Website E-Health dilengkapi dengan sistem management user yang membuat role access terbagi menjadi tiga yaitu admin, dokter dan member dimana setiap user dapat dikenali menggunakan sebuah session id yang di enkripsi ketika user melakukan login pertama kali ke dalam website. Berikut adalah pengujian pada seluruh halaman management user yang ditampilkan pula beserta dengan UI yang telah disesuaikan dengan content/fitur-fitur yang terdapat di dalam website :
Form Registrasi
Untuk dapat masuk dan menjelajahi menu di dalam website E-Health, user yang belum terdaftar diharuskan untuk melakukan registrasi terlebih dahulu seperti yang terlihat pada gambar dibawah ini :
public partial class Registrasi : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
onnection(ConfigurationManager.ConnectionStrings["forumssConnectionString1"].ConnectionString);
con.Open();
str
SqlConnection con = new Sql
Cing cmdStr = "Select count(*) from DMG_MEMBERS where MEMBER_USERNAME='" + TextBoxUN.Text + "'";
SqlCommand userExist = new SqlCommand(cmdStr, con);
esponse.Write("Username already exist");
}
}
}
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
con.Close();
if (temp == 1)
{
R protected void Submit_Click(object sender, EventArgs e)
{
/*string pass = TextBoxPass.Text;
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
Byte[] hashedBytes;
mssConnectionString1"].ConnectionString);
UTF8Encoding encoder = new UTF8Encoding();
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(pass));*/
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["for
ucon.Open();
g insCmd = "Insert into [forumss].[dbo].[DMG_MEMBERS] (MEMBER_USERNAME, MEMBER_PASSWORD,MEMBER_LEVEL,MEMBER_REALNAME,MEMBER_EMAIL, Roles, SessionId,Country) values (@MEMBER_USERNAME, @MEMBER_PASSWORD,@MEMBER_LEVEL,@MEMBER_REALNAME,@MEMBER_EMAIL, @Roles, @SessionId,@Country)";
SqlC
stri
nommand insertUser = new SqlCommand(insCmd, con);
insertUser.Parameters.AddWithValue("@MEMBER_USERNAME", TextBoxUN.Text);
insertUser.Parameters.AddWithValue("@MEMBER_PASSWORD", TextBoxPass.Text);
insertUser.Parameters.AddWithValue("@MEMBER_LEVEL", "1");
ext);
insertUser.Parameters.AddWithValue("@Country", DropDownListCountr
insertUser.Parameters.AddWithValue("@MEMBER_REALNAME", TextBoxFN.Text);
insertUser.Parameters.AddWithValue("@Roles", "members");
insertUser.Parameters.AddWithValue("@SessionId", "");
insertUser.Parameters.AddWithValue("@MEMBER_EMAIL", TextBoxEA.
Ty.SelectedValue);
try
{
insertUser.ExecuteNonQuery();
con.Close();
Response.Redirect("login.aspx");
}
catch (Exception er)
{
//Response.Write("Something really bad happenned. Please try again");
//Response.Write(er.Message);
xEA.Text = "";
TextBoxFN.Text = "
lblWarning.Text = er.Message;
clearText();
}
finally
{
//Boleh ditambahkan action yg lain lagi disini yaa....
}
}
private void clearText()
{
TextBoxUN.Text = "";
TextBoxPass.Text = "";
TextBoxRPass.Text = "";
TextB
o";
}
}
Kemudian data yang diregistrasi akan masuk kedalam database, namun session id yang digunakan sebagai User Identity belum ter-enkripsi dikarenakan user belum melakukan login. Session id akan ter-generate dengan otomatis ketika user melakukan login pada saat pertama kali seperti yang terlihat pada gambar dibawah ini :
protected void BtnLongIn_Click(object sender, EventArgs e)
{
if (!Convert.ToBoolean(AuthenticateUsers.ValidateUser(txtUsername.Text, txtPassword.Text, chckRemember.Checked)))
{
LtrError.Visible = true;
}
}
Berikut ini program AuthenticateUsers.cs
public class AuthenticateUsers
{
public static bool ValidateUser(string userName, string passWord, bool rememberMe)
{
string userData = ValidateCredential(userName,passWord);
if (userData == string.Empty)
{
return false;
}
HttpContext.Current.Session.Abandon();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, userName, DateTime.Now, DateTime.Now.AddMinutes(90), rememberMe,userData , FormsAuthentication.FormsCookiePath);
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
string returnUrl = HttpContext.Current.Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = FormsAuthentication.DefaultUrl.ToString();
HttpContext.Current.Response.Redirect(returnUrl);
return true;
}
private static string ValidateCredential(string userName, string passWord)
{
/* MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
Byte[] pass;
UTF8Encoding encoder = new UTF8Encoding();
pass = md5Hasher.ComputeHash(encoder.GetBytes(passWord));*/
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["forumssConnectionString1"].ConnectionString))
{
using (SqlCommand command = new SqlCommand("DMG_MEMBERS_CheckUser", connection))
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue("@MEMBER_USERNAME", userName);
command.Parameters.AddWithValue("@MEMBER_PASSWORD", passWord);
connection.Open();
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader.Read())
{
//fungsi ini akan menyimpan roles, userid, fullname dan token di dalam userdata yang kemudian di enkrip menjadi session id
return reader["roles"] + "|" + reader["MEMBER_ID"] + "|" + reader["FullName"] + "|" + SingleSession.CreateAndStoreSessionToken(userName);
}
}
}
}
return string.Empty;
}
}
Berikut ini program SingleSession.cs :
public static class SingleSession
{
public static string CreateAndStoreSessionToken(string userName)
{
string sessionToken = Guid.NewGuid().ToString(); //fungsi ini untuk mengenerate session secara acak
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["forumssConnectionString1"].ConnectionString))
{
using (SqlCommand command = new SqlCommand("DMG_MEMBERS_SetSessionId", connection))
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue("@MEMBER_USERNAME", userName);
command.Parameters.AddWithValue("@SessionId", sessionToken);
connection.Open();
command.ExecuteNonQuery();
connection.Close();
}
}
return sessionToken;
}
public static string GetStorSessionToken(string userName)
{
string returnStoredSession = string.Empty;
using (System.Data.SqlClient.SqlConnection connection = new System.Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings["forumssConnectionString1"].ConnectionString))
{
using (System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand("DMG_MEMBERS_GetUserSession", connection))
{
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.AddWithValue("@MEMBER_USERNAME", userName);
connection.Open();
System.Data.SqlClient.SqlDataReader datareader = command.ExecuteReader();
if (datareader.Read())
{
returnStoredSession = datareader[0].ToString();
}
connection.Close();
}
}
return returnStoredSession;
}
}
Berikut ini program UserIdentity.cs :
public class ExpressionBuilderIdentity : ExpressionBuilder
{
public override CodeExpression GetCodeExpression(BoundPropertyEntry entry, object parsedData, ExpressionBuilderContext context)
{
var targetClass = new CodeTypeReferenceExpression(typeof(ExpressionBuilderIdentity));
const string targetMethod = "GetIdentity";
CodeExpression methodParameter = new CodePrimitiveExpression(entry.Expression.Trim());
return new CodeMethodInvokeExpression(targetClass, targetMethod, methodParameter);
}
public static object GetIdentity(string param)
{
var userId = "-1";
var name = "Pengunjung!";
var username = string.Empty;
var roles = string.Empty;
if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated && HttpContext.Current.User.Identity is FormsIdentity )
{
var id = (FormsIdentity)HttpContext.Current.User.Identity;
var ticket = id.Ticket;
var userData = ticket.UserData;
var arrUserdata = userData.Split('|');
roles = arrUserdata[0];
userId = arrUserdata[1];
name = arrUserdata[2];
username = HttpContext.Current.User.Identity.Name;
}
if (param.ToLower().Equals("userid"))
{
return userId;
}
if (param.ToLower().Equals("name"))
{
return name;
}
if (param.ToLower().Equals("roles"))
{
return roles;
}
return param.ToLower().Equals("username") ? username : string.Empty;
}
}
Setelah melakukan login, user telah dikenali dengan menggunakan session, kemudian akan ditampilkan halaman user dengan menu-menu sesuai dengan hak aksesnya gambar dibawah ini :- Menu Member :
- Menu Dokter :
- Menu Admin :
protected void btnPass_Click(object sender, EventArgs e)
{
//Create Connection String And SQL Statement
string strConnection = ConfigurationManager.ConnectionStrings["forumssConnectionString1"].ConnectionString;
string strSelect = "SELECT MEMBER_USERNAME,MEMBER_PASSWORD FROM DMG_MEMBERS WHERE MEMBER_EMAIL = @MEMBER_EMAIL";
SqlConnection connection = new SqlConnection(strConnection);
SqlCommand command = new SqlCommand();
command.Connection = connection;
command.CommandType = CommandType.Text;
command.CommandText = strSelect;
SqlParameter email = new SqlParameter("@MEMBER_EMAIL", SqlDbType.VarChar, 50);
email.Value = txtEmail.Text.Trim().ToString();
command.Parameters.Add(email);
//Create Dataset to store results and DataAdapter to fill Dataset
DataSet dsPwd = new DataSet();
SqlDataAdapter dAdapter = new SqlDataAdapter(command);
connection.Open();
dAdapter.Fill(dsPwd);
connection.Close();
if (dsPwd.Tables[0].Rows.Count > 0)
{
MailMessage loginInfo = new MailMessage();
loginInfo.To.Add(txtEmail.Text.ToString());
loginInfo.From = new MailAddress("YourID@gmail.com");
loginInfo.Subject = "Informasi Forgot Password";
loginInfo.Body = "Username : " + dsPwd.Tables[0].Rows[0]["MEMBER_USERNAME"] + "
Password : " + dsPwd.Tables[0].Rows[0]["MEMBER_PASSWORD"] + "";
loginInfo.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.Port = 587;
smtp.EnableSsl = true;
smtp.Credentials = new System.Net.NetworkCredential("kelompokcloudcomputing@gmail.com", "123cloud");
smtp.Send(loginInfo);
lblMessage.Text = "Password telah terkirim ke email anda, silahkan login kembali";
txtEmail.Text = "";
}
else
{
lblMessage.Text = "Alamat email tidak ter-register";
}
}
Untuk user yang ingin merubah password, juga dapat menggunakan form Update Password seperti pada gambar dibawah ini :
protected void Page_Load(object sender, EventArgs e)
{
this.pnlProfile.Visible = true;
this.pnlFinish.Visible = false;
}
protected void ShowDataInfo()
{
SqlConnection objConn = null;
string strConnString = null;
StringBuilder strSQL = default(StringBuilder);
SqlCommand objCmd = null;
SqlDataReader dtReader = null;
//*** Open Connection ***'
strConnString = ConfigurationManager.ConnectionStrings["forumssConnectionString1"].ConnectionString; ;
objConn = new SqlConnection();
objConn.ConnectionString = strConnString;
objConn.Open();
//*** Get Data ***'
strSQL = new StringBuilder();
strSQL.Append(" SELECT * FROM DMG_MEMBERS ");
strSQL.Append(" WHERE MEMBER_USERNAME = @MEMBER_USERNAME ");
objCmd = new SqlCommand(strSQL.ToString(), objConn);
objCmd.Parameters.Add("@MEMBER_USERNAME", SqlDbType.VarChar).Value = Session["MEMBER_USERNAME"];
dtReader = objCmd.ExecuteReader();
if (dtReader.HasRows)
{
dtReader.Read();
this.txtFullName.Text = dtReader["MEMBER_REALNAME"].ToString();
this.txtEmail.Text = dtReader["MEMBER_EMAIL"].ToString();
this.DropDownListCountry.Text = dtReader["Country"].ToString();
}
dtReader.Close();
objConn.Close();
objConn = null;
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
SqlConnection objConn = null;
string strConnString = null;
StringBuilder strSQL = default(StringBuilder);
SqlCommand objCmd = null;
int intCount = 0;
//*** Open Connection ***//
strConnString = ConfigurationManager.ConnectionStrings["forumssConnectionString1"].ConnectionString; ;
objConn = new SqlConnection();
objConn.ConnectionString = strConnString;
objConn.Open();
//*** Check Email exists ***//
strSQL = new StringBuilder();
strSQL.Append(" SELECT COUNT(*) FROM DMG_MEMBERS ");
strSQL.Append(" WHERE MEMBER_EMAIL = @MEMBER_EMAIL AND MEMBER_USERNAME <> @MEMBER_USERNAME");
objCmd = new SqlCommand(strSQL.ToString(), objConn);
objCmd.Parameters.Add("@MEMBER_EMAIL", SqlDbType.VarChar).Value = this.txtEmail.Text;
objCmd.Parameters.Add("@MEMBER_USERNAME", SqlDbType.VarChar).Value = this.DisplayName.Text;
//objCmd.Parameters.Add("@MEMBER_USERNAME", SqlDbType.VarChar).Value = Session["MEMBER_USERNAME"];
intCount = (int)objCmd.ExecuteScalar();
if (intCount >= 1)
{
this.lblStatus.ForeColor = System.Drawing.Color.Red;
this.lblStatus.Text = "Email already exists!!";
return;
}
/*//Ekripsi Password User
string pass = txtPassword.Text;
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
Byte[] hashedBytes;
UTF8Encoding encoder = new UTF8Encoding();
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(pass));*/
//'*** Update Profile ***//
try
{
strSQL = new StringBuilder();
strSQL.Append(" UPDATE DMG_MEMBERS");
strSQL.Append(" SET MEMBER_PASSWORD = @MEMBER_PASSWORD ");
strSQL.Append(" ,Roles = @Roles");
strSQL.Append(" ,SessionId = @SessionId");
strSQL.Append(" ,MEMBER_REALNAME = @MEMBER_REALNAME ");
strSQL.Append(" ,MEMBER_EMAIL = @MEMBER_EMAIL ");
strSQL.Append(" ,Country = @Country ");
strSQL.Append(" WHERE MEMBER_USERNAME = @MEMBER_USERNAME");
objCmd = new SqlCommand(strSQL.ToString(), objConn);
objCmd.Parameters.Add("@MEMBER_PASSWORD", SqlDbType.VarChar).Value = this.txtPassword.Text;
objCmd.Parameters.Add("@Roles", SqlDbType.VarChar).Value = "members";
objCmd.Parameters.Add("@SessionId", SqlDbType.VarChar).Value = "";
objCmd.Parameters.Add("@MEMBER_REALNAME", SqlDbType.VarChar).Value = this.txtFullName.Text;
objCmd.Parameters.Add("@MEMBER_EMAIL", SqlDbType.VarChar).Value = this.txtEmail.Text;
objCmd.Parameters.Add("@Country", SqlDbType.VarChar).Value = this.DropDownListCountry.Text;
objCmd.Parameters.Add("@MEMBER_USERNAME", SqlDbType.VarChar).Value = this.DisplayName.Text;
objCmd.ExecuteNonQuery();
objConn.Close();
//Response.Redirect("login.aspx");
}
catch (Exception er)
{
Response.Write(er.Message);
}
objConn.Close();
objConn = null;
this.pnlProfile.Visible = false;
this.pnlFinish.Visible = true;
}
0 comments:
Post a Comment