-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDefault.aspx.cs
227 lines (199 loc) · 10.8 KB
/
Default.aspx.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
/*
SqlCommand.ExecuteNonQuery Method:
You can use the ExecuteNonQuery to perform catalog operations (for example, querying the structure of a database or creating database objects such as
tables), or to change the data in a database without using a DataSet by executing UPDATE, INSERT,
or DELETE statements. Although the ExecuteNonQuery returns no rows, any output parameters or return
values mapped to parameters are populated with data. For UPDATE, INSERT, and DELETE statements,
the return value is the number of rows affected by the command. When a trigger exists on a table
being inserted or updated, the return value includes the number of rows affected by both the insert
or update operation and the number of rows affected by the trigger or triggers. For all other types
of statements, the return value is -1. If a rollback occurs, the return value is also -1.
SqlCommand.ExecuteScalar Method
Executes a Transact-SQL statement against the connection and returns the number of rows affected.
So to get no. of statements returned by SELECT statement you have to use ExecuteScalar method.
*/
namespace WebApplication1
{
public partial class Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
LblErrormsg.Text = "Incorrect Username or Password";
LblErrormsg.Visible = false;
Lblsuccess.Visible = false;
}
protected void loginButton_Click(object sender, EventArgs e)
{
using (SqlConnection connection = new SqlConnection(@"Data Source=(local)\SQLEXPRESS;initial Catalog=FYPDB;Integrated Security=True;"))
{
bool authenticated = false;
if (txtusername.Text == "" || txtpassword.Text == "")
return;
if (RadioButtonList1.SelectedItem == null)
{
Response.Write("<script>alert('You did not choose an option.');</script>");
return;
}
string optionChosen = RadioButtonList1.SelectedItem.Value.ToString();
if (optionChosen == "Student")
{
connection.Open();
//Using parameterised query
string query1 = "SELECT COUNT(1) from Student WHERE RollNo=@username AND Password=@password";
//To get type from database of entered user to redirect to specific dashboard
string query2 = "SELECT type from Student WHERE RollNo=@username AND Password=@password";
SqlCommand cmd = new SqlCommand(query1, connection);
//Will put the value of the text boxes inside the @parameters we used above
cmd.Parameters.AddWithValue("@username", txtusername.Text.Trim());
cmd.Parameters.AddWithValue("@password", txtpassword.Text.Trim());
//Returns number of rows found with username and password
int count = Convert.ToInt32(cmd.ExecuteScalar());
//If atleast 1 row found with matching password and username
if (count == 1)
{
Lblsuccess.Visible = true;
authenticated = true;
}
else
{
LblErrormsg.Visible = true;
}
//Decide which dashboard to move to
//if logged in
if (authenticated)
{
//SqlCommand cmd2 = new SqlCommand(query2, connection);
//cmd2.Parameters.AddWithValue("@username", txtusername.Text.Trim());
//cmd2.Parameters.AddWithValue("@password", txtpassword.Text.Trim());
//SqlDataReader reader = cmd2.ExecuteReader();
//if (reader.Read())
//{
//string type_authority = reader.GetString(0);
////If member is fypCommitte go to google
//if (type_authority == "Student")
{
Session["ID"] = txtusername.Text;
// Check if student exists in FYP_GROUP_MEMBERS, or else take to register page.
using (SqlConnection con = new SqlConnection(@"Data Source=(local)\SQLEXPRESS;initial Catalog=FYPDB;Integrated Security=True;"))
{
con.Open();
string grpQuery = "SELECT COUNT(1) FROM FYP_GROUP_MEMBERS FG WHERE FG.StudentID = @RollNo";
using (SqlCommand comm = new SqlCommand(grpQuery, con))
{
comm.Parameters.AddWithValue("@RollNo", txtusername.Text);
int isStudentRegistered = Convert.ToInt32(comm.ExecuteScalar());
//Response.Write(isStudentRegistered);
if (isStudentRegistered == 1)
{
Response.Redirect("Student.aspx");
}
else
{
//Response.Write("Not Registered");
Response.Redirect("NewStudent.aspx");
//Redirect to registration page.
}
}
con.Close();
}
}
}
connection.Close();
}
else if (optionChosen == "Supervisor")
{
connection.Open();
//Check if supervisor exists
string query_CheckUser = "SELECT COUNT(1) from Faculty WHERE FacultyID = @FacultyID AND Password = @Password";
using (SqlCommand cmd = new SqlCommand(query_CheckUser, connection))
{
cmd.Parameters.AddWithValue("@FacultyID", txtusername.Text.ToString());
cmd.Parameters.AddWithValue("@Password", txtpassword.Text.ToString());
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count == 1)
{
//Check if he has supervisor priveleges
string query_CheckRole = "SELECT COUNT(1) FROM Supervisor where facultyID = @facultyID";
using (SqlCommand cmd2 = new SqlCommand(query_CheckRole, connection))
{
cmd2.Parameters.AddWithValue("@facultyID", txtusername.Text.ToString());
int assignedProjects = Convert.ToInt32(cmd2.ExecuteScalar());
if (assignedProjects >= 1)
{
//Success
Session["ID"] = txtusername.Text;
Response.Redirect("Supervisor.aspx");
}
else
{
LblErrormsg.Text = "No projects assigned to " + txtusername.Text.ToString();
LblErrormsg.Visible = true;
}
}
}
else LblErrormsg.Visible = true;
}
connection.Close();
Response.Write("TEST");
}
else if (optionChosen == "PanelMember")
{
connection.Open(); string query_CheckUser = "SELECT COUNT(1) from Faculty WHERE FacultyID = @FacultyID AND Password = @Password";
using (SqlCommand cmd = new SqlCommand(query_CheckUser, connection))
{
cmd.Parameters.AddWithValue("@FacultyID", txtusername.Text.ToString());
cmd.Parameters.AddWithValue("@Password", txtpassword.Text.ToString());
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count == 1)
{
//Check if he has supervisor priveleges
string query_CheckRole = "SELECT COUNT(1) FROM PanelMember where facultyID = @facultyID";
using (SqlCommand cmd2 = new SqlCommand(query_CheckRole, connection))
{
cmd2.Parameters.AddWithValue("@facultyID", txtusername.Text.ToString());
int panelCount = Convert.ToInt32(cmd2.ExecuteScalar());
if (panelCount >= 1)
{
//Grant access
Session["ID"] = txtusername.Text;
Response.Redirect("PanelMember.aspx");
}
else
{
}
}
}
else LblErrormsg.Visible = true;
}
connection.Close();
}
else if (optionChosen == "FYPCommittee")
{
connection.Open();
string query_checkCommmittee = "SELECT COUNT(1) FROM Faculty F WHERE F.FacultyID = @FacultyID AND F.Password = @Password AND F.isComittee = '1'";
using (SqlCommand cmd = new SqlCommand(query_checkCommmittee, connection))
{
cmd.Parameters.AddWithValue("@FacultyID", txtusername.Text.ToString());
cmd.Parameters.AddWithValue("@Password", txtpassword.Text.ToString());
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count == 1)
{
Session["ID"] = txtusername.Text;
Response.Redirect("FypCommittee.aspx");
}
else LblErrormsg.Visible = true;
}
connection.Close();
}
}
}
}
}