using System;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class editaccount : System.Web.UI.Page
{
    public string connectionString = "Data Source=THIS-9110C42D72\\SQLEXPRESS;Initial Catalog=webproms;Integrated Security=True";

    public void GetAccountInfo()
    {
        SqlConnection conn = new SqlConnection(connectionString);
        conn.Open();
        String sqlstring;
        SqlCommand checkUsername;
        SqlDataReader usernames;
        sqlstring = "SELECT * FROM accounts WHERE (accountID = '" + Session["id"] + "')";
        checkUsername = new SqlCommand(sqlstring, conn);
        usernames = checkUsername.ExecuteReader();

        while (usernames.Read())
        {
            if (usernames["accountID"].ToString() == Session["id"].ToString())
            {
                txtFirst.Text = usernames["accountFirstName"].ToString();
                txtLast.Text = usernames["accountLastName"].ToString();
                txtEmail.Text = usernames["accountEmail"].ToString();
            }
        }
    }

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            GetAccountInfo();
        }
    }

    protected void btnInfo_Click(object sender, EventArgs e)
    {
        SqlDataSource account = new SqlDataSource(connectionString, "SELECT * FROM accounts WHERE accountID='" + Session["id"] + "'");
        account.UpdateCommand="UPDATE accounts SET accountFirstName='" + txtFirst.Text + "',accountLastName='" + txtLast.Text + "',accountEmail='" + txtEmail.Text + "' WHERE accountID='" + Session["id"] + "'";
        account.Update();
        lblUpdated.Text = "Your account information has been updated.\n" + account.UpdateCommand;
        lblUpdated.Visible = true;
        GetAccountInfo();
    }

    protected void btnPassword_Click(object sender, EventArgs e)
    {
        if (txtOld.Text != Session["password"].ToString())
        {
            lblUpdated.Text = "ERROR: Your old password is not correct.";
            lblUpdated.Visible = true;
        }
        else
        {
            SqlDataSource account = new SqlDataSource(connectionString, "SELECT * FROM accounts WHERE accountID='" + Session["id"] + "'");
            account.UpdateCommand = "UPDATE accounts SET accountPassword='" + txtNew1.Text + "' WHERE accountID='" + Session["id"] + "'";
            account.Update();
            lblUpdated.Text = "Your password has been updated.";
            lblUpdated.Visible = true;
            Session["password"] = txtNew1.Text;
        }
        GetAccountInfo();
    }
}