//Adds a new user, if the email provided does not belong to an existing user
//Returns true if the user was added, returns false if the user could not be added.
public bool AddUser(String FirstName, String LastName, String Email, String Password)
{
foreach (User user in CRUD.GetAllUsers())
{
//If the email provided matches the email of a user that already
//exists in the system, return false
if (user.Email.Equals(Email))
{
//Log the failure to add the new user
logger.Info("Add new user operation failed as a user already exists on the "
+ "system with the email provided.");
return(false);
}
}
//Add the new user to the list of users in the database
CRUD.InsertUser(FirstName, LastName, Email, Password);
//Log the addition of the new user to the system
logger.Info("New user " + FirstName + " " + LastName +
" has been added to the system.");
return(true);
}
//Returns true if the user has entered a valid email and password,
//and has permission to access the system. Otherwise, returns false
public bool AttemptLogon(String Email, String Password)
{
//Return false if there are no users on the system
if (CRUD.GetAllUsers().Count == 0)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. There are no users on the system.");
return(false);
}
string Username = "";
int countEmailMatches = 0;
String checkPassword = "";
int checkPermissionUserID = 0;
bool checkPermissionUserIDFound = false;
bool checkIfBanned = false;
//Find the user in the system whose email matches the one provided
foreach (User user in CRUD.GetAllUsers())
{
if (user.Email == Email)
{
Username = user.FirstName + " " + user.LastName;
countEmailMatches++;
checkPassword = user.Password;
checkPermissionUserID = user.UserID;
checkIfBanned = user.IsBanned;
}
}
//Return false if the email provided does not belong to a user on the system
if (countEmailMatches < 1)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. The email provided" +
" does not belong to a user in the system.");
return(false);
}
//Return false if the user has entered an incorrect password
if (checkPassword != Password)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. User " + Username
+ " entered password incorrectly.");
return(false);
}
//Return false if the user is temporarily banned
if (checkIfBanned == true)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. User " + Username +
" has been temporarily banned from the system.");
return(false);
}
//Return false if the user does not have permission to access the system
foreach (UserAccessGroup Group in CRUD.GetAllAccessGroups())
{
//Find the admins access group
if (Group.GroupName == "Admins")
{
foreach (User user in Group.Users)
{
//Search the access group for a user with the ID of the
//user who is attempting to logon
if (user.UserID == checkPermissionUserID)
{
checkPermissionUserIDFound = true;
}
}
}
}
//If the user is not in the admins access group, return false
if (checkPermissionUserIDFound == false)
{
//Record the failed logon attempt in the database
CRUD.RecordFailedLogon();
//Log the failed logon attempt
logger.Info("User logon failed. " + Username
+ " does not have permission to access the system.");
return(false);
}
//Record the successful logon attempt in the database
CRUD.RecordSuccessfulLogon();
//Log the successful logon attempt
logger.Info(Username + " successfully logged on to the system.");
return(true);
}