1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
| namespace prosto.Control
{
using System;
using System.Collections;
using System.Collections.Specialized;
using System.Data.SqlClient;
using System.Data;
using System.Data.SqlTypes;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
using System.Drawing;
using System.Drawing.Text;
using System.Drawing.Imaging;
using System.Drawing.Drawing2D;
using System.Web.SessionState;
using System.Web.Security;
using System.Net;
using System.IO;
using System.Text.RegularExpressions;
using System.Text;
using System.Globalization;
using System.Threading;
using System.Xml;
public class login : System.Web.UI.UserControl
{
protected System.Web.UI.WebControls.Label log;
public HtmlContainerControl log_h;
public HtmlContainerControl log_s;
public HtmlContainerControl logout;
public HtmlContainerControl error;
public HtmlContainerControl flood;
public TextBox logintxt;
public TextBox password;
protected System.Web.UI.WebControls.Label lblLoginInfo;
private void Page_Load(System.Object sender, System.EventArgs e)
{
String Conn = (String)((NameValueCollection)Context.GetConfig("system.web/dsnstore"))["sql_site"];
SqlConnection cGetSum = new SqlConnection(Conn);
SqlCommand qGetSum;
SqlDataReader rGetSum;
Int32 member_id;
SqlMoney Ost = 0;
SqlMoney OstKC = 0;
String sCategory = "";
String s_begin_sum = "";
String s_end_sum = "";
String s_discount = "";
String s_bonus = "";
SqlCommand qDiscount2;
SqlDataReader rDiscount2;
SqlCommand qDiscount3;
SqlDataReader rDiscount3;
SqlConnection cDiscount2 = new SqlConnection(Conn);
SqlConnection cDiscount3 = new SqlConnection(Conn);
//logintxt.Width=100;
//password.Width=100;
SqlConnection pubsConn = new SqlConnection(Conn);
SqlCommand logoCMD = new SqlCommand("SELECT element_HTML FROM site_elements WHERE element_name = 'login_info'", pubsConn);
pubsConn.Open();
SqlDataReader myReader = logoCMD.ExecuteReader(CommandBehavior.SequentialAccess);
if (myReader.Read()) lblLoginInfo.Text += myReader.GetString(0);
myReader.Close();
pubsConn.Close();
if (Convert.ToInt32(Session["access"]) == -2)
{
log_s.Visible = true;
log_h.Visible = false;
logout.Visible = false;
error.Visible = false;
flood.Visible = true;
};
if (Convert.ToInt32(Session["access"]) == -1)
{
log_s.Visible = true;
log_h.Visible = false;
logout.Visible = false;
error.Visible = true;
};
if (Convert.ToInt32(Session["access"]) == 0)
{
log_s.Visible = true;
log_h.Visible = false;
logout.Visible = false;
error.Visible = false;
};
if (Convert.ToInt32(Session["access"]) == 1)
{
log_h.Visible = true;
log_s.Visible = false;
logout.Visible = true;
cGetSum.Open();
qGetSum = new SqlCommand("select abs(ISNULL(sum(doc_bonus),0)) from vdoc where card_id = " + Session["card_id"] + " and dbo.Get_storno(doc_id) = 1", cGetSum);
rGetSum = qGetSum.ExecuteReader();
while (rGetSum.Read())
{
OstKC = rGetSum.GetSqlMoney(0);
// (decimal.Round(rGetSum.GetSqlMoney(0).ToDecimal(), 2)).ToString()
}
rGetSum.Close();
cGetSum.Close();
if (OstKC == 0)
log.Text = "Вы определены как:<br><b>" + Session["login"] + "<br><br></b>Бонус:<b>" + Session["bonus"] + "<br><br><a href=\"default.aspx?page=cardedit\">Личная карточка</a></b><br><br>";
else
log.Text = "Вы определены как:<br><b>" + Session["login"] + "<br><br></b>Бонус:<b>" + Session["bonus"] + "</b><br><br>Бонусное сальдо КЦ:<b>" + (decimal.Round(OstKC.ToDecimal(), 2)).ToString() + "</b><br><br><a href=\"default.aspx?page=cardedit\">Личная карточка</a></b><br><br>";
error.Visible = false;
lblLoginInfo.Text = "";
logoCMD = new SqlCommand("select member_id, www_name from member where member_id in (select member_id from discount group by member_id)", pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader();
while (myReader.Read())
{
member_id = myReader.GetInt32(0);
cGetSum.Open();
qGetSum = new SqlCommand("select ISNULL(sum(doc_summ),0) from vdoc where card_id = " + Session["card_id"] + " and member_id = " + member_id.ToString(), cGetSum);
rGetSum = qGetSum.ExecuteReader();
while (rGetSum.Read())
{
Ost = rGetSum.GetSqlMoney(0);
// (decimal.Round(rGetSum.GetSqlMoney(0).ToDecimal(), 2)).ToString()
}
rGetSum.Close();
cGetSum.Close();
lblLoginInfo.Text += "<B>Сумма покупок по участнику: " + myReader.GetString(1) + " - " + (decimal.Round(Ost.ToDecimal(), 2)).ToString() + "</B> <A HREF=\"default.aspx?page=members&id=" + member_id.ToString() + "\">Полная программа лояльности</A><BR><BR>";
cDiscount2.Open();
qDiscount2 = new SqlCommand("select category,count(1) from discount where member_id = " + member_id.ToString() + " group by category", cDiscount2);
rDiscount2 = qDiscount2.ExecuteReader();
while (rDiscount2.Read())
{
if (!rDiscount2.IsDBNull(0)) sCategory = rDiscount2.GetString(0).Trim();
cDiscount3.Open();
qDiscount3 = new SqlCommand("select begin_sum,end_sum, discount, bonus from discount where member_id = " + member_id.ToString() + " and category = '" + sCategory + "' and " + (decimal.Round(Ost.ToDecimal(), 0)).ToString() + " between begin_sum and end_sum order by begin_sum", cDiscount3);
rDiscount3 = qDiscount3.ExecuteReader();
lblLoginInfo.Text += "<TABLE border=1 CLASS='login'><CAPTION>" + sCategory + "</CAPTION>";
lblLoginInfo.Text += "<TR class='login_head'><TD class='login_cell1'>Сумма покупок у данного участника</TD><TD class='login_cell1'>Скидка, %</TD><TD>Бонус, %</TD></TR>";
while (rDiscount3.Read())
{
if (rDiscount3.IsDBNull(0)) s_begin_sum = ""; else s_begin_sum = decimal.Round(rDiscount3.GetSqlMoney(0).ToDecimal(), 0).ToString();
if (rDiscount3.IsDBNull(1)) s_end_sum = ""; else s_end_sum = decimal.Round(rDiscount3.GetSqlMoney(1).ToDecimal(), 0).ToString();
if (rDiscount3.IsDBNull(2)) s_discount = ""; else s_discount = decimal.Round(rDiscount3.GetSqlMoney(2).ToDecimal(), 0).ToString();
if (rDiscount3.IsDBNull(3)) s_bonus = ""; else s_bonus = decimal.Round(rDiscount3.GetSqlMoney(3).ToDecimal(), 0).ToString();
lblLoginInfo.Text += "<TR CLASS='login'><TD CLASS='login'>" + s_begin_sum + " - " + s_end_sum + "</TD><TD CLASS='login'>" + s_discount + "</TD><TD CLASS='login'>" + s_bonus + "</TD></TR>";
}
lblLoginInfo.Text += "</TABLE>";
rDiscount3.Close();
cDiscount3.Close();
}
rDiscount2.Close();
cDiscount2.Close();
lblLoginInfo.Text += "<BR><BR>";
}
myReader.Close();
pubsConn.Close();
lblLoginInfo.Text += "<BR>";
logoCMD = new SqlCommand("SELECT doc_date,member_name,doc_summ,doc_bonus,dbo.Get_storno(doc_id) FROM vdoc WHERE card_id = " + Session["card_id"] + " order by doc_date desc", pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader();
lblLoginInfo.Text += "<TABLE border=1 CLASS='login'><CAPTION>История покупок</CAPTION>";
if (!myReader.HasRows) lblLoginInfo.Text += "<TR><TD CLASS='login'>нет покупок</TD></TR>";
else lblLoginInfo.Text += "<TR class='login_head'><TD class='login_cell1'>Дата</TD><TD class='login_cell1'>Магазин</TD><TD>Сумма покупки</TD><TD>Начислено бонусов</TD><TD>Потрачено бонусов</TD></TR>";
while (myReader.Read())
{
if (myReader.GetInt32(4) == 0)
{
if (myReader.GetSqlMoney(3).ToDecimal() > 0) lblLoginInfo.Text += "<TR CLASS='login'><TD CLASS='login'>" + myReader.GetDateTime(0).ToString() + "</TD><TD CLASS='login'>" + myReader.GetString(1) + "</TD><TD CLASS='login'>" + (decimal.Round(myReader.GetSqlMoney(2).ToDecimal(), 2)).ToString() + "</TD><TD CLASS='login'>" + (decimal.Round(myReader.GetSqlMoney(3).ToDecimal(), 2)).ToString() + "</TD><TD CLASS='login'> </TD></TR>";
else lblLoginInfo.Text += "<TR CLASS='login'><TD CLASS='login'>" + myReader.GetDateTime(0).ToString() + "</TD><TD CLASS='login'>" + myReader.GetString(1) + "</TD><TD CLASS='login'>" + (decimal.Round(myReader.GetSqlMoney(2).ToDecimal(), 2)).ToString() + "</TD><TD CLASS='login'> </TD><TD CLASS='login'>" + (decimal.Round(-myReader.GetSqlMoney(3).ToDecimal(), 2)).ToString() + "</TD></TR>";
}
else
{
if (myReader.GetSqlMoney(3).ToDecimal() > 0) lblLoginInfo.Text += "<TR CLASS='login'><TD CLASS='login'>" + myReader.GetDateTime(0).ToString() + "</TD><TD CLASS='login'>" + myReader.GetString(1) + "</TD><TD CLASS='login'>" + (decimal.Round(myReader.GetSqlMoney(2).ToDecimal(), 2)).ToString() + "</TD><TD CLASS='login'>" + (decimal.Round(myReader.GetSqlMoney(3).ToDecimal(), 2)).ToString() + "</TD><TD CLASS='login'> </TD></TR>";
else lblLoginInfo.Text += "<TR CLASS='login'><TD CLASS='login'>" + myReader.GetDateTime(0).ToString() + "</TD><TD CLASS='login'>" + myReader.GetString(1) + "</TD><TD CLASS='login'>" + (decimal.Round(myReader.GetSqlMoney(2).ToDecimal(), 2)).ToString() + "</TD><TD CLASS='login'> </TD><TD CLASS='login'>" + (decimal.Round(-myReader.GetSqlMoney(3).ToDecimal(), 2)).ToString() + " *</TD></TR>";
}
}
lblLoginInfo.Text += "</TABLE>";
if (OstKC != 0) lblLoginInfo.Text += "<p align=justify>* Накопленные бонусные баллы в ТВК \"Ковровый центр\" будут отовариваться с 01.02.2008 по 30.06.2008. По истечении этого срока бонусные баллы, накопленные при покупках в ТВК \"Ковровый центр\", будут аннулированы</p>";
myReader.Close();
pubsConn.Close();
lblLoginInfo.Text += "<BR>";
logoCMD = new SqlCommand("select bonus_4,date_end_bonus from card where dbo.card.card_id = " + Session["card_id"], pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader();
lblLoginInfo.Text += "<TABLE border=1 CLASS='login'><CAPTION>Акция День рождения</CAPTION>";
lblLoginInfo.Text += "<TR class='login_head'><TD class='login_cell1'>Бонус</TD><TD class='login_cell1'>Дата списания</TD></TR>";
while (myReader.Read())
{
lblLoginInfo.Text += "<TR CLASS='login'><TD CLASS='login'>" + myReader["bonus_4"].ToString() + "</TD><TD CLASS='login'>" + myReader["date_end_bonus"].ToString() + " **</TD></TR>";
}
lblLoginInfo.Text += "</TABLE>";
if (OstKC != 0) lblLoginInfo.Text += "<p align=justify>** Дата анулирования бонусных баллов по акции День рождения</p>";
myReader.Close();
pubsConn.Close();
lblLoginInfo.Text += "<BR>";
logoCMD = new SqlCommand("select bonus_1,date_begin from bonus_db.dbo.act_new cross join bonus_db.dbo.card where dbo.card.card_id = " + Session["card_id"] + " and dbo.act_new.field_id = 1" + " and dbo.act_new.active = 1 ", pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader();
lblLoginInfo.Text += "<TABLE border=1 CLASS='login'><CAPTION>Акция 1</CAPTION>";
lblLoginInfo.Text += "<TR class='login_head'><TD class='login_cell1'>Бонус</TD><TD class='login_cell1'>Дата начисления</TD></TR>";
while (myReader.Read())
{
lblLoginInfo.Text += "<TR CLASS='login'><TD CLASS='login'>" + myReader["bonus_1"].ToString() + "</TD><TD CLASS='login'>" + myReader["date_begin"].ToString() + " **</TD></TR>";
}
lblLoginInfo.Text += "</TABLE>";
myReader.Close();
pubsConn.Close();
};
}
protected void Log_Click(Object sender, EventArgs e)
{
Int32 card_id = 0;
SqlMoney bonus = 0;
decimal bonus_rounded = 0;
Int32 owner_id = 0;
Int32 PIN_correct = 0;
Int32 error_login_count = 0;
System.Text.StringBuilder message_login = new System.Text.StringBuilder("Вы определены как:");
//String red;
String fio = "";
String card_prefix = "";
SqlCommand logoCMD;
SqlDataReader myReader;
String Conn = (String) ((NameValueCollection) Context.GetConfig("system.web/dsnstore"))["sql"];
SqlConnection pubsConn = new SqlConnection(Conn);
//string sPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(Regex.Replace(password.Text, "'", ""),"md5");
logoCMD = new SqlCommand("SELECT param FROM param WHERE name='card_prefix'", pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader(CommandBehavior.SequentialAccess);
while (myReader.Read())
{
card_prefix = myReader.GetString(0);
}
myReader.Close();
pubsConn.Close();
logoCMD = new SqlCommand("SELECT card_id, bonus, dbo.Check_pin(card_id,'" + Regex.Replace(password.Text, "'", "") + "') FROM card WHERE card_number='" + card_prefix + Regex.Replace(logintxt.Text, "'", "") + "'", pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader(CommandBehavior.SequentialAccess);
while (myReader.Read())
{
card_id = myReader.GetInt32(0);
bonus = myReader.GetSqlMoney(1);
bonus_rounded = decimal.Round(bonus.ToDecimal(), 2);
PIN_correct = myReader.GetInt32(2);
}
myReader.Close();
pubsConn.Close();
logoCMD = new SqlCommand("select count(1) from audit where DATEDIFF(hour, audit_date,getdate()) <= 3 and audit_type = 0 and audit_name = '" + Regex.Replace(logintxt.Text, "'", "") + "'", pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader(CommandBehavior.SequentialAccess);
while (myReader.Read())
{
error_login_count = myReader.GetInt32(0);
}
myReader.Close();
pubsConn.Close();
if (error_login_count <= 5)
if ((card_id > 0) & (PIN_correct == 1))
{
logoCMD = new SqlCommand("SELECT f,i,o,owner_id FROM owner WHERE card_id='" + card_id + "'", pubsConn);
pubsConn.Open();
myReader = logoCMD.ExecuteReader(CommandBehavior.SequentialAccess);
while (myReader.Read())
{
fio = myReader.GetString(0) + " " + myReader.GetString(1) + " " + myReader.GetString(2);
owner_id = myReader.GetInt32(3);
}
myReader.Close();
pubsConn.Close();
logoCMD = new SqlCommand("INSERT into audit values(1, '" + Regex.Replace(logintxt.Text, "'", "") + "',getdate())", pubsConn);
pubsConn.Open();
logoCMD.ExecuteNonQuery();
pubsConn.Close();
Session["access"] = 1;
Session["login"] = fio;
Session["card_id"] = card_id;
Session["bonus"] = bonus_rounded;
Session["owner_id"] = owner_id;
Session["card_number"] = logintxt.Text;
}
else
{
//неправильное имя или пароль
logoCMD = new SqlCommand("INSERT into audit values(0, '" + Regex.Replace(logintxt.Text, "'", "") + "',getdate())", pubsConn);
pubsConn.Open();
logoCMD.ExecuteNonQuery();
pubsConn.Close();
Session["access"] = -1;
}
else
{
Session["access"] = -2;
}
//red = Request.UrlReferrer.ToString();
//Response.Redirect(red);
Response.Redirect("default.aspx?page=login");
}
protected void Logout_Click(Object sender, EventArgs e)
{
//String red;
//red=Request.UrlReferrer.ToString();
Session.Abandon();
Response.Redirect("default.aspx?page=login");//(red);
}
override protected void OnInit(System.EventArgs e)
{
InitializeComponent();
base.OnInit(e);
}
private void InitializeComponent()
{
this.Load += new System.EventHandler(this.Page_Load);
}
}
} |
(
Сообщение от EvgenOrel
