EDA263/lab3/cs_lab3/myWebApplication/default.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace myWebApplication
{
    public partial class _default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            //check if cookie exists, if not redirect to login.aspx
            //go to user table, retrieve the post where the sessionID matches

            if (Request.Cookies.Get("auth") == null)
            {
                Response.Redirect("Login.aspx");
            }
            String username = SQLaccess.GetUserFromID(Request.Cookies.Get("auth").Value);

            if (username != null)
            {
                Session["loggedin"] = true;
                Session["auth"] = Request.Cookies.Get("auth").Value;
                welcome.Text = "Welcome to the system " + username + ".";
                welcome2.Text = "Your sessionID is: " + Session["auth"].ToString() + ".";
                
            }
            else
            {
                Response.Redirect("login.aspx");
            }

            //panels
            Panel_Buy.Visible = false;
            Panel_Thankyou.Visible = false;
            Panel_Uploadfile.Visible = false;
            Panel_Viewcomments.Visible = false;

            int page;
            int.TryParse(Request.QueryString.Get("page"), out page);

            switch (page)
            {
                case 0: break;
                case 1: if ((Boolean)Session["loggedin"] == true) { Panel_Buy.Visible = true; } break;
                case 2: if ((Boolean)Session["loggedin"] == true) { Panel_Thankyou.Visible = true; } break;
                case 3: if ((Boolean)Session["loggedin"] == true) { Panel_Uploadfile.Visible = true; } break;
                case 4: if ((Boolean)Session["loggedin"] == true) { Panel_Viewcomments.Visible = true; } break;
                default: Response.Redirect("login.aspx"); break;
            }
        }

        protected void logout_Click(object sender, EventArgs e)
        {
            //remove sessionID from database
            String record = SQLaccess.GetRecordFromID(Request.Cookies.Get("auth").Value);
            if (record != null)
            {
                SQLaccess.InsertSessionID(record,"-1");
            }
            Request.Cookies.Clear();
            Response.Cookies["auth"].Expires = DateTime.Now;
            Response.Cookies["name"].Expires = DateTime.Now;
            Session.Clear();
            Response.Redirect("login.aspx");
            
        }
    }
}