User1045460610 posted
I want to use decoding of the hostid from this url. The page works now searching the query string but I want to use AES compliant, Salt Passphrase, Expiring encoding and decoding. I have a javascript that works in a test file. I need to figure out how to
integrate that encoding in the javascript into the asp.net c# page. Would i want to use the javascript or c#. If I use c# will the decode function decode with the same logic as the javascript function?
If I use the javascript how do I pass the hostid to the c# code behind page?
var returnUrl = Request.Params["ReturnUrl"];
var hostID = Request.Params["HostID"];
javascript
//https://attendance.erpise.com/instructorcourse.aspx/?q=U2FsdGVkX1%2BOVOwZzCIOIXwBdE5tW%2FISjtOGhVegQJneEooUvdn%2BShw3ENnsvL%2FMQXD49LXxEIC2Q8MRVnBjnA%3D%3D
function decrypt() {
var params = new URLSearchParams(window.location.search),
queryString = params.get('q'),
key = 'iaUdrdMy7H';
if (queryString) {
var decrypted = CryptoJS.AES.decrypt(queryString, key).toString(CryptoJS.enc.Utf8),
temp = decrypted.split('|'),
hostId = temp[0],
timestamp = new Date(temp[1]),
expired = diff_minutes(new Date(), timestamp) > 30;
document.getElementById('decrypt_result').innerText = 'Host ID was sent ' + hostId + ', Url ' + (expired ? 'expired' : 'not expired');
}
}
function diff_minutes(dt2, dt1) {
var diff = (dt2.getTime() - dt1.getTime()) / 1000;
diff /= 60;
return Math.abs(Math.round(diff));
}
aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="studentcourse.aspx.cs" Inherits="addcourse" %>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>On Grounds</title>
<style type="text/css">
.auto-style2 {
width: 123px;
}
.auto-style3 {
width: 26px;
}
.auto-style4 {
width: 27px;
}
.auto-style5 {
width: 288px;
}
.auto-style6 {
/*width: 140px;*/
}
</style>
</head>
<body>
<form id="form1" runat="server">
<h2 class="auto-style5">
<asp:Image ID="Image1" runat="server" Height="103px" Width="216px" ImageUrl="~/headerLogo.png" />
</h2>
<h2>
Attendance</h2>
<h2>
Student - Course</h2>
<table>
<tr>
<td class="auto-style2">
Student ID:</td>
<td class="auto-style6"><asp:TextBox ID="txtStudentID" runat="server" Enabled="False" ></asp:TextBox></td>
<td class="auto-style3">
</td>
</tr>
<tr>
<td class="auto-style2">
Student Name:</td>
<td class="auto-style6">
<asp:TextBox ID="txtStudentName" runat="server" Enabled="False"></asp:TextBox></td>
<td class="auto-style3">
</td>
</tr>
<tr>
<td class="auto-style2">
Instructor Name</td>
<td class="auto-style6">
<asp:TextBox ID="txtInstructorName" runat="server" Enabled="False"></asp:TextBox>
</td>
<td class="auto-style3">
</td>
</tr>
<tr>
<td class="auto-style2">
Course Code</td>
<td class="auto-style6">
<asp:TextBox ID="txtCourseCode" runat="server" Enabled="False"></asp:TextBox></td>
<td class="auto-style3">
</td>
</tr>
<tr>
<td class="auto-style2">
Course Title:</td>
<td class="auto-style6">
<asp:TextBox ID="txtCourseTitle" runat="server" Enabled="False"></asp:TextBox></td>
<td class="auto-style3">
</td>
</tr>
<tr>
<td class="auto-style2">
Course Start Time:</td>
<td class="auto-style6">
<asp:TextBox ID="txtCourseStartTime" runat="server" Enabled="False"></asp:TextBox></td>
<td class="auto-style3">
</td>
</tr>
<tr>
<td class="auto-style2">
Attendance Code:</td>
<td class="auto-style6">
<asp:TextBox ID="txtAttendanceCode" runat="server"></asp:TextBox></td>
<td class="auto-style3">
</td>
</tr>
</table>
<br />
<asp:Button ID="btnAdd" runat="server" Text="Save Code" OnClick="btnAdd_Click" />
<br />
<br />
<asp:Button ID="btnHelp" runat="server" Text="?" ToolTip="Instructions/Notes: You must be in the assigned classroom and on the wireless network to post your attendance. If you do not have a smartphone or laptop, borrow one from a friend or see your instructor.
Enter the Attendance Code given out by the instructor for this class session and click Save Code" />
<br />
<br />
<asp:Label ID="lblMsg" runat="server" EnableViewState="False"></asp:Label>
<br />
<asp:Label ID="lblMsg3" runat="server" EnableViewState="False" Visible="False"></asp:Label>
<br />
<asp:Label ID="lblMsg2" runat="server" EnableViewState="False"></asp:Label>
<br />
<br />
<table>
<tr>
<%--<td class="auto-style2">
Record ID:</td>--%>
<td>
<asp:TextBox ID="txtRecordID" runat="server" Enabled="False" Width="251px" BackColor="White" BorderStyle="None" ForeColor="#E5E5E5"></asp:TextBox>
</td>
<td class="auto-style4">
</td>
</tr>
<tr>
<%--<td class="auto-style2">
UserID:</td>--%>
<td>
<asp:TextBox ID="txtUserID" runat="server" Width="251px" Enabled="False" BackColor="White" BorderStyle="None" ForeColor="#E5E5E5"></asp:TextBox></td>
<td class="auto-style4">
</td>
</tr>
</table>
<br />
<br />
<asp:Panel ID="Panel1" runat="server" Width="216px">
<br />
<%--Instructions/Notes:
<br />
-You must be in the assigned classroom and on thewireless network to post your attendance.
<br />
-If you do not have a smartphone or laptop, borrow from a friend or see your instructor.
<br />
-Enter the Attendance Code given out by the instructor for this class session and click Save Code.--%>
</asp:Panel>
<br />
</form>
</body>
</html>
c#
using System;
using System.Data;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
public partial class addcourse : System.Web.UI.Page
{
protected void Page_LoadComplete(object sender, EventArgs e)
{
//MessageBox.Show("You are in the Form.Shown event.");
{
SqlConnection con = new SqlConnection(Database.ConnectionString);
try
{
var returnUrl = Request.Params["ReturnUrl"];
var hostID = Request.Params["HostID"];
if (string.IsNullOrWhiteSpace(hostID))
{
if (!string.IsNullOrWhiteSpace(returnUrl))
Response.Redirect(returnUrl);
throw new Exception("Variable \"HostID\" not found in query params");
}
con.Open();
var query = @"select distinct u.hostid as StudentID
,u.ID as UserID
,sd.scheduledaysid as CourseID
,sd.status
,sd.minutes
,sm.crs_cde as CourseCode
,sm.SHORT_CRS_TITLE_1 as CourseTitle
,sm.yr_cde
,sm.trm_cde
,sd.startTime AS CourseStartTime
,sd.startTime
,CONCAT(u.LastName, ', ',u.FirstName) AS StudentName
,u.Email
,nm.FIRST_NAME
,nm.MIDDLE_NAME
,CONCAT(nm.LAST_NAME, ', ',nm.FIRST_NAME) AS InstructorName
from ScheduleDays as sd
inner join lms_section as s on
sd.sectionid = s.SectionID
inner JOIN LMS_Course AS c WITH (NOLOCK) ON s.CourseID = c.CourseID
inner join section_master as sm on
c.CourseCode + ' ' + s.NAME = sm.crs_cde and
left(s.erpcoursekey,4) = sm.yr_cde and
substring(s.ERPCourseKey,6,2) = sm.trm_cde
inner join student_crs_hist as sch on
sm.crs_cde = sch.crs_cde and
sm.yr_cde = sch.yr_cde and
sm.trm_cde = sch.trm_cde
inner join fwk_user as u on
sch.id_num = u.hostid
inner join .name_master as nm on
sm.LEAD_INSTRUCTR_ID = nm.id_num
where
sd.startdate <= dateadd(mi, 10, @Now)
and sd.enddate >= @Now
and u.HostID = @HostID
and sm.crs_cde not like 'ONSO%'
AND sm.CRS_CDE NOT LIKE 'CLIN 7303 001'
AND sm.CRS_CDE NOT LIKE 'CLIN 7203 001'
AND sm.CRS_CDE NOT LIKE 'CLIN 8103 001'
and sm.LOC_CDE = 'main'
and sch.TRANSACTION_STS = 'C'
or
sd.startdate <= dateadd(mi, 10, @Now)
and sd.enddate >= @Now
and u.HostID = @HostID
and sm.crs_cde not like 'ONSO%'
AND sm.CRS_CDE NOT LIKE 'CLIN 7303 001'
AND sm.CRS_CDE NOT LIKE 'CLIN 7203 001'
AND sm.CRS_CDE NOT LIKE 'CLIN 8103 001'
and sm.LOC_CDE = 'main'
and sch.TRANSACTION_STS = 'C'";
var cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("HostID", hostID);
cmd.Parameters.AddWithValue("now", DateTime.Now);string studentId = null, userId = null, studentName = null, courseId = null, courseCode = null, courseTitle = null, courseStartTime = null, instructorName = null;
var reader = cmd.ExecuteReader();
if (reader.Read())
{
studentId = reader["StudentID"].ToString();
userId = reader["UserID"].ToString();
studentName = reader["StudentName"].ToString();
courseId = reader["CourseID"].ToString(); //courseId "86ab3a58-1d7c-4ced-82f9-d7ffacf17421" string
courseCode = reader["CourseCode"].ToString();
courseTitle = reader["CourseTitle"].ToString();
courseStartTime = reader["CourseStartTime"].ToString();
instructorName = reader["InstructorName"].ToString();
txtCourseCode.Text = courseCode;
txtCourseStartTime.Text = courseStartTime;
txtCourseTitle.Text = courseTitle;
txtInstructorName.Text = instructorName;
txtRecordID.Text = courseId;
txtStudentID.Text = studentId;
txtUserID.Text = userId;
txtStudentName.Text = studentName;
}
else
{
lblMsg.Text = "You do not have a class in the next hour.";
//btnUpdate.Enabled = false;
//btnUpdate.Visible = false;
}
reader.Close();
}
//catch (Exception ex)
catch (Exception)
{
//lblMsg.Text = "Error --> " + ex.Message;
//lblMsg.Text = "You do not have a class in the next hour.";
}
finally
{
con.Close();
}
}
}
protected void btnAdd_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(Database.ConnectionString);
try
{
con.Open(); //
string studentIpAddress = HttpContext.Current.Request.UserHostAddress;
string studentHost = HttpContext.Current.Request.UserHostName;
//Insert uniqueidentifier for retries
SqlCommand cmd = new SqlCommand("insert into attendance(RecordID,StudentID,CourseID,CourseCode,AttendanceCode,DateTimeStamp, StudentHost, StudentIpAddress) values(newid(),@StudentID,@CourseID,@CourseCode,@AttendanceCode,CURRENT_TIMESTAMP, @StudentHost, @StudentIpAddress)",
con); //101292
cmd.Parameters.AddWithValue("@RecordID", txtRecordID.Text);
cmd.Parameters.AddWithValue("@StudentID", txtStudentID.Text);
cmd.Parameters.AddWithValue("@CourseID", txtRecordID.Text);
cmd.Parameters.AddWithValue("@CourseCode", txtCourseCode.Text);
cmd.Parameters.AddWithValue("@AttendanceCode", txtAttendanceCode.Text);
cmd.Parameters.AddWithValue("@StudentHost", studentHost);
cmd.Parameters.AddWithValue("@StudentIpAddress", studentIpAddress);
int count = cmd.ExecuteNonQuery();
if (count == 1)
lblMsg.Text = "Attendance code logged"; //record logging of attendance code
else
lblMsg.Text = "Could not add code to log"; //showing message if there is some system error, the attendance code does not need to be validated here,
//var query2 = "select 1 from InstructorCourse where CourseID = @CourseID and CourseCode = @CourseCode and AttendanceCode = @AttendanceCode";
var query2 = "select 1 from InstructorCourse where CourseCode = @CourseCode and AttendanceCode = @AttendanceCode";
var checkCmd2 = new SqlCommand(query2, con);
checkCmd2.Parameters.AddWithValue("@CourseID", txtRecordID.Text);
checkCmd2.Parameters.AddWithValue("@CourseCode", txtCourseCode.Text);
checkCmd2.Parameters.AddWithValue("@AttendanceCode", txtAttendanceCode.Text);
var reader2 = checkCmd2.ExecuteReader();
if (reader2.Read())
{
SqlCommand cmd2 = new SqlCommand("insert into lms_attendance(attendanceID, userid, scheduledaysID, status) values(newid(),CAST(@UserID AS UNIQUEIDENTIFIER),CAST(@CourseID AS UNIQUEIDENTIFIER),'0')", con);
cmd2.Parameters.AddWithValue("@RecordID", txtRecordID.Text); //column was reserved for uniqueidentifier
cmd2.Parameters.AddWithValue("@StudentID", txtStudentID.Text); //needs to be fwk.UserID
cmd2.Parameters.AddWithValue("@UserID", txtUserID.Text);
cmd2.Parameters.AddWithValue("@CourseID", txtRecordID.Text); //scheduledaysID
cmd2.Parameters.AddWithValue("@AttendanceCode", txtAttendanceCode.Text);
//attendance code is verified, save
int count2 = cmd2.ExecuteNonQuery();
if (count2 == 1)
//lblMsg2.Text = "Attendance Code[" + txtCourseCode.Text + "] lms_attendance has been added!";
lblMsg2.Text = "Attendance saved";
else
lblMsg2.Text = "Attendance not added.";
}
else
{
// attendance code invalid
lblMsg2.Text = "Attendance code invalid.";
}
}
//catch (Exception ex)
catch (Exception)
{
//lblMsg2.Text = "Error --> " + ex.Message;
//lblMsg2.Text = "Error --> " + ex.Message + " Identity:" + ;
}
finally
{
con.Close();
}
}
}
Decode/Decrypt, AES, Passphrase, Expiring, QueryString, url, in c#or Javascript ASP.net WebSite?
