Beispiel #1
0
        public static List <AuthenticationDetailParameters> AutheticateUser(AuthenticationParameters filter)
        {
            List <AuthenticationDetailParameters> authuser = new List <AuthenticationDetailParameters>();

            try
            {
                //sp_auth_user
                using (MySqlConnection conn = new MySqlConnection(connectionString))
                {
                    MySqlCommand cmd = new MySqlCommand("sp_auth_user", conn);
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add("@_user_code", MySqlDbType.String).Value = filter._user_code;
                    cmd.Parameters.Add("@_password", MySqlDbType.String).Value  = filter._password;
                    conn.Open();
                    using (IDataReader dr = cmd.ExecuteReader())
                    {
                        while (dr.Read())
                        {
                            AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                            string status = dr.IsNull <string>("status");
                            _AuthenticationDetailParameters.status = status;
                            if (status != "success")
                            {
                                _AuthenticationDetailParameters.user_code = "";
                            }
                            else
                            {
                                _AuthenticationDetailParameters.user_id        = dr.IsNull <uint>("id");
                                _AuthenticationDetailParameters.user_code      = dr.IsNull <string>("user_code");
                                _AuthenticationDetailParameters.password       = dr.IsNull <string>("password");
                                _AuthenticationDetailParameters.privilege_name = dr.IsNull <string>("privilege_name");
                                _AuthenticationDetailParameters.role_name      = dr.IsNull <string>("role_name");
                                _AuthenticationDetailParameters.UserName       = dr.IsNull <string>("user_name");
                            }
                            authuser.Add(_AuthenticationDetailParameters);
                        }
                    }
                }
                return(authuser);
            }
            catch (Exception e)
            {
                AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                string status = "failed with exception in code";
                _AuthenticationDetailParameters.status = status;
                authuser.Add(_AuthenticationDetailParameters);
                return(authuser);
            }
        }
Beispiel #2
0
        public static List <AuthenticationDetailParameters> AutheticateUserwithattempts(AuthenticationParameters filter)
        {
            List <AuthenticationDetailParameters> authuser = new List <AuthenticationDetailParameters>();

            try
            {
                attempts = Convert.ToInt32(filter._attempt.ToString());
                DataSet ds  = new DataSet();
                DataSet ds1 = new DataSet();
                //sp_auth_user
                using (MySqlConnection conn = new MySqlConnection(connectionString))
                {
                    conn.Open();
                    MySqlCommand cmd = new MySqlCommand("select id,LoginAttempt from mst_users where user_code=@username", conn);
                    cmd.Parameters.AddWithValue("@username", filter._user_code);
                    cmd.Parameters.AddWithValue("@password", filter._password);

                    MySqlDataAdapter da = new MySqlDataAdapter(cmd);
                    da.Fill(ds);
                    if (ds != null)
                    {
                        if (ds.Tables[0].Rows.Count > 0)
                        {
                            attempts = Convert.ToInt32(ds.Tables[0].Rows[0]["LoginAttempt"]);
                            if (attempts == 3)
                            {
                                AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                                string status = "Your Account Already Locked";
                                _AuthenticationDetailParameters.status = status;
                                authuser.Add(_AuthenticationDetailParameters);
                                // return authuser;
                            }
                            else
                            {
                                cmd             = new MySqlCommand("sp_auth_user_attempt", conn);
                                cmd.CommandType = CommandType.StoredProcedure;
                                cmd.Parameters.Add("@_user_code", MySqlDbType.String).Value = filter._user_code;
                                cmd.Parameters.Add("@_password", MySqlDbType.String).Value  = filter._password;
                                da = new MySqlDataAdapter(cmd);
                                da.Fill(ds1);


                                if (ds1 != null)
                                {
                                    if (ds1.Tables[0].Rows.Count > 0 && ds1.Tables[0].Rows[0]["LoginAttempt"].ToString() != "")
                                    {
                                        filter._attempt = ds1.Tables[0].Rows[0]["LoginAttempt"].ToString();
                                        if (Convert.ToInt32(filter._attempt.ToString()) != 3)
                                        {
                                            cmd = new MySqlCommand("update mst_users set LoginAttempt=0 where user_code=@username and password=@password", conn);
                                            cmd.Parameters.AddWithValue("@username", filter._user_code);
                                            cmd.Parameters.AddWithValue("@password", filter._password);
                                            cmd.ExecuteNonQuery();
                                            AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                                            string status = ds1.Tables[0].Rows[0]["status"].ToString();
                                            _AuthenticationDetailParameters.status = status;
                                            if (status != "success")
                                            {
                                                _AuthenticationDetailParameters.user_code = "";
                                            }
                                            else
                                            {
                                                _AuthenticationDetailParameters.user_id        = Convert.ToUInt32(ds1.Tables[0].Rows[0]["id"].ToString());
                                                _AuthenticationDetailParameters.user_code      = ds1.Tables[0].Rows[0]["user_code"].ToString();
                                                _AuthenticationDetailParameters.password       = ds1.Tables[0].Rows[0]["password"].ToString();
                                                _AuthenticationDetailParameters.privilege_name = ds1.Tables[0].Rows[0]["privilege_name"].ToString();
                                                _AuthenticationDetailParameters.role_name      = ds1.Tables[0].Rows[0]["role_name"].ToString();
                                                _AuthenticationDetailParameters.UserName       = ds1.Tables[0].Rows[0]["user_name"].ToString();
                                            }
                                            authuser.Add(_AuthenticationDetailParameters);
                                            //  return authuser;
                                        }
                                        else
                                        {
                                            AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                                            string status = "Your Account Already Locked...Contact Administrator";
                                            _AuthenticationDetailParameters.status = status;
                                            authuser.Add(_AuthenticationDetailParameters);
                                            // return authuser;
                                        }
                                    }
                                    else
                                    {
                                        AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();

                                        string strquery = string.Empty;
                                        if (attempts > 2)
                                        {
                                            strquery = "update mst_users set islocked=1, LoginAttempt=@attempts where user_code=@username and password=@password";
                                            string status = "You Reached Maximum Attempts. Your account has been locked";
                                            _AuthenticationDetailParameters.status = status;
                                        }
                                        else
                                        {
                                            attempts        = attempts + 1;
                                            filter._attempt = attempts.ToString();

                                            if (attempts == 3)
                                            {
                                                strquery = "update mst_users set islocked=1,LoginAttempt=@attempts where user_code=@username";
                                                string status = "Your Account Locked";
                                                _AuthenticationDetailParameters.status = status;
                                            }
                                            else
                                            {
                                                strquery = "update mst_users set LoginAttempt=@attempts where user_code=@username";
                                                string status = "Your Password Wrong you have only " + (3 - attempts) + " attempts";
                                                _AuthenticationDetailParameters.status = status;
                                            }
                                        }
                                        cmd = new MySqlCommand(strquery, conn);
                                        cmd.Parameters.AddWithValue("@username", filter._user_code);
                                        cmd.Parameters.AddWithValue("@password", filter._password);
                                        cmd.Parameters.AddWithValue("@attempts", attempts);
                                        cmd.ExecuteNonQuery();
                                        authuser.Add(_AuthenticationDetailParameters);
                                        //return authuser;
                                    }
                                }
                            }
                        }
                        else
                        {
                            AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                            string status = "UserName does not exist";
                            _AuthenticationDetailParameters.status = status;
                            authuser.Add(_AuthenticationDetailParameters);
                            // return authuser;
                        }
                    }
                    else
                    {
                        AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                        string status = "UserName does not exist";
                        _AuthenticationDetailParameters.status = status;
                        authuser.Add(_AuthenticationDetailParameters);
                        // return authuser;
                    }
                }
                return(authuser);
            }
            catch (Exception e)
            {
                AuthenticationDetailParameters _AuthenticationDetailParameters = new AuthenticationDetailParameters();
                string status = "failed with exception in code";
                _AuthenticationDetailParameters.status = status;
                authuser.Add(_AuthenticationDetailParameters);
                return(authuser);
            }
        }