Caveat: I'm extremely new to ASP.net, and am stumbling through some issues with a site I was handed. ---- The admin section of the site I'm having trouble with is forms authenticated. They process credit card orders that arrive via a site order form, and then when the order has been processed externally, clicking a link to confirm the instance as processed should trigger an email sent to the buyer and will mark the item as processed. The credit card orders go through fine, show up in the admin section and the SQL database, but clicking on an individual detail page takes about 30 seconds to load the info, and then I cannot delete, process, or otherwise modify the resulting page without being booted back to the login page. Logging in brings me back to the same page, with no deletion or processing of the item. Note that the original confirmation email when the order is placed IS sent out, just not the processing order confirmation. I'm sure it's something very obvious or minor, but does anyone have any ideas as to how I can get this to stay marked as processed in the database, and get the detail page to load quicker? The code for the page follows: Code: <%if (order.Processed == string.Empty) { %> This order has not been processed. <% } else { %> <b>This order was processed on <%=order.Processed.ToString()%> <% } %> <%if (Request["function"] == "delete") { %> <div style="border: 1px solid #953b24; padding: 10px;"> Are you sure you want to delete this order? <asp:linkbutton runat="server" id="btn_Delete" onclick="btn_Delete_Click"><b>Delete</b></asp:linkbutton> | <a href="gcOrderDetail.aspx?id=<%=order.ID%>"><b>Cancel</b></a> </div> <br/> <% } %> <a href="gcOrders.aspx"><b>BACK TO LIST</b></a> | <a href="gcOrderDetail.aspx?id=<%=order.ID%>&function=delete"><b>DELETE THIS ORDER</b></a> <%if (order.Processed == string.Empty) { %> | <asp:linkbutton runat="server" id="btn_Process" onclick="btn_Process_Click"><b>MARK THIS ORDER AS PROCESSED</b></asp:linkbutton><% } %> </form> </div> Other relevant code: Code: private void SaveDB(){ SqlConnection cn = new SqlConnection(Config.GetValue("CONNECTION_STRING")); SqlCommand cmd = new SqlCommand(); try { cn.Open(); cmd.Connection = cn; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@product",SqlDbType.VarChar).Value = this.product; cmd.Parameters.Add("@total",SqlDbType.Decimal).Value = this.total; cmd.Parameters.Add("@overnight",SqlDbType.Decimal).Value = this.overnight; cmd.Parameters.Add("@quantity",SqlDbType.Int).Value = this.quantity; cmd.Parameters.Add("@recipientid",SqlDbType.Int).Value = this.recipientID; cmd.Parameters.Add("@paymentid",SqlDbType.Int).Value = this.paymentID; // cmd.Parameters.Add("@submitted",SqlDbType.DateTime).Value = DateTime.Now; cmd.CommandText = "sp_InsertOrder"; SqlParameter prm = new SqlParameter("@orderid",SqlDbType.Int); prm.Direction = ParameterDirection.Output; cmd.Parameters.Add(prm); cmd.ExecuteNonQuery(); this.id = (Int32)prm.Value; } catch (Exception e) { throw e; } } public void SendConfirmationEmail(int id, string to) { if(to != null && to.Length != 0) { if(Config.ConfirmationMesssage != null && Config.ConfirmationMesssage.Length != 0) { MailMessage m = new MailMessage(); m.From = Config.GetValue("ORDER_CONFIRMATION_SENDER"); m.Subject = Config.GetValue("ORDER_CONFIRMATION_SUBJECT"); m.To = to; m.BodyFormat = MailFormat.Html; m.Body = String.Format(Config.ConfirmationMesssage, Config.Root, id); SmtpMail.SmtpServer = Config.GetValue("MAIL_SERVER"); SmtpMail.Send(m); } } } public void SendProcessedConfirmationEmail(int id, string to) { //Fill confirmation message using a different email template. string confirmationMessage = String.Empty; string path = context.Current.Server.MapPath(Config.GetValue("ORDER_PROCESSED_MESSAGE_PATH")); if (File.Exists(path)) { using (StreamReader sr = new StreamReader(path)) { confirmationMessage = sr.ReadToEnd(); } } if (to != null && to.Length != 0) { if (confirmationMessage != null && confirmationMessage.Length != 0) { MailMessage m = new MailMessage(); m.From = Config.GetValue("ORDER_CONFIRMATION_SENDER"); m.Subject = Config.GetValue("ORDER_PROCESSED_CONFIRMATION_SUBJECT"); m.To = to; m.BodyFormat = MailFormat.Html; m.Body = String.Format(confirmationMessage, Config.Root, id); SmtpMail.SmtpServer = Config.GetValue("MAIL_SERVER"); SmtpMail.Send(m); } } } public void SendNotificationEmail(int id) { string email = Config.GetValue("ORDER_NOTIFICATION_SENDER"); string subject = Config.GetValue("ORDER_NOTIFICATION_SUBJECT"); string body = String.Format(Config.GetValue("ORDER_NOTIFICATION_BODY"), Config.Root, id); SmtpMail.SmtpServer = Config.GetValue("MAIL_SERVER"); SmtpMail.Send(email, Core.Config.OrderNotifyEmail, subject, body); } private void DeleteFromDB(int id){ SqlConnection cn = new SqlConnection(Config.GetValue("CONNECTION_STRING")); SqlCommand cmd = new SqlCommand(); try { cn.Open(); cmd.Connection = cn; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@id",SqlDbType.Int).Value = id; cmd.CommandText = "sp_DeleteOrder"; } catch (Exception e) { throw e; } } private void SaveProcessDateToDB(int id){ SqlConnection cn = new SqlConnection(Config.GetValue("CONNECTION_STRING")); SqlCommand cmd = new SqlCommand(); try { cn.Open(); cmd.Connection = cn; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@id",SqlDbType.VarChar).Value = id; cmd.Parameters.Add("@processed",SqlDbType.DateTime).Value = DateTime.Now; cmd.CommandText = "sp_ProcessOrder"; cmd.ExecuteNonQuery(); } catch (Exception e) { throw e; } } private void SaveSubmittedDateToDB(int id){ SqlConnection cn = new SqlConnection(Config.GetValue("CONNECTION_STRING")); SqlCommand cmd = new SqlCommand(); try { cn.Open(); cmd.Connection = cn; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@id",SqlDbType.VarChar).Value = id; cmd.Parameters.Add("@submitted",SqlDbType.DateTime).Value = DateTime.Now; cmd.CommandText = "sp_SubmitOrder"; cmd.ExecuteNonQuery(); } catch (Exception e) { throw e; } } public void GetOrderDetail(int id){ SqlConnection cn = new SqlConnection(Config.GetValue("CONNECTION_STRING")); SqlCommand cmd = new SqlCommand(); try { cn.Open(); cmd.Connection = cn; cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add("@id",SqlDbType.VarChar).Value = id; cmd.CommandText = "sp_GetOrderDetail"; cmd.ExecuteNonQuery(); SqlDataAdapter myDataAdapter = new SqlDataAdapter(); DataSet ds = new DataSet(); myDataAdapter.SelectCommand = cmd; myDataAdapter.Fill(ds); FillData(ds.Tables[0].Rows[0]); } catch (Exception e) { throw e; } } public void Save(){ SaveDB(); } public void Submit(int id){ SaveSubmittedDateToDB(id); } public void Process(int id){ SaveProcessDateToDB(id); } public void Delete(int id){ DeleteFromDB(id); } public void Load(DataRow row) { FillData(row); } You have my eternal thanks and gratitude if you even read this, let alone if you answer it!
