using System;
using System.Data;
using System.Data.Odbc;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Net.Mail;

public partial class _Default : System.Web.UI.Page
{
  protected void Page_Load(object sender, EventArgs e)
  {
		if (Page.IsPostBack)
		{
			// if it's a logout request, reset the 'user' session variable.
			if (Request.Form["txtLogout"] == "logout")
			{
				Session["user"] = "";
			}
			else
			{
				string strSql = "SELECT UserID FROM UserData WHERE UserID = '" + Request.Form["txtLogin"] +
						"'" + " AND Password = '" + Request.Form["txtPassword"] + "'";

				// Create the connection using the connection string in web.config.
				OdbcConnection conn = new OdbcConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
				OdbcCommand cmd = new OdbcCommand(strSql, conn);
				OdbcDataReader rdr;

				conn.Open();
				rdr = cmd.ExecuteReader();

				// Bad login credentials.
				if (!rdr.HasRows)
				{
					btnForgot.Visible = false;
					lblSentPassword.Visible = false;
					lblBadLogin.Visible = true;

					// See if the user ID is good, just bad password.
					rdr.Close();

					cmd.CommandText = "SELECT UserID FROM UserData WHERE UserID = '" + Request.Form["txtLogin"] + "'";
					rdr = cmd.ExecuteReader();

					if (rdr.HasRows)	// Good UserID, just bad password.
						btnForgot.Visible = true;
				}
				else
				{
					lblBadLogin.Visible = false;
					Session["user"] = rdr["UserID"];
					// Close the reader so we can reuse the connection.
					rdr.Close();

					// Timestamp the login.
					strSql = "UPDATE UserData SET LastLogin='" + DateTime.Now + "' WHERE UserID = '" + Session["user"] + "'";
					cmd.CommandText = strSql;
					cmd.ExecuteNonQuery();

					conn.Close();
					switch (Request.Form["rdoLogin"])
					{
						case "multiply":
							Response.Redirect("multiplication.aspx");
							break;
						case "divide":
							Response.Redirect("division.aspx");
							break;
						case "settings":
							Response.Redirect("settings.aspx");
							break;
					}

				}

				rdr.Close();
				conn.Close();
			}
		}
  }
	protected void btnForgot_Click(object sender, EventArgs e)
	{
		string strSql = "SELECT ParentEMail, Password FROM UserData WHERE UserID = '" + Request.Form["txtLogin"] + "'";
		string strAddress, strPwd;

		OdbcConnection conn = new OdbcConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
		OdbcCommand cmd = new OdbcCommand(strSql, conn);
		OdbcDataReader rdr;

		MailMessage msg = new MailMessage();
		msg.From = (new MailAddress("flashcards@tomusn.com"));
		SmtpClient client = new SmtpClient("smh01.opentransfer.com");

		conn.Open();
		rdr = cmd.ExecuteReader();

		if (rdr.HasRows)
		{
			strAddress = rdr["ParentEMail"].ToString();
			strPwd = rdr["Password"].ToString();
			msg.Subject = "Flash Cards Password";
			msg.Body = "Your forgotten password for the flash cards program is: " + strPwd;
			msg.To.Add(rdr["ParentEMail"].ToString());
			client.Send(msg);
			btnForgot.Visible = false;
			lblBadLogin.Visible = false;
			lblSentPassword.Visible = true;
		}
	}
}