public UserObject ViewUser(string userId, UserObject.UserRole userRole)
{
try
{
string sqlSelect = $"SELECT u.[userId], u.[password], u.[roleId], u.[fName], u.[lName], u.[email], u.[phone] FROM user_tbl u WHERE userId = @UserId";
if (userRole != UserObject.UserRole.Instructor || userRole != UserObject.UserRole.Student)
{
throw new NullReferenceException();
}
parameters = new List <ParameterList>();
UserObject user = null;
switch (userRole)
{
case UserObject.UserRole.Instructor:
user = new InstructorObject();
break;
case UserObject.UserRole.Student:
user = new StudentObject();
break;
default:
break;
}
parameters.Add(new ParameterList()
{
Key = "@UserId", Value = userId
});
adminDataAccess = new DataAccess();
Task <DataTable> task = Task.Run(() => adminDataAccess.GetDataAsync(sqlSelect, parameters));
user.UserId = task.Result.Columns["userId"].ToString();
user.Password = task.Result.Columns["password"].ToString();
user.userRole = (UserObject.UserRole)Convert.ToInt32(task.Result.Columns["roleId"]);
user.FirstName = task.Result.Columns["fName"].ToString();
user.LastName = task.Result.Columns["lName"].ToString();
user.Email = task.Result.Columns["email"].ToString();
user.Phone = task.Result.Columns["phone"].ToString();
if (user == null)
{
throw new NullReferenceException();
}
else
{
return(user);
}
}
catch (Exception ex)
{
throw;
}
}
public UserObject.UserRole Login(string userId, string password, out string errorMsg)
{
try
{
//check if username exists
//check if password matches
//get user role
userAccess = new DataAccess();
parameterLists = new List <ParameterList>();
errorMsg = "";
string usernameSql, passwordSql, roleSql;
ParameterList usernameParam, roleParam;
string usernameTask, passwordTask;
DataTable roleTask;
usernameSql = "select userId from user_tbl where userId = @UserId";
usernameParam = new ParameterList()
{
Key = "@UserId", Value = userId
};
parameterLists.Add(usernameParam);
passwordSql = "select password from user_tbl where userId = @UserId";
usernameTask = (string)userAccess.ExecuteScalar(usernameSql, parameterLists);
if (usernameTask != null)//username exists
{
passwordTask = (string)userAccess.ExecuteScalar(passwordSql, parameterLists);
if (passwordTask != null && (password.ToUpper().Equals(passwordTask.ToString().ToUpper())))//password exists and is equal
{
roleSql = "select roleId, fName + ' ' + lName full_Name from user_tbl where userId = @UserId and password = @Password;";
roleParam = new ParameterList()
{
Key = "@Password", Value = password
};
parameterLists.Add(roleParam);
roleTask = userAccess.GetData(roleSql, parameterLists);
if (roleTask != null)
{
isLoginSuccessfull = true;
fullName = roleTask.Rows[0].Field <string>("full_Name");
userRole = (UserObject.UserRole)roleTask.Rows[0].Field <int>("roleId");
}
else
{
errorMsg = "An unknown error has occured";
throw new Exception();
}
}
else
{
errorMsg = "Incorrect Password";
}
}
else
{
errorMsg = "Username does not exist";
}
return(userRole);
}
catch (Exception ex)
{
throw;
}
}
