public int GetExistingUserId(string username, string password)
{
int user_id = 0;
EncryptDataReference.EncryptDataClient edc = new EncryptDataReference.EncryptDataClient();
string encPassword = edc.Encrypt(password);
GetDBConnectionReference.GetDBConnectionClient gdbcc = new GetDBConnectionReference.GetDBConnectionClient();
string conString = gdbcc.GetDBConnectionString();
MySqlConnection db = new MySqlConnection(conString);
db.Open();
MySqlCommand query = new MySqlCommand();
query.Connection = db;
query.CommandText = "SELECT user_id FROM user WHERE username =@username and password = @encPassword";
query.Prepare();
query.Parameters.AddWithValue("@username", username);
query.Parameters.AddWithValue("@encPassword", encPassword);
MySqlDataReader queryResults = query.ExecuteReader();
if (queryResults.Read())
{
user_id = queryResults.GetInt32(0);
}
queryResults.Close();
queryResults = null;
db.Close();
// Returns non-zero if username&password are correct
return user_id;
}
public int InsertUser(string username, string name, string surname, string email, string phone, string city, string password)
{
int inserted = 0;
EncryptDataReference.EncryptDataClient edc = new EncryptDataReference.EncryptDataClient();
string encPassword = edc.Encrypt(password);
GetDBConnectionReference.GetDBConnectionClient gdbcc = new GetDBConnectionReference.GetDBConnectionClient();
string conString = gdbcc.GetDBConnectionString();
MySqlConnection db = new MySqlConnection(conString);
db.Open();
MySqlCommand query = new MySqlCommand();
query.Connection = db;
query.CommandText = "INSERT INTO med_stor.user (username, name, surname, email, phone, city, password) VALUES(@username, @name, @surname, @email, @phone, @city, @encPassword)";
query.Prepare();
query.Parameters.AddWithValue("@username", username);
query.Parameters.AddWithValue("@name", name);
query.Parameters.AddWithValue("@surname", surname);
query.Parameters.AddWithValue("@email", email);
query.Parameters.AddWithValue("@phone", phone);
query.Parameters.AddWithValue("@city", city);
query.Parameters.AddWithValue("@encPassword", encPassword);
inserted = query.ExecuteNonQuery();
db.Close();
// Returns 0 if failed, 1 if succeeded
return inserted;
}
public int UpdateUser(int user_id, string name, string surname, string email, string phone, string city, string password)
{
int updated = 0;
EncryptDataReference.EncryptDataClient edc = new EncryptDataReference.EncryptDataClient();
string encPassword = edc.Encrypt(password);
GetDBConnectionReference.GetDBConnectionClient gdbcc = new GetDBConnectionReference.GetDBConnectionClient();
string conString = gdbcc.GetDBConnectionString();
MySqlConnection db = new MySqlConnection(conString);
db.Open();
MySqlCommand query = new MySqlCommand();
query.Connection = db;
query.CommandText = "UPDATE med_stor.user set name=@name, surname=@surname, email=@email, phone=@phone, city=@city, password=@encPassword where user_id=@user_id";
query.Prepare();
query.Parameters.AddWithValue("@name", name);
query.Parameters.AddWithValue("@surname", surname);
query.Parameters.AddWithValue("@email", email);
query.Parameters.AddWithValue("@phone", phone);
query.Parameters.AddWithValue("@city", city);
query.Parameters.AddWithValue("@encPassword", encPassword);
query.Parameters.AddWithValue("@user_id", user_id);
updated = query.ExecuteNonQuery();
db.Close();
return updated;
}
