/// <summary>
/// Updates a persons password with a new password based on email input in controller
/// </summary>
/// <param name="person"></param>
/// <param name="newPassword"></param>
public void UpdatePasswordOnly(Person person, string newPassword)
{
HashingService hashed = new HashingService();
string update = @"UPDATE dbo.person
SET password = @password
WHERE id = @id";
int count = 0;
try
{
using (SqlConnection connection = ScheduleBuilder_DB_Connection.GetConnection())
{
connection.Open();
using (SqlCommand updateCommand = new SqlCommand(update, connection))
{
updateCommand.Parameters.AddWithValue("@password", hashed.PasswordHashing(newPassword));
updateCommand.Parameters.AddWithValue("@id", person.Id);
count = updateCommand.ExecuteNonQuery();
}
connection.Close();
}
}
catch (SqlException ex)
{
throw ex;
}
}
/// <summary>
/// retireve a person's login information
/// </summary>
/// <param name="username">As a string</param>
/// <param name="password">As a string</param>
/// <returns></returns>
public DataTable GetLogin(string username, string password)
{
HashingService hashing = new HashingService();
DataTable dt = new DataTable();
string selectStatement = "SELECT l.personID, l.userName, l.password, (p.firstName + ' ' + p.lastName) AS name" +
" FROM login l JOIN person p ON p.personID = l.personID WHERE userName = @username AND password = @password";
using (SqlConnection connection = HealthcareDBConnection.GetConnection())
{
connection.Open();
SqlCommand sc = new SqlCommand(selectStatement, connection);
sc.Parameters.AddWithValue("@username", username);
sc.Parameters.AddWithValue("@password", hashing.PasswordHashing(password));
SqlDataReader reader = sc.ExecuteReader();
dt.Columns.Add("personID", typeof(int));
dt.Columns.Add("userName", typeof(string));
dt.Columns.Add("password", typeof(string));
dt.Columns.Add("name", typeof(string));
dt.Load(reader);
}
return(dt);
}
/// <summary>
/// Verifies a person's login information and retrieves full name and role
/// </summary>
/// <param name="username">As a string</param>
/// <param name="password">As a string</param>
/// <returns></returns>
public DataTable GetLogin(string username, string password)
{
DataTable dt = new DataTable();
HashingService hash = new HashingService();
string selectStatement =
"SELECT p.id, p.username, p.password, (p.first_name + ' ' + p.last_name) AS 'name', r.roleTitle " +
"FROM person p " +
"JOIN role r ON p.roleID = r.id " +
"WHERE username = @username AND password = @password";
using (SqlConnection connection = ScheduleBuilder_DB_Connection.GetConnection())
{
connection.Open();
SqlCommand sqlCommand = new SqlCommand(selectStatement, connection);
sqlCommand.Parameters.AddWithValue("@username", username);
sqlCommand.Parameters.AddWithValue("@password", hash.PasswordHashing(password));
SqlDataReader reader = sqlCommand.ExecuteReader();
dt.Columns.Add("id", typeof(int));
dt.Columns.Add("username", typeof(string));
dt.Columns.Add("password", typeof(string));
dt.Columns.Add("name", typeof(string));
dt.Columns.Add("roleTitle", typeof(string));
dt.Load(reader);
}
return(dt);
}
/// <summary>
/// Process the create user button click
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void CreateUserButton_Click(object sender, EventArgs e)
{
try
{
if (this.passwordTextBox.Text == this.confirmPasswordTextBox.Text)
{
Login login = new Login();
login.UserName = this.usernameTextBox.Text;
login.Password = hashing.PasswordHashing(this.passwordTextBox.Text);
var parent = this.ParentForm as UsernameCreationForm;
login.PersonID = parent.PersonID;
if (this.usernameTextBox.Text == "" || this.usernameTextBox.Text == null || this.usernameTextBox.Text.Length < 4)
{
MessageBox.Show("Username must not be null or blank. Username must be greater than 4 characters");
return;
}
if (this.passwordTextBox.Text == " " || this.passwordTextBox.Text == null || this.passwordTextBox.Text.Length < 6)
{
MessageBox.Show("Password must not be null or blank. Password must be at least 6 characters.");
return;
}
healthcareController.AddLogin(login);
MessageBox.Show("Username and password created successfully!");
parent.Close();
}
else
{
MessageBox.Show("Passwords must match.");
return;
}
}
catch
{
MessageBox.Show("Username could not be created.");
}
}