Enforced session-based authentication to restrict access to protected pages before user/admin login.

yehiarasheed · yehiarasheed · commit 7e0e06c24620 · 2025-02-16T15:20:26.000+02:00
diff --git a/WebApplication2/Customer/Pages/CustomerComponent.aspx b/WebApplication2/Customer/Pages/CustomerComponent.aspx
@@ -736,10 +736,18 @@
         });
 
         function logout() {
-            // Clear the active section
-            sessionStorage.removeItem('activeSection');
+            // Clear the session variable
+            sessionStorage.clear();
+            // Send a POST request to the logout endpoint
+            fetch('logout.aspx', { method: 'POST' })
+                .then(response => {
+                    if (response.redirected) {
+                        window.location.href = response.url;
+                    }
+                });
         }
 
+
         // Function to show the pop-up
         function showPopup() {
             document.getElementById('hintPopup').style.display = 'block';
diff --git a/WebApplication2/Customer/Pages/CustomerComponent.aspx.cs b/WebApplication2/Customer/Pages/CustomerComponent.aspx.cs
@@ -16,12 +16,18 @@ protected void Page_Load(object sender, EventArgs e)
             {
                 string connStr = WebConfigurationManager.ConnectionStrings["Milestone2DB_24"].ToString();
                 // Example input values, replace with actual inputs from user or session
-                MobileNo = Session["accountmn"] as String;
-                //int NationalID = 2; // Example NationalID
-                string PlanName = "Splan1"; // Example PlanName
-
-                //// ShowConsoleMessage("Retrieving all active benefits...");
-                 ShowAllServicePlans(connStr);
+                
+                if (Session["accountmn"] == null)
+                {
+                    // Redirect to the login page if not authenticated
+                    Response.Redirect("/Customer/Pages/login.aspx");
+                }
+                else 
+                {
+                    MobileNo = Session["accountmn"] as String;
+                }
+                // ShowConsoleMessage("Retrieving all active benefits...");
+                ShowAllServicePlans(connStr);
                  ShowAllBenefits(connStr);
                  ShowAllShops(connStr);
                  ShowCompanyOfferedPlans(connStr, MobileNo);
diff --git a/WebApplication2/Customer/Pages/login.aspx.cs b/WebApplication2/Customer/Pages/login.aspx.cs
@@ -35,8 +35,6 @@ protected void loginm(object sender, EventArgs e)
             string accountmn = mnumber.Text.Trim();
             string pass = password.Text.Trim();
 
-            Session["accountmn"]= accountmn;
-
             // Validate inputs
             if (string.IsNullOrEmpty(accountmn) || string.IsNullOrEmpty(pass))
             {
@@ -45,8 +43,6 @@ protected void loginm(object sender, EventArgs e)
                 return;
             }
 
-            
-
             try
             {   // Open connection
                 sqlConnection.Open();
diff --git a/WebApplication2/Pages/AverageTransactions/AverageTransactions.aspx.cs b/WebApplication2/Pages/AverageTransactions/AverageTransactions.aspx.cs
@@ -11,7 +11,11 @@ public partial class AverageTransactions : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
-
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
         }
 
         private void LoadData(string walletId, string startDate, string endDate)
diff --git a/WebApplication2/Pages/Cashbacks/Cashbacks.aspx.cs b/WebApplication2/Pages/Cashbacks/Cashbacks.aspx.cs
@@ -14,6 +14,12 @@ public partial class Cashbacks : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             if (!IsPostBack)
             {
                 LoadData();
diff --git a/WebApplication2/Pages/Eshops/Eshops.aspx.cs b/WebApplication2/Pages/Eshops/Eshops.aspx.cs
@@ -14,9 +14,15 @@ public partial class Eshops : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             if (!IsPostBack)
             {
-                LoadData();
+               LoadData();
             }
         }
         private void LoadData()
diff --git a/WebApplication2/Pages/Home/Home.aspx.cs b/WebApplication2/Pages/Home/Home.aspx.cs
@@ -11,6 +11,11 @@ public partial class Home : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
 
         }
     }
diff --git a/WebApplication2/Pages/Login/Login.aspx.cs b/WebApplication2/Pages/Login/Login.aspx.cs
@@ -19,6 +19,7 @@ protected void LoginButton(object sender, EventArgs e)
 
             if ((username == "58-1034" && password == "1234") || (username == "58-25160" && password == "1234") || (username == "58-12345" && password == "admin"))
             {
+                Session["adminID"] = username; 
                 Response.Redirect("/Pages/Home/Home.aspx");
             }
             else
diff --git a/WebApplication2/Pages/MobileSearch/MobileSearch.aspx.cs b/WebApplication2/Pages/MobileSearch/MobileSearch.aspx.cs
@@ -12,7 +12,11 @@ public partial class MobileSearch : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
-
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
         }
 
         private void LoadData(string mobileNumber) // Corrected parameter
diff --git a/WebApplication2/Pages/PaymentPoints/PaymentPoints.aspx.cs b/WebApplication2/Pages/PaymentPoints/PaymentPoints.aspx.cs
@@ -14,7 +14,11 @@ public partial class PaymentPoints : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
-
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
         }
         private void LoadData(string mobileNum) // Accept mobile number as parameter
         {
diff --git a/WebApplication2/Pages/Physical Stores/PhysicalStoresWithVouchers.aspx.cs b/WebApplication2/Pages/Physical Stores/PhysicalStoresWithVouchers.aspx.cs
@@ -14,6 +14,12 @@ public partial class PhysicalStoresWithVouchers : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             string connectionString = ConfigurationManager.ConnectionStrings["Milestone2DB_24"].ConnectionString;
 
             using (SqlConnection connection = new SqlConnection(connectionString))
diff --git a/WebApplication2/Pages/PlanCashback/PlanCashback.aspx.cs b/WebApplication2/Pages/PlanCashback/PlanCashback.aspx.cs
@@ -15,7 +15,11 @@ public partial class PlanCashback : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
-
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
         }
         private void LoadData(string walletId, string planId)
         {
diff --git a/WebApplication2/Pages/SMS offers/ListSMSOffers.aspx.cs b/WebApplication2/Pages/SMS offers/ListSMSOffers.aspx.cs
@@ -10,7 +10,11 @@ public partial class ListSMSOffers : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
-            // You can handle any additional logic on page load if needed
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
         }
 
         protected void ButtonFetchOffers_Click(object sender, EventArgs e)
diff --git a/WebApplication2/Pages/SubscriptionOnDate/CustomerAccountsSubscribedOnInputIdAndDate.aspx.cs b/WebApplication2/Pages/SubscriptionOnDate/CustomerAccountsSubscribedOnInputIdAndDate.aspx.cs
@@ -16,7 +16,11 @@ public partial class CustomerAccountsSubscribedOnInputIdAndDate : System.Web.UI.
         private string subscriptionDateText;
         protected void Page_Load(object sender, EventArgs e)
         {
-
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
         }
         protected void FetchButton_Click(object sender, EventArgs e)
         {
diff --git a/WebApplication2/Pages/Transactions/Transactions.aspx.cs b/WebApplication2/Pages/Transactions/Transactions.aspx.cs
@@ -14,6 +14,12 @@ public partial class Transactions : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             if (!IsPostBack)
             {
                 LoadData();
diff --git a/WebApplication2/Pages/UpdatePoints/UpdatePoints.aspx.cs b/WebApplication2/Pages/UpdatePoints/UpdatePoints.aspx.cs
@@ -12,7 +12,11 @@ public partial class UpdatePoints : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
-
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
         }
 
         private void LoadData(string mobileNum)
diff --git a/WebApplication2/Pages/Wallets/Wallets.aspx.cs b/WebApplication2/Pages/Wallets/Wallets.aspx.cs
@@ -14,6 +14,12 @@ public partial class Wallets : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             if (!IsPostBack)
             {
                 LoadData();
diff --git a/WebApplication2/Pages/account usage/AccountUsagePage.aspx.cs b/WebApplication2/Pages/account usage/AccountUsagePage.aspx.cs
@@ -10,9 +10,10 @@ public partial class AccountUsagePage : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
-            if (!IsPostBack)
+            if (Session["adminID"] == null)
             {
-                // Initialize the page if needed
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
             }
         }
 
diff --git a/WebApplication2/Pages/customer plans/CustomersWithPlans.aspx.cs b/WebApplication2/Pages/customer plans/CustomersWithPlans.aspx.cs
@@ -14,6 +14,12 @@ public partial class CustomersWithPlans : Page
 
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             if (!IsPostBack)
             {
                 // Bind the data to the GridView when the page loads
diff --git a/WebApplication2/Pages/remove benefits/RemoveBenefitsPage.aspx.cs b/WebApplication2/Pages/remove benefits/RemoveBenefitsPage.aspx.cs
@@ -10,6 +10,12 @@ public partial class RemoveBenefitsPage : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             if (!IsPostBack)
             {
                 LabelStatus.Text = string.Empty;
diff --git a/WebApplication2/Pages/resolved tickets/Resolved Tickets.aspx.cs b/WebApplication2/Pages/resolved tickets/Resolved Tickets.aspx.cs
@@ -14,6 +14,12 @@ public partial class Resolved_Tickets : System.Web.UI.Page
     {
         protected void Page_Load(object sender, EventArgs e)
         {
+            if (Session["adminID"] == null)
+            {
+                // Redirect to the login page if not authenticated
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+
             string connectionString = ConfigurationManager.ConnectionStrings["Milestone2DB_24"].ConnectionString;
 
             using (SqlConnection connection = new SqlConnection(connectionString))
diff --git a/WebApplication2/Site.Master b/WebApplication2/Site.Master
@@ -41,6 +41,18 @@
     function clearScrollPosition() {
         sessionStorage.removeItem("sidebarScrollPosition");
     }
+
+    function logout() {
+        // Clear the session variable
+        sessionStorage.clear();
+        // Send a POST request to the logout endpoint
+        fetch('logout.aspx', { method: 'POST' })
+            .then(response => {
+                if (response.redirected) {
+                    window.location.href = response.url;
+                }
+            });
+    }
 </script>
 </head>
 <body>
@@ -54,7 +66,7 @@
                     <div>
                         <asp:ContentPlaceHolder ID="Header" runat="server" />
                     </div>
-                    <a href="/Pages/Login/Login.aspx" onclick="clearScrollPosition();" class="back-button">Logout</a>
+                    <a href="/Pages/Login/Login.aspx" onclick="clearScrollPosition(); logout();" class="back-button">Log Out</a>
                 </div>
                 <div class="content">
                     <asp:ContentPlaceHolder ID="MainContent" runat="server" />
diff --git a/WebApplication2/logout.aspx b/WebApplication2/logout.aspx
@@ -0,0 +1,15 @@
+﻿<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="logout.aspx.cs" Inherits="WebApplication2.logout" %>
+
+<!DOCTYPE html>
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head runat="server">
+    <title></title>
+</head>
+<body>
+    <form id="form1" runat="server">
+        <div>
+        </div>
+    </form>
+</body>
+</html>
diff --git a/WebApplication2/logout.aspx.cs b/WebApplication2/logout.aspx.cs
@@ -0,0 +1,28 @@
+﻿using System;
+using System.Web;
+
+namespace WebApplication2.Pages
+{
+    public partial class logout : System.Web.UI.Page
+    {
+        protected void Page_Load(object sender, EventArgs e)
+        {
+            if (Request.HttpMethod == "POST")
+            {
+                // Clear the session
+                Session.Clear();
+                Session.Abandon();
+
+                // Optionally, you can add additional cleanup code here
+
+                // Redirect to the login page
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+            else
+            {
+                // If the request is not a POST, redirect to the login page directly
+                Response.Redirect("/Pages/Login/Login.aspx");
+            }
+        }
+    }
+}
diff --git a/WebApplication2/logout.aspx.designer.cs b/WebApplication2/logout.aspx.designer.cs

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,11 @@ public partial class AverageTransactions : System.Web.UI.Page`
`11`	`11`	`{`
`12`	`12`	`protected void Page_Load(object sender, EventArgs e)`
`13`	`13`	`{`
`14`		`-`
	`14`	`+ if (Session["adminID"] == null)`
	`15`	`+ {`
	`16`	`+ // Redirect to the login page if not authenticated`
	`17`	`+ Response.Redirect("/Pages/Login/Login.aspx");`
	`18`	`+ }`
`15`	`19`	`}`
`16`	`20`
`17`	`21`	`private void LoadData(string walletId, string startDate, string endDate)`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,12 @@ public partial class Cashbacks : System.Web.UI.Page`
`14`	`14`	`{`
`15`	`15`	`protected void Page_Load(object sender, EventArgs e)`
`16`	`16`	`{`
	`17`	`+ if (Session["adminID"] == null)`
	`18`	`+ {`
	`19`	`+ // Redirect to the login page if not authenticated`
	`20`	`+ Response.Redirect("/Pages/Login/Login.aspx");`
	`21`	`+ }`
	`22`	`+`
`17`	`23`	`if (!IsPostBack)`
`18`	`24`	`{`
`19`	`25`	`LoadData();`
Original file line number	Diff line number	Diff line change
`@@ -14,9 +14,15 @@ public partial class Eshops : System.Web.UI.Page`
`14`	`14`	`{`
`15`	`15`	`protected void Page_Load(object sender, EventArgs e)`
`16`	`16`	`{`
	`17`	`+ if (Session["adminID"] == null)`
	`18`	`+ {`
	`19`	`+ // Redirect to the login page if not authenticated`
	`20`	`+ Response.Redirect("/Pages/Login/Login.aspx");`
	`21`	`+ }`
	`22`	`+`
`17`	`23`	`if (!IsPostBack)`
`18`	`24`	`{`
`19`		`- LoadData();`
	`25`	`+ LoadData();`
`20`	`26`	`}`
`21`	`27`	`}`
`22`	`28`	`private void LoadData()`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,11 @@ public partial class Home : System.Web.UI.Page`
`11`	`11`	`{`
`12`	`12`	`protected void Page_Load(object sender, EventArgs e)`
`13`	`13`	`{`
	`14`	`+ if (Session["adminID"] == null)`
	`15`	`+ {`
	`16`	`+ // Redirect to the login page if not authenticated`
	`17`	`+ Response.Redirect("/Pages/Login/Login.aspx");`
	`18`	`+ }`
`14`	`19`
`15`	`20`	`}`
`16`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ protected void LoginButton(object sender, EventArgs e)`
`19`	`19`
`20`	`20`	`if ((username == "58-1034" && password == "1234") \|\| (username == "58-25160" && password == "1234") \|\| (username == "58-12345" && password == "admin"))`
`21`	`21`	`{`
	`22`	`+ Session["adminID"] = username;`
`22`	`23`	`Response.Redirect("/Pages/Home/Home.aspx");`
`23`	`24`	`}`
`24`	`25`	`else`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,11 @@ public partial class MobileSearch : System.Web.UI.Page`
`12`	`12`	`{`
`13`	`13`	`protected void Page_Load(object sender, EventArgs e)`
`14`	`14`	`{`
`15`		`-`
	`15`	`+ if (Session["adminID"] == null)`
	`16`	`+ {`
	`17`	`+ // Redirect to the login page if not authenticated`
	`18`	`+ Response.Redirect("/Pages/Login/Login.aspx");`
	`19`	`+ }`
`16`	`20`	`}`
`17`	`21`
`18`	`22`	`private void LoadData(string mobileNumber) // Corrected parameter`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,11 @@ public partial class PaymentPoints : System.Web.UI.Page`
`14`	`14`	`{`
`15`	`15`	`protected void Page_Load(object sender, EventArgs e)`
`16`	`16`	`{`
`17`		`-`
	`17`	`+ if (Session["adminID"] == null)`
	`18`	`+ {`
	`19`	`+ // Redirect to the login page if not authenticated`
	`20`	`+ Response.Redirect("/Pages/Login/Login.aspx");`
	`21`	`+ }`
`18`	`22`	`}`
`19`	`23`	`private void LoadData(string mobileNum) // Accept mobile number as parameter`
`20`	`24`	`{`