protected void getRegisterUserForm()
{
//Boolean formValidated = false;
Boolean mailingListOptIn = OptIn.Checked;
SaltUtility saltTool = new SaltUtility();
//get values into dictionary
Dictionary<string, string> registerForm = new Dictionary<string, string>()
{
{"First Name", FirstName.Text},
{"Last Name", LastName.Text},
{"Email", Email.Text},
{"Phone Number", PhoneNumber.Text},
{"Password", Password.Text},
{"Confirm Password", ConfirmPassword.Text},
{"Address1", Address1.Text},
{"Address2", Address2.Text},
{"City", City.Text},
{"State", State.Text},
{"Zip", Zip.Text},
{"Zip2", Zip2.Text},
{"OptIn", mailingListOptIn.ToString()},
{"LoginHash", saltTool.randomString(16)},
{"LoginV", saltTool.randomString(16)},
{"ConsignorCode", saltTool.randomString(8)},
{"AcceptedAgreement", hidAcceptedAgreement.Value.ToString()}
};
saveUserInfo(registerForm);
}
protected Boolean saveUserInfo(Dictionary<string, string> userInfo, Boolean skipSendEmail = false)
{
//check to make sure user is not already registered
if (authenticateUser(userInfo["Email"].ToString(), "", true))
{
connErrMsg = "already registered";
return false;
}
SaltUtility saltTool = new SaltUtility();
StringBuilder myStr = new StringBuilder();
//create a mySql command object
MySqlCommand cmd = new MySqlCommand("usp_registerUser", mySqlConn);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
//set params for stored proc
MySqlParameter pFirstName;
pFirstName = new MySqlParameter("?firstname", MySqlDbType.VarChar);
pFirstName.Value = userInfo["First Name"];
pFirstName.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pFirstName);
MySqlParameter pLastName;
pLastName = new MySqlParameter("?lastname", MySqlDbType.VarChar);
pLastName.Value = userInfo["Last Name"];
pLastName.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pLastName);
MySqlParameter pEmail;
pEmail = new MySqlParameter("?loginId", MySqlDbType.VarChar);
pEmail.Value = userInfo["Email"];
pEmail.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pEmail);
MySqlParameter pPhoneNum;
pPhoneNum = new MySqlParameter("?phoneNumber", MySqlDbType.VarChar);
pPhoneNum.Value = !string.IsNullOrEmpty(userInfo["Phone Number"]) ? userInfo["Phone Number"] : null;
pPhoneNum.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pPhoneNum);
MySqlParameter pAddress1;
pAddress1 = new MySqlParameter("?address1", MySqlDbType.VarChar);
pAddress1.Value = !string.IsNullOrEmpty(userInfo["Address1"]) ? userInfo["Address1"] : null;
pAddress1.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pAddress1);
MySqlParameter pAddress2;
pAddress2 = new MySqlParameter("?address2", MySqlDbType.VarChar);
pAddress2.Value = !string.IsNullOrEmpty(userInfo["Address2"]) ? userInfo["Address2"] : null;
pAddress2.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pAddress2);
MySqlParameter pCity;
pCity = new MySqlParameter("?city", MySqlDbType.VarChar);
pCity.Value = !string.IsNullOrEmpty(userInfo["City"]) ? userInfo["City"] : null;
pCity.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pCity);
MySqlParameter pState;
pState = new MySqlParameter("?state", MySqlDbType.VarChar);
pState.Value = !string.IsNullOrEmpty(userInfo["State"]) ? userInfo["State"] : null;
pState.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pState);
MySqlParameter pZip;
pZip = new MySqlParameter("?zip", MySqlDbType.Int32);
if (!string.IsNullOrEmpty(userInfo["Zip"]))
{
pZip.Value = Convert.ToInt32(userInfo["Zip"]);
}
else
{
pZip.Value = null;
}
pZip.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pZip);
MySqlParameter pZip2;
pZip2 = new MySqlParameter("?zip2", MySqlDbType.Int16);
if (!string.IsNullOrEmpty(userInfo["Zip2"]))
{
pZip2.Value = Convert.ToInt16(userInfo["Zip2"]);
}
else
{
pZip.Value = null;
}
pZip2.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pZip2);
MySqlParameter pOptIn;
pOptIn = new MySqlParameter("?mailingList", MySqlDbType.Bit);
if (!string.IsNullOrEmpty(userInfo["OptIn"]))
{
try
{
Boolean optingIn = Convert.ToBoolean(userInfo["OptIn"]);
pOptIn.Value = optingIn ? 1 : 0;
}
catch
{
pOptIn.Value = 0;
}
pOptIn.Direction = System.Data.ParameterDirection.Input;
}
cmd.Parameters.Add(pOptIn);
MySqlParameter pLoginPass;
pLoginPass = new MySqlParameter("?loginPass", MySqlDbType.VarChar);
pLoginPass.Value = saltTool.seasonIt(userInfo["Password"], userInfo["LoginHash"], userInfo["LoginV"]);
pLoginPass.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pLoginPass);
MySqlParameter pLoginHash;
pLoginHash = new MySqlParameter("?loginHash", MySqlDbType.VarChar);
pLoginHash.Value = saltTool.seasonIt(userInfo["LoginHash"]);
pLoginHash.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pLoginHash);
MySqlParameter pLoginV;
pLoginV = new MySqlParameter("?loginV", MySqlDbType.VarChar);
pLoginV.Value = saltTool.seasonIt(userInfo["LoginV"]);
pLoginV.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pLoginV);
MySqlParameter pAcceptedAgreement;
pAcceptedAgreement = new MySqlParameter("?acceptedAgreement", MySqlDbType.Bit);
pAcceptedAgreement.Value = Convert.ToBoolean(userInfo["AcceptedAgreement"]);
pAcceptedAgreement.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pAcceptedAgreement);
Boolean acceptedAgreement = Convert.ToBoolean(userInfo["AcceptedAgreement"]);
//**This is the approval code for consingment application submissions. user should get this in email when they sign up to be a ticketSeller. Our Rep will ask for that code upon initial contact.
MySqlParameter pConsignorCode;
pConsignorCode = new MySqlParameter("?consignorCode", MySqlDbType.VarChar);
pConsignorCode.Value = saltTool.seasonIt(userInfo["ConsignorCode"]);
pConsignorCode.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pConsignorCode);
try
{
if (!isInitialized())
{
cmd.Connection.Open();
}
cmd.ExecuteNonQuery();
/*
* Never want to send email locally or if autoRegister occurs from joining mailing list.
*/
if (!skipSendEmail && sWebServer.ToLower().IndexOf("localhost") < 0 && acceptedAgreement)
{
cdontsUtil emailObj = new cdontsUtil();
emailObj.emailDetails = userInfo;
emailObj.sendEmail("consignorApp_Verify", "RockstarSeating.com User Registration Success", userInfo["Email"]);
emailObj.sendEmail("consignorApp_Approve", "New Ticket Consignment Registration", "*****@*****.**");
emailObj.sendEmail("consignorApp_Approve", "New Ticket Consignment Registration", "*****@*****.**");
}
return true;
}
catch (Exception ee)
{
connErrMsg = ee.Message.ToString();
return false;
}
}
protected string GetConnectionString()
{
string sConn = string.Empty;
SaltUtility saltTool = new SaltUtility();
StringBuilder myStr = new StringBuilder();
// ########### TODO: This is a good place for a static variable #####################
if (sWebServer.ToLower().Contains("localhost"))
{
// THESE ARE MOST SECURE BECAUSE THE PLAIN TEXT PASSWORDS ARE IN MY HEAD...not hardcoded
string password = saltTool.deSeasonIt("vhpYqqpTT7SGOE82jW26+A==");
myStr.Append("server=localhost;");
myStr.Append("userid=webUser;");
myStr.Append("password="******";");
myStr.Append("database=rockstarseating");
}
else
{
// THESE ARE MOST SECURE BECAUSE THE PLAIN TEXT PASSWORDS ARE IN MY HEAD...not hardcoded
string password = saltTool.deSeasonIt("yHXCcF0CU0rdI5WkR5O5gQ==");
myStr.Append("server=rockstarseating.db.8117053.hostedresource.com;");
myStr.Append("userid=rockstarseating;");
myStr.Append("password="******";");
myStr.Append("database=rockstarseating");
}
sConn = myStr.ToString();
saltTool = null;
return sConn;
}
protected Boolean authenticateUser(string loginId, string loginPass, bool checkOnly = false)
{
//create a mySql command object
MySqlCommand cmd = new MySqlCommand("usp_getUserInfo", mySqlConn);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
MySqlParameter pLoginID;
pLoginID = new MySqlParameter("?loginId", MySqlDbType.VarChar);
pLoginID.Value = loginId;
pLoginID.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pLoginID);
MySqlParameter pGetFullDetails;
pGetFullDetails = new MySqlParameter("?getFullDetails", MySqlDbType.Bit);
pGetFullDetails.Value = false;
pGetFullDetails.Direction = System.Data.ParameterDirection.Input;
cmd.Parameters.Add(pGetFullDetails);
//try
//{
if (!isInitialized())
{
cmd.Connection.Open();
}
MySqlDataReader dr = cmd.ExecuteReader(CommandBehavior.CloseConnection);
if (dr.HasRows)
{
// exit here if checking db for registerUser
//10-10-11 I'm not even sure what this variable was intended for, but its... [useless now??]
if (checkOnly)
{
return true;
}
while (dr.Read())
{
UserObj.FirstName = Convert.ToString(dr["firstname"]);
UserObj.LastName = Convert.ToString(dr["lastname"]);
UserObj.Email = Convert.ToString(dr["emailAddress"]);
UserObj.UserPass = Convert.ToString(dr["userPass"]);
UserObj.LoginHash = Convert.ToString(dr["userPassP"]);
UserObj.LoginV = Convert.ToString(dr["userPassV"]);
UserObj.isConsignor = Convert.ToBoolean(dr["isConsignor"]);
UserObj.isAdmin = Convert.ToBoolean(dr["isAdmin"]);
UserObj.UserId = Convert.ToInt32(dr["userId"]);
}
if (UserObj.UserId > 39)
{
//connErrMsg = "Logins are turned off for site maintenance. Sorry...";
//return false;
}
SaltUtility saltTool = new SaltUtility();
if (loginPass == saltTool.deSeasonIt(UserObj.UserPass, UserObj.LoginHash, UserObj.LoginV))
{
//clear password from memory
UserObj.UserPass = "";
UserObj.LoginHash = "";
UserObj.LoginV = "";
//close dataReader obj
dr.Close();
//user validated
return true;
}
else
{
connErrMsg = "Email and Password combination are incorrect";
}
}
else
{
connErrMsg = "Account not found. Please register in order to login.";
}
dr.Close();
return false;
//}
//catch (Exception ee)
//{
// connErrMsg = ee.Message.ToString();
// return false;
//}
}
protected Boolean sendTicketRequestForm(Dictionary<string, string> formDetails)
{
try
{
//need to provide an autogenerated password and store it encrypted in the db
SaltUtility saltTool = new SaltUtility();
string loginHash = saltTool.randomString(16);
string loginV = saltTool.randomString(16);
//food param = plainText password(randomString(16))
string autoGeneratedPassword = saltTool.randomString(16);
autoGeneratedPassword = saltTool.seasonIt(autoGeneratedPassword, loginHash, loginV);
//password stored = seasoned_autoGeneratedPassword
formDetails.Add("Password", autoGeneratedPassword);
formDetails.Add("LoginHash", loginHash);
formDetails.Add("LoginV", loginV);
//now add misc fields for saveUserInfo
formDetails.Add("OptIn", "true");
formDetails.Add("Zip2", "");
formDetails.Add("ConsignorCode", "");
Boolean alreadyRegistered = false;
//this should save user info unless fail
if (!saveUserInfo(formDetails, true))
{
//need to passThru if user is already registered, it's a fake fail
if (connErrMsg == "already registered")
{
alreadyRegistered = true;
}
else
{
return false;
}
}
//now send emails
cdontsUtil emailObj = new cdontsUtil();
emailObj.emailDetails = formDetails;
//send email to user
emailObj.sendEmail("userTicketRequest_success", "Ticket Request Submission at RockstarSeating.com", formDetails["Email"]);
//send email to admin
if (!alreadyRegistered)
{
emailObj.sendEmail("userTicketRequest_notify", "New Member Ticket Request Submission", formDetails["Email"]);
}
else
{
emailObj.sendEmail("userTicketRequest_alreadyRegistered_notify", "Registered Member Ticket Request Submission", formDetails["Email"]);
}
return true;
}
catch (Exception ee)
{
connErrMsg = ee.Message.ToString();
return false;
}
}
