/**Purpose: to insert user table for student users when it is added using csv file.
* StudentId and Email will be given in the input UserVO list.
* Password will be a combination of username and studentid. Salt will be added to it and then hashed
* User will be inActive till they change password during first login.
*/
public int AddStudentUsers(List <UserVO> instudentUsers)
{
int successCount = 0;
try
{
DBConnection.conn.Open();
foreach (UserVO user in instudentUsers)
{
user.UserName = OtherUtilities.GetUserNameFromEmail(user.EmailID);
string salt = PasswordGenerator.GenerateSalt();
string hashPassword = PasswordGenerator.GenerateHash(user.UserName + user.StudentID + salt);
user.Active = ApplicationConstants.Active;
user.Role = ApplicationConstants.StudentRole;
user.ResetKey = " ";
user.Password = hashPassword;
user.HashSalt = salt;
user.StaffID = 0;
user.FirstLogin = true;
}
InsertDataUsingSqlBulkCopy(instudentUsers, DBConnection.conn);
}
catch (SqlException e)
{
ExceptionUtility.LogException(e, "Error Page");
throw e;
}
finally
{
if (DBConnection.conn != null)
{
DBConnection.conn.Close();
}
}
return(successCount);
}
// Add user details into database
public string AddUser(UserVO inuser)
{
string status = "";
try
{
DBConnection.conn.Open();
inuser.UserName = OtherUtilities.GetUserNameFromEmail(inuser.EmailID);
string salt = PasswordGenerator.GenerateSalt();
string hashPassword = PasswordGenerator.GenerateHash(inuser.UserName + inuser.StudentID + salt);
inuser.Active = ApplicationConstants.Active;
if (inuser.Role == ApplicationConstants.StaffRole)
{
inuser.StudentID = 0;
}
else if (inuser.Role == ApplicationConstants.StudentRole)
{
inuser.StaffID = 0;
}
inuser.ResetKey = "";
inuser.Password = hashPassword;
inuser.HashSalt = salt;
//inuser.FirstLogin = true;
string query = "INSERT INTO dbo.IlmpUser (UserName,StudentId,StaffId,Password,EmailId,HashSalt,ResetPassword,FirstLogin,Active, Role) "
+ " VALUES (@UserName,@StudentId,@StaffId,@Password,@EmailId,@HashSalt,@ResetPassword, @FirstLogin, @Active,@Role) ";
SqlCommand cmd = new SqlCommand(query, DBConnection.conn);
cmd.Parameters.AddWithValue("@UserName", inuser.UserName);
cmd.Parameters.AddWithValue("@StudentId", inuser.StudentID);
cmd.Parameters.AddWithValue("@StaffId", inuser.StaffID);
cmd.Parameters.AddWithValue("@EmailId", inuser.EmailID);
cmd.Parameters.AddWithValue("@Password", hashPassword);
cmd.Parameters.AddWithValue("@HashSalt", inuser.HashSalt);
cmd.Parameters.AddWithValue("@ResetPassword", inuser.ResetKey);
cmd.Parameters.AddWithValue("@FirstLogin", 1);
cmd.Parameters.AddWithValue("@Active", inuser.Active);
cmd.Parameters.AddWithValue("@Role", inuser.Role);
int result = cmd.ExecuteNonQuery();
if (result > 0)
{
status = inuser.UserName + " has been added successfully";
}
else
{
status = "Error in addition";
}
}
catch (SqlException ex)
{
ExceptionUtility.LogException(ex, "Error Page");
throw new CustomException(ApplicationConstants.UnhandledException + ": " + ex.Message);
}
catch (Exception ex)
{
ExceptionUtility.LogException(ex, "Error Page");
throw new CustomException(ApplicationConstants.UnhandledException + ": " + ex.Message);
}
finally
{
if (DBConnection.conn != null)
{
DBConnection.conn.Close();
}
}
return(status);
}