public void InsertUserAcc(User tempUser)
{
if (tempUser.Email != null)
{
tempUser.Email.ToLower();
}
var DB = new Database();
using (MySqlConnection conn = new MySqlConnection(DB.GetConnString()))
{
using (MySqlCommand comm = conn.CreateCommand())
{
MessageSalt msalt = new MessageSalt(tempUser.Password, tempUser.Salt);
msalt.GenerateHash();
tempUser.Password = msalt.message;
tempUser.Salt = msalt.salt;
comm.CommandText = "INSERT INTO user_information(email, hashed_password, salt, fname, lname, account_type, account_status) " +
"VALUES(@email, @hashed_password, @salt, @fname, @lname, @account_type, @account_status)";
//comm.Parameters.AddWithValue("@userID", tempUser.SystemID);//TODO: this should have gone away by now...
comm.Parameters.AddWithValue("@email", tempUser.Email);
comm.Parameters.AddWithValue("@hashed_password", tempUser.Password);
comm.Parameters.AddWithValue("@salt", tempUser.Salt);
comm.Parameters.AddWithValue("@fname", tempUser.FirstName);
comm.Parameters.AddWithValue("@lname", tempUser.LastName);
comm.Parameters.AddWithValue("@account_type", tempUser.AccountType);
if (tempUser.AccountStatus)
{
comm.Parameters.AddWithValue("@account_status", 1);
}
else
{
comm.Parameters.AddWithValue("@account_status", 0);
}
conn.Open();
comm.ExecuteNonQuery();
comm.Parameters.Clear();
tempUser.SystemID = GetUserInfo(tempUser.Email).SystemID;
msalt.message = tempUser.SystemID.ToString();
msalt.GenerateHash();
tempUser.Password = msalt.message;
comm.CommandText = "INSERT INTO userid(userID, hashedUserID) " +
"VALUES(@userID, @hashedUserID)";
comm.Parameters.AddWithValue("@userID", tempUser.SystemID);
comm.Parameters.AddWithValue("@hashedUserID", msalt.message);
comm.ExecuteNonQuery();
comm.Parameters.Clear();
conn.Close();
}
}
}
public bool ComparePasswords(string email, string password)
{
DatabaseQuery databaseQuery = new DatabaseQuery();
User user = databaseQuery.GetUserInfo(email);
MessageSalt messageSalt = new MessageSalt(password, user.Salt);
messageSalt.GenerateHash();
if (messageSalt.message == user.Password)
{
return(true);
}
return(false);
}
/// <summary>
/// used to update user table values
/// </summary>
///
/// <param name="user">
/// User to edit, has the changed values
/// </param>
///
/// <param passwordCheck="passwordCheck">
/// do a password security check.
/// </param>
///
/// <returns></returns>
public bool UpdateUserPass(User user, bool passwordCheck)
{
//TODO: for this the authentication module's GetHashedPassword() method needs to be fixed for this to work.
bool idFound = CheckIDExistence(user.SystemID);
if (!idFound)
{
user.ErrorMessage = "System ID not found";
return(false);
}
else
{
if (passwordCheck)
{
StringCheckerService sc = new StringCheckerService(user.Password);
// Password is secured
if (sc.isSecurePassword())
{
DatabaseQuery dq = new DatabaseQuery();
MessageSalt msalt = new MessageSalt(user.Password, user.Salt);
msalt.GenerateHash();
user.Password = msalt.message;
user.Salt = msalt.salt;
dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString());
dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString());
return(true);
}
else
{
user.ErrorMessage = "Password is not secured";
return(false);
}
}
else
{
DatabaseQuery dq = new DatabaseQuery();
MessageSalt msalt = new MessageSalt(user.Password, user.Salt);
msalt.GenerateHash();
user.Password = msalt.message;
user.Salt = msalt.salt;
dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString());
dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString());
return(true);
}
}
}