/// <summary> /// Allows you to retrieve all the user information from the database for a particular user /// </summary> /// <param name="table">tblUser</param> /// <param name="inputData"></param> /// <param name="user"></param> /// <returns></returns> public int SelectUser(String table, Dictionary<String, String> inputData, out User user) { SqlCommand selectData = null; user = null; SqlDataReader reader = null; try { string sSql = CreateSqlQuery("SELECT *", table, inputData); selectData = new SqlCommand(sSql, GetDBConnection()); selectData.Connection.Open(); reader = selectData.ExecuteReader(CommandBehavior.SingleRow); if (reader.Read()) { user = new User(reader.GetString(2), null, reader.GetString(4), reader.GetString(5)); return reader.GetInt32(0); } } catch (SqlException e) { return e.ErrorCode; } catch (Exception e) { return e.HResult; } return -1; }
/// <summary> /// Verifies the users login. /// </summary> /// <param name="user"></param> /// <param name="id"></param> /// <param name="retUser"></param> /// <param name="info"></param> /// <returns></returns> public bool LoginAuthentication(User user, out int id, out User retUser, out String info) { List<String> errors; if (user.ValidateLogin(out errors)) { info = "Welcome.aspx"; if ((id = SelectUser("tblUser", user.CreateDict(), out retUser)) < 0) { info = "Incorrect username and/or password"; return false; } return true; } else { info = "There are the following errors:"; foreach (String error in errors) { info += "\\n" + error; } retUser = null; id = -1; return false; } }
/// <summary> /// Insert user information into the database to create a login for that user. /// Displays an error if any fields are not filled in. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void btnSubmit_Click(object sender, EventArgs e) { newUser = new User(txtbxUsername.Text, txtbxPassword.Text, txtbxFirstName.Text, txtbxLastName.Text, txtbxSecurityQuestion.Text, txtSecurityAnswer.Text); String info; if (dbObject.InsertNewUser(newUser, out info)) { Response.Redirect("Login.aspx?reg=1"); } else { string script = "alert(\"" + info + "\");"; ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true); } }
/// <summary> /// Insert a new user into the database. /// Returns a string to let the user know the insert was successful /// or outputs the database error message. /// </summary> /// <param name="first_name"></param> /// <param name="last_name"></param> /// <param name="username"></param> /// <param name="password"></param> /// <param name="securityQuestion"></param> /// <param name="securityAnswer"></param> /// <returns></returns> public bool InsertNewUser(User user, out String info) { List<String> errors = null; if (user.ValidateRegister(out errors)) { info = InsertData("tblUser", user.CreateDict()); return true; } else { info = "There are the following errors:"; foreach (String error in errors) { info += "\\n" + error; } return false; } }
/// <summary> /// Allow authenticated user to access the site. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void btnLogin_OnClick(object sender, EventArgs e) { User user = new User(txtUserName.Text, txtPassword.Text); User retUser; int id; String info; if (dbObject.LoginAuthentication(user, out id, out retUser, out info)) { userData._loginID = id; userData._user = retUser; Session["User_Data"] = userData; Session["Control_Increment"] = 0; Response.Redirect(info); } else { string script = "alert(\"" + info + "\");"; ScriptManager.RegisterStartupScript(this, GetType(), "ServerControlScript", script, true); } }