcon.Open(); string str = adCategoryTB.Text; string[] splitstr = str.Split(','); int id = GetMaxIDAdvertisement(); foreach (string s in splitstr) { //trim the string, i.e. remove the space if any string _s = s; _s = _s.Trim(); sqlcom.Parameters.AddWithValue("@AdvID", id); //sqlcom.Parameters.AddWithValue("@CategoryID", s); sqlcom.Parameters.AddWithValue("@CategoryID", _s); sqlcom.ExecuteNonQuery(); sqlcom.Parameters.Clear(); } sqlcon.Close(); List <int> ListOfID = new List <int>(); SqlConnection sqlconnn = new SqlConnection(Reference.Constr); string sqlqueryy = "Insert into [AdvertisementLocation](AdvID,BillboardID) values(@AdvID,@BillboardID)"; SqlCommand sqlcommm = new SqlCommand(sqlqueryy, sqlconnn); sqlconnn.Open(); int AdvId = GetMaxIDAdvertisement(); //Label bblabel = (Label)gvr.FindControl("lb_BillboardID"); for (int i = 0; i < GridView1.Rows.Count; i++) { //Label bblabel = (Label)gvr.FindControl("lb_BillboardID"); // billboardDisplayTB.Text = billboardDisplayTB.Text + "," + bblabel.Text; GridViewRow row = GridView1.Rows[i]; bool chkbx = ((CheckBox)row.FindControl("CheckBoxSelector")).Checked; if (chkbx) { Label bblabel = (Label)GridView1.Rows[i].FindControl("lb_BillboardID"); sqlcommm.Parameters.AddWithValue("@BillboardID", Convert.ToInt32(bblabel.Text)); sqlcommm.Parameters.AddWithValue("@AdvID", AdvId); sqlcommm.ExecuteNonQuery(); sqlcommm.Parameters.Clear(); } } sqlconnn.Close(); SqlConnection sqlcn = new SqlConnection(Reference.Constr); string sqlque = "Insert into [AdvertisementAudience](AdvID,AgeID,GenderID) values(@AdvID,@AgeID,@GenderID)"; SqlCommand sqlcm = new SqlCommand(sqlque, sqlcn); sqlcn.Open(); int ID_audience = GetMaxIDAdvertisement(); for (int i = 0; i < CheckBoxList2.Items.Count; i++) { if (CheckBoxList2.Items[i].Selected == true) { string stri = string.Empty; stri = CheckBoxList2.Items[i].ToString(); if (stri.Contains("Male") & stri.Contains("Child")) { sqlcm.Parameters.AddWithValue("@GenderID", "M"); sqlcm.Parameters.AddWithValue("@AgeID", "1"); } else if (stri.Contains("Male") & stri.Contains("Young Adult")) { sqlcm.Parameters.AddWithValue("@GenderID", "M"); sqlcm.Parameters.AddWithValue("@AgeID", "2"); } else if (stri.Contains("Male") & stri.Contains("Age 31-65")) { sqlcm.Parameters.AddWithValue("@GenderID", "M"); sqlcm.Parameters.AddWithValue("@AgeID", "3"); } else if (stri.Contains("Male") & stri.Contains("Senior")) { sqlcm.Parameters.AddWithValue("@GenderID", "M"); sqlcm.Parameters.AddWithValue("@AgeID", "4"); } else if (stri.Contains("Female") & stri.Contains("Child")) { sqlcm.Parameters.AddWithValue("@GenderID", "F"); sqlcm.Parameters.AddWithValue("@AgeID", "1"); } else if (stri.Contains("Female") & stri.Contains("Young Adult")) { sqlcm.Parameters.AddWithValue("@GenderID", "F"); sqlcm.Parameters.AddWithValue("@AgeID", "2"); } else if (stri.Contains("Female") & stri.Contains("Age 31-65")) { sqlcm.Parameters.AddWithValue("@GenderID", "F"); sqlcm.Parameters.AddWithValue("@AgeID", "3"); } else if (stri.Contains("Female") & stri.Contains("Senior")) { sqlcm.Parameters.AddWithValue("@GenderID", "F"); sqlcm.Parameters.AddWithValue("@AgeID", "4"); } sqlcm.Parameters.AddWithValue("@AdvID", ID_audience); sqlcm.ExecuteNonQuery(); sqlcm.Parameters.Clear(); } } sqlcn.Close(); adNameTB.Text = string.Empty; DropDownListCompany.SelectedIndex = 0; startDateTB.Text = string.Empty; endDateTB.Text = string.Empty; videoDurationTB.Text = string.Empty; adCategoryTB.Text = string.Empty; billboardDisplayTB.Text = string.Empty; for (int i = 0; i < CheckBoxList1.Items.Count; i++) { CheckBoxList1.Items[i].Selected = false; } for (int i = 0; i > CheckBoxList2.Items.Count; i++) { CheckBoxList2.Items[i].Selected = false; } //alertWarning.Visible = false; //alertSuccess.Visible = true; Session["AdvertCreate"] = 2; Response.Redirect("AdvertList.aspx"); } }