public ActionResult Profile(string username, string email, string password, string confirmPassword, string firstname, string lastname)
{
try
{
UserHasAccess(Models.Content.Profile);
User user = new User();
// TODO: validation messages username, email and password
if (string.IsNullOrEmpty(username))
return View(_data.GetCurrentUser(UserID.Value));
if (string.IsNullOrEmpty(email))
return View(_data.GetCurrentUser(UserID.Value));
user.ID = UserID;
user.Username = username;
user.Email = email;
user.FirstName = firstname;
user.LastName = lastname;
if (!string.IsNullOrEmpty(password) && password == confirmPassword)
user.Password = password;
_data.UpsertUser(user);
}
catch (Exception ex)
{
ErrorLog.WriteError("Account Profile", ex.Message);
ViewBag.ErrorMessage = GenericErrorMessage;
}
ViewBag.ErrorMessage = "<span style='color: green'>Success!</span>";
return View(_data.GetCurrentUser(UserID.Value));
}
public int? LoginUser(User user)
{
int userId;
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["IYFD"].ToString()))
{
connection.Open();
using (SqlCommand cmd = new SqlCommand("dbo.LogonUser", connection))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@username", user.Username);
cmd.Parameters.AddWithValue("@password", Encrypt(user.Password));
using (SqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
if (int.TryParse(reader["ID"].ToString(), out userId))
return userId;
}
}
}
}
return null;
}
public int? UpsertUser(User user)
{
int userId;
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["IYFD"].ToString()))
{
connection.Open();
using (SqlCommand cmd = new SqlCommand("dbo.UpsertUser", connection))
{
if (user.ID.HasValue && user.ID.Value > 0)
cmd.Parameters.AddWithValue("@ID", user.ID.Value);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@username", user.Username);
cmd.Parameters.AddWithValue("@firstname", user.FirstName);
cmd.Parameters.AddWithValue("@lastname", user.LastName);
if(!string.IsNullOrEmpty(user.Password))
cmd.Parameters.AddWithValue("@password", Encrypt(user.Password));
cmd.Parameters.AddWithValue("@email", user.Email);
cmd.Parameters.AddWithValue("@active", user.Active);
using (SqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
if (int.TryParse(reader["ID"].ToString(), out userId))
return userId;
}
}
}
}
return null;
}
