private void btnAdd_Click(object sender, RoutedEventArgs e)
{
if (!General.oRep.isAdmin)
{
MessageBox.Show("You must be an administrator to add users");
return;
}
Random rnd = new Random();
int unrnd = rnd.Next(10, 99);
string username = "";
string password = "", hashpassword = "";
Rep tmprep = new Rep();
if (string.IsNullOrEmpty(tboxFirstName.Text))
{
MessageBox.Show("First Name is required");
return;
}
else if (string.IsNullOrEmpty(tboxPassword.Text))
{
MessageBox.Show("Password is required");
return;
}
username = tboxFirstName.Text.Substring(0, 1).ToLower() + tboxLastName.Text.ToLower() + unrnd.ToString();
password = tboxPassword.Text;
hashpassword = PasswordHash.CreateHash(password);
tmprep.Name = tboxFirstName.Text + " " + tboxLastName.Text;
tmprep.Company = cboxCompany.Text;
tmprep.Password = hashpassword;
tmprep.isAdmin = (bool)chAdmin.IsChecked;
tmprep.isCustomerAdmin = (bool)chkCAdmin.IsChecked;
tmprep.PasswordResetRequired = false;
tmprep.Username = username;
if (General.database.AddRep(tmprep))
{
MessageBox.Show("Success! Username is: " + username);
}
else
{
MessageBox.Show("Failure!");
}
}
public bool UpdateRep(Rep rp)
{
using (SQLiteCommand command = m_dbConnection.CreateCommand())
{
try
{
sql = "UPDATE Reps SET Name=@repname, Company=@company, Admin=@admin, PWReset=@pwreset, Password=@newpw WHERE ID=@repid";
command.CommandText = @sql;
command.CommandType = CommandType.Text;
int admin = (Convert.ToInt32(rp.isAdmin));
int cadmin = (Convert.ToInt32(rp.isCustomerAdmin));
int admflags = Convert.ToInt32(string.Format("{0}{1}", cadmin, admin));
command.Parameters.AddWithValue("@repname", rp.Name);
command.Parameters.AddWithValue("@company", rp.Company);
command.Parameters.AddWithValue("@admin", admflags);
command.Parameters.AddWithValue("@pwreset", Convert.ToInt32(rp.PasswordResetRequired));
command.Parameters.AddWithValue("@newpw", rp.Password);
command.Parameters.AddWithValue("@repid", rp.RepID);
int i = command.ExecuteNonQuery();
return true;
}
catch { return false; }
}
}
public bool AddRep(Rep rp)
{
using (SQLiteCommand command = m_dbConnection.CreateCommand())
{
try
{
sql = "INSERT INTO Reps (Name,Company,Username,Password,Admin,PWReset) VALUES(@repname,@company,@username,@password,@admin,@pwreset)";
command.CommandText = @sql;
command.CommandType = CommandType.Text;
int admin = (Convert.ToInt32(rp.isAdmin));
int cadmin = (Convert.ToInt32(rp.isCustomerAdmin));
int admflags = Convert.ToInt32(string.Format("{0}{1}", cadmin, admin));
command.Parameters.AddWithValue("@repname", rp.Name);
command.Parameters.AddWithValue("@company", rp.Company);
command.Parameters.AddWithValue("@admin", admflags);
command.Parameters.AddWithValue("@pwreset", Convert.ToInt32(rp.PasswordResetRequired));
command.Parameters.AddWithValue("@password", rp.Password);
command.Parameters.AddWithValue("@username", rp.Username);
command.ExecuteNonQuery();
return true;
}
catch
{
return false;
}
}
}
public bool OpenRep(string username, out Rep outrep)
{
Rep tmprep = new Rep();
sql = "SELECT * FROM Reps WHERE Username = @repuname";
using (SQLiteCommand command = m_dbConnection.CreateCommand())
{
try
{
command.CommandText = sql;
command.Parameters.AddWithValue("@repuname", username);
command.CommandType = CommandType.Text;
var da = new SQLiteDataAdapter(command);
DataSet ds = new DataSet();
da.Fill(ds);
tmprep.Name = ds.Tables[0].Rows[0].ItemArray[0].ToString();
tmprep.Company = ds.Tables[0].Rows[0].ItemArray[1].ToString();
tmprep.Username = ds.Tables[0].Rows[0].ItemArray[2].ToString();
tmprep.Password = ds.Tables[0].Rows[0].ItemArray[3].ToString();
tmprep.isAdmin = Convert.ToBoolean((Convert.ToInt32(ds.Tables[0].Rows[0].ItemArray[4]) & ISADMIN));
tmprep.isCustomerAdmin = Convert.ToBoolean((Convert.ToInt32(ds.Tables[0].Rows[0].ItemArray[4]) & ISCADMIN));
tmprep.PasswordResetRequired = Convert.ToBoolean(ds.Tables[0].Rows[0].ItemArray[5]);
tmprep.RepID = Convert.ToInt32(ds.Tables[0].Rows[0].ItemArray[6].ToString());
outrep = tmprep;
return true;
}
catch { outrep = null; return false; }
}
}
