/// <summary>
/// Compares user input to credentials in the database
/// </summary>
/// <param name="username">Username to check/param>
/// <param name="password">password in plaintext</param>
/// <returns></returns>
public bool CheckUser(string email, string password)
{
bool userExists = false;
try
{
Email = email;
LoginPassword = password;
DataTable UserTable = new DataTable();
SQLQueryModel queryBuilder = new SQLQueryModel();
string queryString = string.Format("SELECT email, customerpwd FROM customer WHERE email = '{0}';", this.Email);
UserTable = queryBuilder.ExecuteMySQLQuery(queryString);
if (UserTable.Rows.Count != 0)
{
EncryptionModel encryptionModel = new EncryptionModel();
DbPassword = UserTable.Rows[0]["customerpwd"].ToString();
//LoginPassword = encryptionModel.EncryptPassword(LoginPassword);
userExists = encryptionModel.ValidatePassword(LoginPassword, DbPassword);
//MessageBox.Show(DbPassword);
return(userExists);
}
}
catch (MySqlException mysqlex)
{
Protocol.WriteToProtocol(0, "CheckUser() :" + mysqlex.Message + mysqlex.StackTrace, "Check User Error");
}
catch (ArgumentNullException nullex)
{
Protocol.WriteToProtocol(0, "CheckUser() :" + nullex.Message + nullex.StackTrace, "User Argument Error");
}
return(userExists);
}
/// <summary>
/// Registers and inserts a new customer into the DB
/// </summary>
/// <param name="firstname">String first name of the customer</param>
/// <param name="lastname">String last name of the customer</param>
/// <param name="password">Password to be hashed</param>
/// <param name="zip">Int Zip code</param>
/// <param name="location">String Location name</param>
/// <param name="streetName">String street name</param>
/// <param name="houseNumber">Int house/ stairs number</param>
/// <param name="locationID">int location ID</param>
/// <returns></returns>
public bool RegisterNewUser(string firstname, string lastname, string email, string password, int zip, string location, string streetName, int houseNumber, int locationID, string birthDate, string phoneNumber) //Date birthDate
{
DataTable userTable = new DataTable();
try
{
// EMAIL VALIDATION
SQLQueryModel queryBuilder = new SQLQueryModel();
string query = string.Format("SELECT firstName FROM customer WHERE firstName = '{0}' AND lastName = '{1}';", firstname, lastname);
userTable = queryBuilder.ExecuteMySQLQuery(query);
if (userTable.Rows.Count != 0)
{
MessageBox.Show("User already exists");
}
else
{
#region Create Address Table
string insertQuery = "";
_addressTable = new AddressTable();
_addressTable.HouseNumber = houseNumber;
_addressTable.LocationID = locationID;
_addressTable.IsValidAddress = true;
_addressTable.StreetName = streetName;
insertQuery = string.Format("INSERT INTO address(locationID, streetName, houseNumber) VALUES('{0}','{1}','{2}');", _addressTable.LocationID, streetName, houseNumber);
queryBuilder.ExecuteMySQLQuery(insertQuery);
#endregion
#region Create Customer Table
insertQuery = "";
DataTable addressTable = new DataTable();
EncryptionModel encryption = new EncryptionModel();
//insertQuery = string.Format("INSERT INTO customer(firstName, lastName, customerpwd, email, addressID, birthDate) VALUES('{0}','{1}','{2}', '{3}',(SELECT LAST_INSERT_ID(),'{4}'));", firstname, lastname, encryption.EncryptPassword(password), email ,birthdate);
insertQuery = string.Format("INSERT INTO customer(firstName, lastName, customerpwd, email, addressID, birthDate, phoneNumber) VALUES('{0}','{1}','{2}','{3}',(SELECT LAST_INSERT_ID()),'{4}','{5}');", firstname, lastname, encryption.EncryptPassword(password), email, birthDate, phoneNumber);
queryBuilder.ExecuteMySQLQuery(insertQuery);
MessageBox.Show("User " + firstname + " " + lastname + " has successfully been created");
#endregion
}
}
catch (ArgumentNullException nullex)
{
Protocol.WriteToProtocol(0, "RegisterNewUser() :" + nullex.Message + nullex.StackTrace, "User already exists Error");
}
return(true);
}