public ActionResult Registration(LibraryUser user)
{
if (ModelState.IsValid)
{
if (user.AddUser(user))
{
return RedirectToAction("Index", "User");
}
else
{
ModelState.AddModelError("", "Duplicate Email ID used try again with another Email ID");
}
}
return ViewIfNoOneLoggedIn();
}
public ActionResult LogIn(LibraryUser user)
{
if (ModelState.IsValid)
{
if (user.Authenticate(user))
{
FormsAuthentication.SetAuthCookie(user.EmailID, false);
Session["login_type"] = user.login_type;
Session["EmailID"] = user.EmailID.Trim();
return RedirectToAction("Index");
}
else
{
ModelState.AddModelError("", "Log In Data is Incorrect");
}
}
return ViewIfNoOneLoggedIn();
}
public bool Authenticate(LibraryUser user)
{
//return true;
SqlConnection conn = null;
SqlDataReader rdr = null;
try
{
conn = new SqlConnection(@"Data Source = (LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\LMS_DB.mdf;Integrated Security = True");
conn.Open();
SqlCommand cmd = new SqlCommand("dbo.User_Authenticate", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@email_id", SqlDbType.NVarChar).Value = user.EmailID;
cmd.Parameters.Add("@password", SqlDbType.NVarChar).Value = user.Password;
// Add the output parameter and set its properties.
SqlParameter outparameter = new SqlParameter();
outparameter.ParameterName = "@login_type";
outparameter.SqlDbType = SqlDbType.NVarChar;
outparameter.Size = 12;
outparameter.Direction = ParameterDirection.Output;
// Add the parameter to the Parameters collection.
cmd.Parameters.Add(outparameter);
cmd.ExecuteNonQuery();
login_type = Convert.ToString(cmd.Parameters["@login_type"].Value).Trim();
}
catch (Exception)
{
}
finally
{
if (conn != null)
{
conn.Close();
}
if (rdr != null)
{
rdr.Close();
}
}
if (login_type == "Student" || login_type == "Librarian" || login_type == "Admin")
return true;
else
return false;
}
public bool AddUser(LibraryUser user)
{
if (!IsValid(user.EmailID)) { return false; }
SqlConnection conn = null;
SqlDataReader rdr = null;
try
{
if (user.EmailID != null && user.Password != null && user.FirstName != null && user.LastName != null)
{
// conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["_connectionString"].ConnectionString);
conn = new SqlConnection(@"Data Source = (LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\LMS_DB.mdf;Integrated Security = True");
conn.Open();
SqlCommand cmd = new SqlCommand("dbo.User_AddStudent", conn);
cmd.CommandType = CommandType.StoredProcedure;
// cmd.Parameters.Add("@email_id", SqlDbType.NVarChar).Value = EmailID;
// cmd.Parameters.Add("@password", SqlDbType.NVarChar).Value = Password;
// Add the input parameter and set its properties.
SqlParameter parameter1 = new SqlParameter();
parameter1.ParameterName = "@email_id";
parameter1.SqlDbType = SqlDbType.NVarChar;
parameter1.Direction = ParameterDirection.Input;
parameter1.Value = user.EmailID;
// Add the parameter to the Parameters collection.
cmd.Parameters.Add(parameter1);
// Add the input parameter and set its properties.
SqlParameter parameter2 = new SqlParameter();
parameter2.ParameterName = "@password";
parameter2.SqlDbType = SqlDbType.NVarChar;
parameter2.Direction = ParameterDirection.Input;
parameter2.Value = user.Password;
// Add the parameter to the Parameters collection.
cmd.Parameters.Add(parameter2);
// Add the input parameter and set its properties.
SqlParameter parameter3 = new SqlParameter();
parameter3.ParameterName = "@firstname";
parameter3.SqlDbType = SqlDbType.NVarChar;
parameter3.Direction = ParameterDirection.Input;
parameter3.Value = user.FirstName;
// Add the parameter to the Parameters collection.
cmd.Parameters.Add(parameter3);
// Add the input parameter and set its properties.
SqlParameter parameter4 = new SqlParameter();
parameter4.ParameterName = "@lastname";
parameter4.SqlDbType = SqlDbType.NVarChar;
parameter4.Direction = ParameterDirection.Input;
parameter4.Value = user.LastName;
// Add the parameter to the Parameters collection.
cmd.Parameters.Add(parameter4);
cmd.ExecuteNonQuery();
return true;
}
else
return false;
}
catch (SqlException sqlEx)
{
if (sqlEx.Message.StartsWith("Violation of UNIQUE KEY constraint"))
{
return false;
}
else
throw;
}
catch (Exception)
{
return false;
}
finally
{
if (conn != null)
{
conn.Close();
}
if (rdr != null)
{
rdr.Close();
}
}
}