public string addUser(SqlConnection conn, SqlTransaction trans, User user)
{
ConnectionDao connectionDao = new ConnectionDao();
string returnString = IdProConstants.SUCCESS;
Employee objEmployee = new Employee();
SqlCommand cmd = null;
SqlDataReader rs = null;
AddEmployee obj = new AddEmployee();
UserServices userService = new UserServices();
string query = "INSERT INTO Users([username],[password],[role]) VALUES(@UserName,@Password,@Role)";
try
{
cmd = connectionDao.getSqlCommand(query, conn, trans);
SqlParameter param1 = new SqlParameter();
param1.ParameterName = "@UserName";
//param1.Value = HttpContext.Current.Session["useremp"];
param1.Value = user.Username;
cmd.Parameters.Add(param1);
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@Password";
//param2.Value = userService.getHashPassword(HttpContext.Current.Session["useremp"].ToString ());
param2.Value = userService.getHashPassword(user.Password);
cmd.Parameters.Add(param2);
SqlParameter param3 = new SqlParameter();
param3.ParameterName = "@Role";
//param3.Value = HttpContext.Current.Session["rol"];
param3.Value = user.Role ;
cmd.Parameters.Add(param3);
cmd.ExecuteScalar();
}
catch (Exception exception)
{
System.Diagnostics.Trace.WriteLine("[UserDAO:addUser] Exception " + exception.StackTrace);
returnString = IdProConstants.FAIL;
}
finally
{
connectionDao.closeDabaseEntities(cmd, rs);
}
return returnString;
}
public User getUserByUserName(string userName)
{
ConnectionDao connectionDao = new ConnectionDao();
User user = new User();
Employee emp = new Employee();
SqlCommand cmd = null;
SqlConnection conn = null;
SqlDataReader rs = null;
string query = "select * from Users where userName='******'";
try
{
conn = connectionDao.getConnection();
cmd = connectionDao.getSqlCommandWithoutTransaction(query, conn);
//SqlParameter param1 = new SqlParameter();
//param1.ParameterName = emp.Username;
//param1.Value = emp.Username;
//cmd.Parameters.Add(param1);
rs = cmd.ExecuteReader();
if (rs.Read())
{
user.Username=(rs["userName"].ToString().Trim());
user.Password=(rs["password"].ToString().Trim());
user.Role=(rs["role"].ToString().Trim());
}
else
{
user = null;
}
}
catch (Exception exception)
{
System.Diagnostics.Trace.WriteLine("[UserDAO:getUserByUserName] Exception " + exception.StackTrace);
user = null;
}
finally
{
connectionDao.closeConnection(conn);
connectionDao.closeDabaseEntities(cmd, rs);
}
return user;
}
public string updateUser(SqlConnection conn, SqlTransaction trans, User user)
{
ConnectionDao connectionDao = new ConnectionDao();
string returnString = IdProConstants.SUCCESS;
SqlCommand cmd = null;
SqlDataReader rs = null;
UserServices userService = new UserServices();
string query = null;
bool updatePassword = !userService.getHashPassword("defaultPassWord").Equals(user.Password);
if (updatePassword)
{
query = "update Users set UserName=@UserName,Password=@Password,Role=@Role where UserName='******'";
}
else
{
query = "update Users set UserName=@UserName,Role=@Role where UserName='******'";
}
try
{
cmd = connectionDao.getSqlCommand(query, conn, trans);
SqlParameter param1 = new SqlParameter();
param1.ParameterName = "@UserName";
param1.Value = user.Username;
cmd.Parameters.Add(param1);
if (updatePassword)
{
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@Password";
param2.Value = userService.getHashPassword(user.Password);
cmd.Parameters.Add(param2);
}
SqlParameter param3 = new SqlParameter();
param3.ParameterName = "@Role";
param3.Value = user.Role;
cmd.Parameters.Add(param3);
cmd.ExecuteScalar();
}
catch (Exception exception)
{
System.Diagnostics.Trace.WriteLine("[UserDAO:updateUser] Exception " + exception.StackTrace);
returnString = IdProConstants.FAIL;
}
finally
{
connectionDao.closeDabaseEntities(cmd, rs);
}
return returnString;
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string userName = txtUsername.Text.Trim().ToUpper();
string passWord = txtPassword.Text.Trim();
UserServices userService = new UserServices();
string returnString = userService.ValidateUser(userName, passWord);
if (IdProConstants.SUCCESS.Equals(returnString))
{
User user = new User();
user = userService.getUserbyUserName(userName);
EmployeeServices employeeService = new EmployeeServices();
Employee employee = new Employee();
employee = employeeService.getEmployeeByUserName(userName);
if (user == null || employee == null)
{
returnString = IdProConstants.ADMIN;
}
//else if (UserStatusesConstants.INACTIVEEMPLOYEE.Equals(employee.getEmployeeStatus()))
//{
// returnString = TransactionConfirmMessages.INACTIVEUSER;
//}
else
{
string role = user.getRole().Trim();
Session["role"] = role;
Session["username"] = user.getUserName().Trim();
Session["name"] = employee.getFirstName();
FormsAuthenticationTicket tkt = default(FormsAuthenticationTicket);
string cookiestr = null;
System.Web.HttpCookie ck = default(System.Web.HttpCookie);
tkt = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false, role);
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new System.Web.HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);
string strRedirect = null;
strRedirect = Request["ReturnURL"];
if (!string.IsNullOrEmpty(strRedirect) & strRedirect != "/")
{
Response.Redirect(strRedirect, true);
}
else
{
strRedirect = "ManageEmployee.aspx";
Response.Redirect(strRedirect, true);
}
}
}
lblMsg.Text = returnString;
}
