public int ExecuteMemberIDQuery(User_Account uAccount, string _query)
{
try
{
if (this.openConnection() == false)
{
return(-1);
}
this.dbConnection.Open();
SqlCommand cmd = new SqlCommand(_query, this.dbConnection);
cmd.Parameters.AddWithValue("@username", uAccount.userName);
cmd.Parameters.AddWithValue("@pwd", uAccount.userPassword);
SqlDataReader reader = cmd.ExecuteReader();
// Call Read before accessing data.
reader.Read();
int mID = (int)reader[0];
// Call Close when done reading.
reader.Close();
return(mID);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return(-1);
}
finally
{
CloseConnection();
}
}
public string ExecuteLoginQuery(User_Account uAccount, string _query)
{
try
{
if (this.openConnection() == false)
{
return(null);
}
this.dbConnection.Open();
SqlCommand cmd = new SqlCommand(_query, this.dbConnection);
cmd.Parameters.AddWithValue("@username", uAccount.userName);
cmd.Parameters.AddWithValue("@pwd", uAccount.userPassword);
object firstRow = cmd.ExecuteScalar();
if (firstRow != null)
{
return((string)firstRow);
}
return(null);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return(null);
}
finally
{
CloseConnection();
}
}
public int InsertIntoUserAccount(User_Account uAccount)
{
string insertQuery = "Insert into account " +
"(customerid , userpassword) " +
"Values (@AH , @AP);";
dbConnection.openConnection();
SqlCommand cmd = new SqlCommand(insertQuery, dbConnection.getSQLDBConnection());
dbConnection.getSQLDBConnection().Open();
cmd.Parameters.AddWithValue("@AH", Convert.ToInt32(uAccount.userName));
cmd.Parameters.AddWithValue("@AP", uAccount.userPassword);
try
{
if (cmd.ExecuteNonQuery() > 0)
{
return(1);
}
}
catch (SqlException ex)
{
if (ex.ErrorCode.ToString() == "ORA-00001")
{
return(0);
}
return(-1);
}
finally
{
dbConnection.CloseConnection();
}
return(-1);
}
public User_Account checkLogin(string email, string password)
{
string sql = "SELECT * FROM User_Account WHERE Email= N'"
+ email + "'";
try
{
SqlDataReader reader = DataProvider.ExecuteQueryWithDataReader(sql, CommandType.Text);
if (reader.Read())
{
User_Account user = new User_Account
{
Email = reader.GetString(0),
Password = reader.GetString(1),
Full_Name = reader.GetString(2),
Birthday = reader.GetDateTime(3),
Gender = reader.GetString(4),
Address = reader.GetString(5),
Cancel_Amount = reader.GetInt32(6),
created_Date = reader.GetDateTime(7)
};
EncryptionSHA sha = new EncryptionSHA();
bool result = sha.doesPasswordMatch(password, user.Password);
return(result ? user : null);
}
}
catch (SqlException ex)
{
throw new Exception(ex.Message);
}
return(null);
}
public IHttpActionResult PostUser_Account(User_Account user_Account)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
db.User_Account.Add(user_Account);
try
{
db.SaveChanges();
}
catch (DbUpdateException)
{
if (User_AccountExists(user_Account.ID))
{
return(Conflict());
}
else
{
throw;
}
}
return(CreatedAtRoute("DefaultApi", new { id = user_Account.ID }, user_Account));
}
public User_Account getUser(string email)
{
string sql = "SELECT * FROM User_Account WHERE Email= N'"
+ email + "'";
try
{
SqlDataReader reader = DataProvider.ExecuteQueryWithDataReader(sql, CommandType.Text);
if (reader.Read())
{
User_Account user = new User_Account
{
Email = reader.GetString(0),
Password = reader.GetString(1),
Full_Name = reader.GetString(2),
Birthday = reader.GetDateTime(3),
Gender = reader.GetString(4),
Address = reader.GetString(5),
Cancel_Amount = reader.GetInt32(6),
created_Date = reader.GetDateTime(7)
};
return(user);
}
}
catch (SqlException ex)
{
throw new Exception(ex.Message);
}
return(null);
}
public IHttpActionResult PutUser_Account(string id, User_Account user_Account)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != user_Account.ID)
{
return(BadRequest());
}
db.Entry(user_Account).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!User_AccountExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public async Task <ActionResult <User_Account> > PostUser_Account(User_Account user_Account)
{
_context.User_Accounts.Add(user_Account);
await _context.SaveChangesAsync();
return(CreatedAtAction("GetUser_Account", new { id = user_Account.Id }, user_Account));
}
public int getMemberID(User_Account uAccount)
{
string mySqlQuery = "SELECT cust.customerid FROM customer cust INNER JOIN account acc ON acc.customerid = cust.customerid WHERE "
+ "cust.username = @username " + "and acc.userpassword = @pwd";
return(dbConnection.ExecuteMemberIDQuery(uAccount, mySqlQuery));
}
public async Task <IActionResult> Register([FromBody] RegisterModel model)
{
var userExists = await userManager.FindByNameAsync(model.Email);
//userExists = await userManager.FindByNameAsync(model.PhoneNumber);
if (userExists != null)
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "User already exists!"
}));
}
User_Account user = new User_Account()
{
Email = model.Email,
SecurityStamp = Guid.NewGuid().ToString(),
UserName = model.Email,
PhoneNumber = model.PhoneNumber,
FirstName = model.FirstName,
LastName = model.LastName
};
var result = await userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "User creation failed! Please check user details and try again."
}));
}
return(Ok(new Response {
Status = "Success", Message = "User created successfully!"
}));
}
public string SelectUserAccount(User_Account uAccount)
{
string mySqlQuery = "SELECT cust.cust_role FROM customer cust INNER JOIN account acc ON acc.customerid = cust.customerid WHERE "
+ "cust.username = @username " + "and acc.userpassword = @pwd";
return(dbConnection.ExecuteLoginQuery(uAccount, mySqlQuery));
}
public ActionResult Register(FormCollection f)
{
string email = f["txtEmail"];
string password = f["txtPassword"];
string fullName = f["txtFullname"];
string bDate = f["slBirthDay"];
string bMonth = f["slbirthMonth"];
string bYear = f["slbirthYear"];
string gender = f["slGender"];
string address = f["txtAddress"];
bool poli = (f["cbPoli"] == "on") ? true : false;
string s = bYear + "-" + bMonth + "-" + bDate;
AccountDAL accountDal = new AccountDAL();
bool checkExist = accountDal.checkExist(email);
if (checkExist == false)
{
DateTime bd = Convert.ToDateTime(s);
DateTime today = DateTime.Today;
User_Account u_account = new User_Account {
Email = email, Password = password, Full_Name = fullName, Birthday = bd, Gender = gender, Address = address, Cancel_Amount = 0, created_Date = today
};
accountDal.registerAccount(email, password, fullName, bd, gender, address, today);
Session["USER"] = u_account;
return(RedirectToAction("Index", "Home"));
}
else
{
Session["ERROR"] = "Your Email is existed!!!";
return(RedirectToAction("Login", "Login"));
}
}
public ActionResult Update(FormCollection f)
{
string email = f["txtEmail"];
string fullName = f["txtFullname"];
string bDate = f["slBirthDay"];
string bMonth = f["slbirthMonth"];
string bYear = f["slbirthYear"];
string gender = f["slGender"];
string address = f["txtAddress"];
string s = bYear + "-" + bMonth + "-" + bDate;
DateTime bd = Convert.ToDateTime(s);
AccountDAL accountDal = new AccountDAL();
accountDal.updateAccount(email, fullName, bd, gender, address);
User_Account u_account = accountDal.getUser(email);
Session["USER"] = u_account;
DateTime birthday = (DateTime)u_account.Birthday;
Session["DATE"] = birthday.Day.ToString();
Session["MONTH"] = birthday.Month.ToString();
Session["YEAR"] = birthday.Year.ToString();
Session["GENDER"] = u_account.Gender;
ViewBag.Message = "Update Successfully!";
return(View());
}
public async Task <IActionResult> PutUser_Account(int id, User_Account user_Account)
{
if (id != user_Account.Id)
{
return(BadRequest());
}
_context.Entry(user_Account).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!User_AccountExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(NoContent());
}
public ActionResult Login(FormCollection f)
{
string email = f["txtEmail"];
string password = f["txtPassword"];
AccountDAL accountDal = new AccountDAL();
User_Account u_account = accountDal.checkLogin(email, password);
if (u_account == null)
{
ViewBag.Message = "Your Email or Password is INCORRECT!!!";
}
else
{
Session["USER"] = u_account;
Product_CartDAL productCartDal = new Product_CartDAL();
List <Product_Cart> productCarts = productCartDal.getProductCartsByEmail(u_account.Email);
foreach (var item in productCarts)
{
u_account.Product_Cart.Add(item);
}
DateTime birthday = (DateTime)u_account.Birthday;
Session["USER"] = u_account;
Session["DATE"] = birthday.Day.ToString();
Session["MONTH"] = birthday.Month.ToString();
Session["YEAR"] = birthday.Year.ToString();
Session["GENDER"] = u_account.Gender;
return(RedirectToAction("Index", "Home"));
}
return(View());
}
public UserIDAssociation(User_Account.UserInfo user = null,
User_Account.BusinessAccountInfo business = null,
User_Account.ShopperAccountInfo shopper = null)
{
this.user = user != null ? user : new User_Account.UserInfo();
this.business = business;
this.shopper = shopper;
}
public ActionResult Checkout(FormCollection f)
{
User_Account userAccount = (User_Account)Session["USER"];
DateTime today = DateTime.Today;
string email = userAccount.Email;
string name = f["txtName"];
string address = f["txtAddress"];
string province = f["province"];
string district = f["district"];
string town = f["town"];
string orderPhone = f["txtNumber"];
Order_Details order = new Order_Details
{
Email = email,
Ordered_Date = today,
Delivered = false,
Cancelled_Order = false,
Reason_Cancel = "",
Order_Name = name,
Exact_Address = address,
Order_Phone = orderPhone,
Province_ID = Int32.Parse(province),
District_ID = Int32.Parse(district),
Town_ID = Int32.Parse(town)
};
OrderDetailsDAL dal = new OrderDetailsDAL();
int orderDetailsId = dal.addOrder(order);
if (orderDetailsId >= 0)
{
ICollection <Product_Cart> productCarts = userAccount.Product_Cart;
Product_CartDAL productCartDal = new Product_CartDAL();
foreach (var item in productCarts)
{
ProductOrderDetailsDAL podDal = new ProductOrderDetailsDAL();
Product_Order_Details pod = new Product_Order_Details()
{
Product_ID = item.Product_ID,
Order_ID = orderDetailsId,
Order_Quantity = (int)item.Quantity,
Price = item.Product.Price,
Discount_Percent = item.Product.DiscountPercent,
};
podDal.addProductOrderDetails(pod);
productCartDal.deleteRecord(item.Product_ID, userAccount.Email);
}
productCarts.Clear();
Session.Remove("CART");
return(RedirectToAction("Index", "Congratulate"));
}
return(View());
}
public IHttpActionResult GetUser_Account(string id)
{
User_Account user_Account = db.User_Account.Find(id);
if (user_Account == null)
{
return(NotFound());
}
return(Ok(user_Account));
}
public List <Purchase> ShowAllPurchases(User_Account account)
{
try
{
var purchases = db.Purchases.Where(r => r.Account_ID == account.ID).ToList();
return(purchases);
}
catch (ArgumentNullException)
{
return(null);
}
}
public List <Purchase> ShowPurchasesWithinTotals(User_Account account, double start, double end)
{
try
{
var purchases = db.Purchases.Where(r =>
r.Account_ID == account.ID && r.Total >= (decimal)start && r.Total <= (decimal)end).ToList();
return(purchases);
}
catch (ArgumentNullException)
{
return(null);
}
}
public List <Purchase> ShowPurchasesWithinDates(User_Account account, DateTime start, DateTime end)
{
try
{
var purchases = db.Purchases.Where(r => r.Account_ID == account.ID)
.Where(r => r.Purchase_Date <= end && r.Purchase_Date >= start).ToList();
return(purchases);
}
catch (ArgumentNullException)
{
return(null);
}
}
public ActionResult EditAccount(User_Account acc)
{
QLDaiHocEntities1 db = new QLDaiHocEntities1();
User_Account us = new User_Account();
us.UserID = acc.UserID;
us.UserName = acc.UserName;
us.Password = acc.Password;
us.Position = acc.Position;
db.Entry(us).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Staff", "Admin"));
}
/// <summary>
/// Adds the new user into the database
/// </summary>
public void Create()
{
User_Account newUser = User_Account.CreateUser_Account(Guid.NewGuid(), UserName,
Helpers.SHA1.Encode(Password), DateTime.Now, Email, false);
_context.AddToUser_Accounts(newUser);
_context.SaveChanges();
User_Info newUserInfo = User_Info.CreateUser_Info(newUser.Id);
_context.AddToUser_Info(newUserInfo);
_context.SaveChanges();
}
public ActionResult Index(FormCollection f)
{
User_Account userAccount = (User_Account)Session["USER"];
if (userAccount == null)
{
return(RedirectToAction("Login", "Cart"));
}
else
{
Province_Bind();
return(View());
}
}
public IHttpActionResult DeleteUser_Account(string id)
{
User_Account user_Account = db.User_Account.Find(id);
if (user_Account == null)
{
return(NotFound());
}
db.User_Account.Remove(user_Account);
db.SaveChanges();
return(Ok(user_Account));
}
public static void Update(long userID)
{
using (var db = new DataContext())
{
var user = new User_Account {
UserID = userID
};
db.User_Account.Attach(user);
user.LastTime = DateTime.Now;
db.SaveChanges();
}
}
public ActionResult AddAccountTrainee(User_Account acc)
{
using (QLDaiHocEntities1 db = new QLDaiHocEntities1())
{
if (ModelState.IsValid)
{
db.User_Account.Add(acc);
if (acc.Position == "trainee")
{
db.SaveChanges();
}
return(RedirectToAction("TraineeAccount", "StaffPage"));
}
}
return(View());
}
public ActionResult Login(FormCollection f)
{
string username = f["txtUsername"];
string password = f["txtPassword"];
User_Account account = db.User_Account.SingleOrDefault(s => s.Email == username && s.Password == password);
if (account == null)
{
ViewBag.Message = "Username or password ko dung";
}
else
{
Session["User"] = account;
return(RedirectToAction("Index", "Home"));
}
return(View());
}
public ActionResult Login(FormCollection f)
{
string email = f["txtEmail"];
string password = f["txtPassword"];
AccountDAL accountDal = new AccountDAL();
User_Account u_account = accountDal.checkLogin(email, password);
if (u_account == null)
{
ViewBag.Message = "Your Email or Password is INCORRECT!!!";
}
else
{
Session["USER"] = u_account;
return(RedirectToAction("Index", "Home"));
}
return(View());
}
public async Task <IActionResult> RegisterAdmin([FromBody] RegisterModel model)
{
var userExists = await userManager.FindByNameAsync(model.Email);
if (userExists != null)
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "User already exists!"
}));
}
User_Account user = new User_Account()
{
Email = model.Email,
SecurityStamp = Guid.NewGuid().ToString(),
UserName = model.Email
};
var result = await userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
return(StatusCode(StatusCodes.Status500InternalServerError, new Response {
Status = "Error", Message = "User creation failed! Please check user details and try again."
}));
}
if (!await roleManager.RoleExistsAsync(UserRoles.Admin))
{
await roleManager.CreateAsync(new IdentityRole(UserRoles.Admin));
}
if (!await roleManager.RoleExistsAsync(UserRoles.User))
{
await roleManager.CreateAsync(new IdentityRole(UserRoles.User));
}
if (await roleManager.RoleExistsAsync(UserRoles.Admin))
{
await userManager.AddToRoleAsync(user, UserRoles.Admin);
}
return(Ok(new Response {
Status = "Success", Message = "User created successfully!"
}));
}
public ActionResult AddAccount(User_Account acc)
{
using (QLDaiHocEntities1 db = new QLDaiHocEntities1())
{
if (ModelState.IsValid)
{
db.User_Account.Add(acc);
if (acc.Position == "trainer" | acc.Position == "staff")
{
db.SaveChanges();
}
else
{
return(RedirectToAction("Staff", "Admin"));
}
return(RedirectToAction("Staff", "Admin"));
}
}
return(View());
}
