/// <summary>
/// update information on banner on main form
/// </summary>
public void UpdateStatus()
{
// display employee's name on application
labelEmployeeName.Text = "Welcome " + DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_NAME, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, loggedInEmployeeEmail));
// display number of completed applications
labelNumberCompleted.Text = DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute("SELECT COUNT(*) FROM applications WHERE applications.feedback_left = 1").ToString();
// display number of remaining applications to be reviewed
labelNumberRemaining.Text = DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute("SELECT COUNT(*) FROM applications WHERE applications.feedback_left = 0").ToString();
}
private void RetrieveEmployeeDetails()
{
// retrieve array of strings containing employee details based on their email address
employeeDetails = DatabaseManagement.GetInstanceOfDatabaseConnection().GetEntireRecord(DatabaseQueries.GetRecord(DatabaseQueries.USER_DETAILS, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail));
// select title from the combo box
foreach (string option in comboBoxTitle.Items)
{
// if title already exists in the list, select it
if (option == employeeDetails[0])
{
//comboBoxTitle.SelectedIndex = i;
comboBoxTitle.SelectedItem = option;
}
}
// set strings to text boxes using the following index starting from 0 (title, first name, middle names, last name, mobile number, work number, email address)
textBoxFirstName.Text = employeeDetails[1];
textBoxMiddleNames.Text = employeeDetails[2];
textBoxLastName.Text = employeeDetails[3];
textBoxPhoneNumber.Text = employeeDetails[4];
textBoxWorkNumber.Text = employeeDetails[5];
textBoxEmailAddress.Text = employeeDetails[6];
// if administrator is managing other employees and has access to advanced settings, retrieve additional information
if (isAdminManaging)
{
// set employee's job title from the database
textBoxJobTitle.Text = DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_JOB_POSITION, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail));
// set employee's permission level based on the data from database
if (DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_IS_ADMIN, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail)))
{
comboBoxAdminRights.SelectedIndex = 0;
}
else
{
comboBoxAdminRights.SelectedIndex = 1;
}
}
}
public Main(string employeeEmail)
{
InitializeComponent();
// store this form in a variable to be used as reference later on
mainPage = this;
// store signed employee's email
loggedInEmployeeEmail = employeeEmail;
// if employee has admin privileges, show menu item for managing employees
if (DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_IS_ADMIN, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, loggedInEmployeeEmail)))
{
manageEmployeesToolStripMenuItem.Visible = true;
}
else
{
manageEmployeesToolStripMenuItem.Visible = false;
}
// update information displayed on main page
UpdateStatus();
// open applications page on start
OpenPage(new UserControlApplications());
}
private void buttonDeleteAccount_Click(object sender, EventArgs e)
{
// open message box asking for confirmation
DialogResult choice = MessageBox.Show("Are you sure you want to delete " + DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_NAME, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail)) + "'s account?", "Confirm Deletion", MessageBoxButtons.YesNo);
// if answer to above message box was yes
if (choice == DialogResult.Yes)
{
// delete employee account
DatabaseManagement.GetInstanceOfDatabaseConnection().UpdateRecord(string.Format(DatabaseQueries.DELETE_EMPLOYEE, employeeEmail));
// go back to previous page
Main.mainApplication.GoBackPage();
}
}
private void buttonResetPassword_Click(object sender, EventArgs e)
{
// change employee's password to their primary phone number
DatabaseManagement.GetInstanceOfDatabaseConnection().UpdateRecord(DatabaseQueries.UpdateRecord(DatabaseQueries.UPDATE_EMPLOYEE_PASSWORD, LoginValidation.HashPassword(DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_PHONE_NUMBER, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail))), DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail));
// display confirmation message
MessageBox.Show("Password successfully reset to employee's phone number.", "Password Reset Confirmation");
}
private void buttonSave_Click(object sender, EventArgs e)
{
// store content of text boxes in an array
employeeDetails = new string[] { comboBoxTitle.SelectedItem.ToString(), textBoxFirstName.Text, textBoxMiddleNames.Text, textBoxLastName.Text, textBoxPhoneNumber.Text.ToString(), textBoxWorkNumber.Text.ToString(), textBoxEmailAddress.Text };
// store updated email address for later use
string newEmployeeEmail = employeeDetails[6];
// convert selected permission level to string for easier manipulation when updating records
string adminRights;
if (comboBoxAdminRights.SelectedIndex == 0)
{
adminRights = "1";
}
else
{
adminRights = "0";
}
// if administrator is managing other employees and has access to advanced settings, update them first, then continue updating the rest of details
if (isAdminManaging)
{
// if job title has been left empty, display an error message
if (string.IsNullOrEmpty(textBoxJobTitle.Text))
{
MessageBox.Show("Job title is a required field. Please fill in.", "Error Message", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
// update employee's job title and permission level
DatabaseManagement.GetInstanceOfDatabaseConnection().UpdateRecord(DatabaseQueries.UpdateRecord(DatabaseQueries.UPDATE_EMPLOYEE_ROLE, new string[] { textBoxJobTitle.Text, adminRights }, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail));
}
// if title was not selected, update it to null
if (comboBoxTitle.SelectedItem.ToString() == "None")
{
employeeDetails[0] = null;
}
// loop through all employee's details except title which was already validated
for (int i = 1; i < employeeDetails.Length; i++)
{
// check if required fields were not left blank
if (string.IsNullOrEmpty(employeeDetails[i]))
{
// except middle name and work phone number that are allowed to be null
if (i == 2 || i == 5)
{
// in case the text box contains an empty space, set value manually to null
employeeDetails[i] = null;
}
else
{
// else return error message
MessageBox.Show("Fields marked with asterisk are required.", "Error Message", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
}
}
// check if the email address was changed
if (employeeEmail != newEmployeeEmail)
{
// check if email address matches required format, else return error message
if (string.IsNullOrEmpty(LoginValidation.ValidateEmail(newEmployeeEmail)))
{
// check if email address is not used by someone else
if (!string.IsNullOrEmpty(DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_NAME, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, newEmployeeEmail))))
{
MessageBox.Show("Email address already taken.", "Error Message", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
}
else
{
MessageBox.Show("Email address does not have valid format.", "Error Message", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
}
// if employee has not been selected, create a new account
if (string.IsNullOrEmpty(employeeEmail))
{
AddNewAccount(newEmployeeEmail, adminRights);
MessageBox.Show("New account created successfully!", "New Account Confirmation");
Main.mainApplication.OpenPage(new UserControlEmployees());
return;
}
// update the rest of employee's details with specified email address using attributes retrieved from text fields
DatabaseManagement.GetInstanceOfDatabaseConnection().UpdateRecord(DatabaseQueries.UpdateRecord(DatabaseQueries.UPDATE_EMPLOYEE_DETAILS, employeeDetails, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, employeeEmail));
// if admin is updating own account
if (!isAdminManaging || Main.mainApplication.employeeEmail == employeeEmail)
{
// if email address was updated for current user, change the email address of logged in employee
if (Main.mainApplication.employeeEmail != employeeEmail)
{
Main.mainApplication.employeeEmail = newEmployeeEmail;
}
// update name on main form
Main.mainApplication.UpdateStatus();
// update current page
Main.mainApplication.RefreshPage();
}
// display message box
MessageBox.Show("All settings were saved successfully.", "Settings Saved");
// go back to previous page
Main.mainApplication.GoBackPage();
}
private void comboBoxTemplates_SelectedIndexChanged(object sender, EventArgs e)
{
// update text fields based on data from selected template
textBoxHeader.Text = string.Format(DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(string.Format(DatabaseQueries.GET_TEMPLATE_HEADER, comboBoxTemplates.SelectedItem.ToString())), DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.APPLICANT_NAME, DatabaseQueries.APPLICANT_WHERE_ID, applicantID.ToString())), DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.APPLICANT_JOB_POSITION, DatabaseQueries.APPLICANT_WHERE_ID, applicantID.ToString())));
textBoxFooter.Text = string.Format(DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(string.Format(DatabaseQueries.GET_TEMPLATE_FOOTER, comboBoxTemplates.SelectedItem.ToString())), DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_NAME, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, Main.mainApplication.employeeEmail)), DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_JOB_POSITION, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, Main.mainApplication.employeeEmail)));
templateName = comboBoxTemplates.SelectedItem.ToString();
// Displays pre-defined comments for a template
CheckedComments(templateName);
}
/// <summary>
/// compare hash of entered password with hash retrieved from database
/// </summary>
/// <param name="enteredEmail">search for password hash using employee's email</param>
/// <param name="enteredPassword">calculate hash and compare with hash stored in database</param>
/// <returns>boolean value for emailValid and passwordValid</returns>
public static (Boolean emailValid, Boolean passwordValid) ValidateCredentials(string enteredEmail, string enteredPassword)
{
// retrieve hash from database (entered password never leaves the application)
string hashedPassword = DatabaseManagement.GetInstanceOfDatabaseConnection().GetSingleAttribute(DatabaseQueries.GetRecord(DatabaseQueries.EMPLOYEE_PASSWORD, DatabaseQueries.EMPLOYEE_WHERE_EMAIL, enteredEmail));
// if hash returns null due to no available records based on the query, email address entered is invalid
if (hashedPassword == null)
{
return(false, false);
}
else
{
// if password hashes match, return true for both values
if (hashedPassword == HashPassword(enteredPassword))
{
return(true, true);
}
// else return false for passwordValid
else
{
return(true, false);
}
}
}
