Imports System.Data.SqlClient
Imports System.Configuration
Imports System.Data

Partial Class SearchUsers
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
        If Not IsPostBack Then
            ' Optionally load all users or recent users when page first loads
            ' LoadAllUsers()
        End If
    End Sub

    Protected Sub btnSearch_Click(sender As Object, e As EventArgs) Handles btnSearch.Click
        Dim searchTerm As String = txtSearch.Text.Trim()

        If String.IsNullOrEmpty(searchTerm) Then
            ' If search box is empty, show all users or no users
            ' LoadAllUsers()
            gvUsers.DataSource = Nothing
            gvUsers.DataBind()
        Else
            SearchUsers(searchTerm)
        End If
    End Sub

    Private Sub SearchUsers(searchTerm As String)
        Dim connectionString As String = ConfigurationManager.ConnectionStrings("NaveedDBConnection").ConnectionString
        Dim query As String = "SELECT USER_NAME, USERNAME, USER_EMAIL, LOCATION, CREATED_AT FROM USERS " &
                            "WHERE USER_NAME LIKE @SearchTerm OR USERNAME LIKE @SearchTerm OR USER_EMAIL LIKE @SearchTerm OR LOCATION LIKE @SearchTerm " &
                            "ORDER BY USER_NAME"

        Using conn As New SqlConnection(connectionString)
            Using cmd As New SqlCommand(query, conn)
                cmd.Parameters.AddWithValue("@SearchTerm", "%" & searchTerm & "%")

                Dim adapter As New SqlDataAdapter(cmd)
                Dim dt As New DataTable()
                adapter.Fill(dt)

                gvUsers.DataSource = dt
                gvUsers.DataBind()
            End Using
        End Using
    End Sub

    ' Optional method to load all users
    Private Sub LoadAllUsers()
        Dim connectionString As String = ConfigurationManager.ConnectionStrings("NaveedDBConnection").ConnectionString
        Dim query As String = "SELECT TOP 50 USER_NAME, USERNAME, USER_EMAIL, LOCATION, CREATED_AT FROM USERS ORDER BY CREATED_AT DESC"

        Using conn As New SqlConnection(connectionString)
            Using cmd As New SqlCommand(query, conn)
                Dim adapter As New SqlDataAdapter(cmd)
                Dim dt As New DataTable()
                adapter.Fill(dt)

                gvUsers.DataSource = dt
                gvUsers.DataBind()
            End Using
        End Using
    End Sub
End Class





Imports System.Data.SqlClient
Imports System.Configuration

Partial Class Register
    Inherits System.Web.UI.Page

    Protected Sub btnRegister_Click(sender As Object, e As EventArgs) Handles btnRegister.Click
        If Page.IsValid Then
            Try
                If txtName.Text IsNot Nothing AndAlso Not String.IsNullOrEmpty(txtName.Text) Then
                    Dim newUserId As Integer = RegisterUser()
                    If newUserId > 0 Then
                        lblMessage.Text = $"Registration successful! Welcome, {txtName.Text}"
                        lblMessage.CssClass = "success-message"
                        ClearForm()
                    Else
                        lblMessage.Text = "Registration failed. No user ID was returned."
                        lblMessage.CssClass = "error-message"
                    End If
                End If
            Catch ex As SqlException

            Catch ex As Exception
                lblMessage.Text = $"An unexpected error occurred: {ex.Message}"
                lblMessage.CssClass = "error-message"
            End Try
        End If
    End Sub

    Private Function RegisterUser() As Integer
        Dim connectionString As String = ConfigurationManager.ConnectionStrings("NaveedDBConnection").ConnectionString
        Dim query As String = "INSERT INTO USERS (USER_NAME, USER_EMAIL, USERNAME, USER_PASSWORD, BIRTH_DATE, LOCATION, CREATED_AT) " &
                            "VALUES (@Name, @Email, @Username, @Password, @BirthDate, @Location, @CreatedAt); " &
                            "SELECT SCOPE_IDENTITY();"

        Using conn As New SqlConnection(connectionString)
            Using cmd As New SqlCommand(query, conn)
                ' Let SQL Server handle the ID with IDENTITY column
                cmd.Parameters.AddWithValue("@Name", txtName.Text.Trim())
                cmd.Parameters.AddWithValue("@Email", txtEmail.Text.Trim())
                cmd.Parameters.AddWithValue("@Username", txtUserName.Text.Trim()) ' Fixed: using txtUserName to match form control
                cmd.Parameters.AddWithValue("@Password", HashPassword(txtPassword.Text))

                ' Handle optional fields
                If String.IsNullOrEmpty(txtBirthDate.Text) Then
                    cmd.Parameters.AddWithValue("@BirthDate", DBNull.Value)
                Else
                    cmd.Parameters.AddWithValue("@BirthDate", DateTime.Parse(txtBirthDate.Text))
                End If

                cmd.Parameters.AddWithValue("@Location", If(String.IsNullOrEmpty(txtLocation.Text), DBNull.Value, txtLocation.Text))
                cmd.Parameters.AddWithValue("@CreatedAt", DateTime.Now)

                conn.Open()
                ' Get the auto-generated ID
                Return Convert.ToInt32(cmd.ExecuteScalar())
            End Using
        End Using
    End Function

    Private Function HashPassword(password As String) As String
        ' Using SHA256 - in production consider PBKDF2, bcrypt or Argon2
        Using sha256 As New System.Security.Cryptography.SHA256Managed()
            Dim bytes As Byte() = System.Text.Encoding.UTF8.GetBytes(password)
            Dim hash As Byte() = sha256.ComputeHash(bytes)
            Return Convert.ToBase64String(hash)
        End Using
    End Function

    Private Sub ClearForm()
        txtName.Text = ""       ' Fixed: clearing txtName instead of duplicating txtUserName
        txtEmail.Text = ""
        txtUserName.Text = ""   ' Clearing txtUserName 
        txtPassword.Text = ""
        txtBirthDate.Text = ""
        txtLocation.Text = ""
    End Sub
End Class