Beispiel #1
0
 /// <summary>
 /// Constructor
 /// </summary>
 public PersonAccess()
 {
     myDBManager = new DBManager();
 }
        /// <summary>
        /// Validate login of a user
        /// <param name="username">User Name of the person</param>
        /// <param name="password">Password of the person</param>
        /// </summary>
        public override bool ValidateUser(string username, string password)
        {
            bool ok = false;

            DBManager dbmanager = new DBManager();

            int pk_person = -1;

            string query = "SELECT pk_person FROM Person WHERE Person.login = @login AND Person.password = HASHBYTES('MD5', @pass)";

            SqlConnection connection = dbmanager.newConnection();
            connection.Open();

            SqlTransaction transaction = connection.BeginTransaction(IsolationLevel.ReadCommitted, "Login");

            List<SqlParameter> param = new List<SqlParameter>();
            SqlParameter loginParam = new SqlParameter("@login", username);
            loginParam.SqlDbType = SqlDbType.VarChar;
            SqlParameter passParam = new SqlParameter("@pass", password);
            passParam.SqlDbType = SqlDbType.VarChar;

            param.Add(loginParam);
            param.Add(passParam);

            object o = dbmanager.doSelectScalar(query, connection, transaction, param);

            connection.Close();

            if (o != null && !DBNull.Value.Equals(o))
            {
                pk_person = (int)o;
            }

            if (pk_person != -1)
            {
                ok = true;

                int roleID = -1;

                string query_role = "SELECT role FROM Person WHERE pk_person = @pk_person;";

                SqlConnection connection_role = dbmanager.newConnection();
                connection_role.Open();

                SqlTransaction transaction_role = connection_role.BeginTransaction(IsolationLevel.ReadCommitted, "getTypePerson");

                Dictionary<string, object> param_role = new Dictionary<string, object>();
                param_role.Add("@pk_person", pk_person);

                object o_role = dbmanager.doSelectScalar(query_role, connection_role, transaction_role, param_role);

                connection_role.Close();

                if (!DBNull.Value.Equals(o_role) && o_role != null)
                {
                    roleID = (int)o_role;
                }
                else
                {
                    ok = false;
                }

                // add user in role if not in
                if (roleID == 1)
                {
                    if (!Roles.RoleExists("student"))
                    {
                        Roles.CreateRole("student");
                    }

                    if(!Roles.IsUserInRole(username, "student"))
                    {
                        Roles.AddUserToRole(username, "student");
                    }
                }
                else
                {
                    if (!Roles.RoleExists("professor"))
                    {
                        Roles.CreateRole("professor");
                    }
                    if (!Roles.IsUserInRole(username, "professor"))
                    {
                        Roles.AddUserToRole(username, "professor");
                    }
                }

                user = new MemberShipPIUser(pk_person, username, true);
            }

            return ok;
        }
 /// <summary>
 /// Constructor
 /// </summary>
 public TechnologyAccess()
 {
     myDBManager = new DBManager();
 }