//view the order
public ActionResult Order()
{
IEnumerable <Assay> eAssay;
eAssay = HelperController.GetOrderAssayList();
return(View(eAssay));
}
//remove an assay from an order
public ActionResult RemoveOrder(int id)
{
Assay assay = new Assay();
IEnumerable <Assay> eAssay;
assay = db.Assays.Find(id);
eAssay = HelperController.RemoveOrderAssayList(assay);
return(RedirectToAction("Order"));
}
//view account of customer
public ActionResult myAccount()
{
myAccount myAccount = new myAccount();
List <Order> orderList = new List <Order>();
List <Orders> AccountOrders = new List <Orders>();
//find account based on id stored at login
myAccount.account = db.Accounts.Find(HelperController.GetCustomer().account.AccountID);
//find all the orders for account
if (myAccount.account != null)
{
orderList = db.Database.SqlQuery <Order>(
"SELECT * " +
"FROM Orders " +
"Where Orders.AccountID = '" + myAccount.account.AccountID + "'").ToList();
foreach (var orderListItem in orderList)
{
Orders orders = new Orders();
orders.order = db.Orders.Find(orderListItem.OrderID);
orders.status = db.Status.Find(orderListItem.OrderStatusID);
AccountOrders.Add(orders);
}
myAccount.orders = AccountOrders.AsEnumerable();
return(View(myAccount));
}
else
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
}
public ActionResult Index(FormCollection form, bool rememberMe = false)
{
//collect information submitted by user
String email = form["Email address"].ToString();
String password = form["Password"].ToString();
int sPassword;
//hash password
/* password = HelperController.GetHash(password);*/
//find the credentials of the person if they exist
Customer.credential = db.Credentials.SqlQuery(
"Select * " +
"FROM Credentials " +
"Where Credentials.UserName = '******' AND Credentials.Password = '******'"
).FirstOrDefault();
//depending on the role of the person logging in it will return their information whether customer or employee
if (Customer.credential.RoleID == 7)
{
//find personal information
Customer.contact = db.Contacts.SqlQuery(
"Select * " +
"FROM Contacts " +
"inner join Credentials ON " +
"Credentials.CredID = Contacts.CredID " +
"Where Credentials.UserName = '******' AND Credentials.Password = '******'"
).FirstOrDefault();
//gather remaining info needed for person
Customer.credential = db.Credentials.Find(Customer.contact.CredID);
Customer.role = db.Roles.Find(Customer.credential.RoleID);
Customer.account = db.Accounts.Find(Customer.contact.AccountID);
//check credentials and authenticate and set role typr for layout page
if ((Customer.contact != null) && (string.Equals(email, Customer.credential.UserName)) && (string.Equals(password, Customer.credential.Password)))
{
FormsAuthentication.SetAuthCookie(Customer.role.RoleDesc, rememberMe);
HelperController.SetCustomer(Customer);
return(RedirectToAction("Index", "Home"));
}
else
{
return(View());
}
}
else if (Customer.credential.RoleID == 5)
{
//find employee
Customer.employee = db.Employees.SqlQuery(
"Select * " +
"FROM Employees " +
"inner join Credentials ON " +
"Credentials.CredID = Employees.CredID " +
"Where Credentials.UserName = '******' AND Credentials.Password = '******'"
).FirstOrDefault();
//gather remaining info needed for person
Customer.credential = db.Credentials.Find(Customer.employee.CredID);
Customer.role = db.Roles.Find(Customer.credential.RoleID);
//check credentials and authenticate and set role typr for layout page
if ((Customer.employee != null) && (string.Equals(email, Customer.credential.UserName)) && (string.Equals(password, Customer.credential.Password)))
{
FormsAuthentication.SetAuthCookie(Customer.role.RoleDesc, rememberMe);
HelperController.SetCustomer(Customer);
return(RedirectToAction("Index", "Home"));
}
else
{
return(View());
}
}
//return login view if wrong
return(View());
}
