/// <summary> /// Updates a persons password with a new password based on email input in controller /// </summary> /// <param name="person"></param> /// <param name="newPassword"></param> public void UpdatePasswordOnly(Person person, string newPassword) { HashingService hashed = new HashingService(); string update = @"UPDATE dbo.person SET password = @password WHERE id = @id"; int count = 0; try { using (SqlConnection connection = ScheduleBuilder_DB_Connection.GetConnection()) { connection.Open(); using (SqlCommand updateCommand = new SqlCommand(update, connection)) { updateCommand.Parameters.AddWithValue("@password", hashed.PasswordHashing(newPassword)); updateCommand.Parameters.AddWithValue("@id", person.Id); count = updateCommand.ExecuteNonQuery(); } connection.Close(); } } catch (SqlException ex) { throw ex; } }
/// <summary> /// retireve a person's login information /// </summary> /// <param name="username">As a string</param> /// <param name="password">As a string</param> /// <returns></returns> public DataTable GetLogin(string username, string password) { HashingService hashing = new HashingService(); DataTable dt = new DataTable(); string selectStatement = "SELECT l.personID, l.userName, l.password, (p.firstName + ' ' + p.lastName) AS name" + " FROM login l JOIN person p ON p.personID = l.personID WHERE userName = @username AND password = @password"; using (SqlConnection connection = HealthcareDBConnection.GetConnection()) { connection.Open(); SqlCommand sc = new SqlCommand(selectStatement, connection); sc.Parameters.AddWithValue("@username", username); sc.Parameters.AddWithValue("@password", hashing.PasswordHashing(password)); SqlDataReader reader = sc.ExecuteReader(); dt.Columns.Add("personID", typeof(int)); dt.Columns.Add("userName", typeof(string)); dt.Columns.Add("password", typeof(string)); dt.Columns.Add("name", typeof(string)); dt.Load(reader); } return(dt); }
/// <summary> /// Verifies a person's login information and retrieves full name and role /// </summary> /// <param name="username">As a string</param> /// <param name="password">As a string</param> /// <returns></returns> public DataTable GetLogin(string username, string password) { DataTable dt = new DataTable(); HashingService hash = new HashingService(); string selectStatement = "SELECT p.id, p.username, p.password, (p.first_name + ' ' + p.last_name) AS 'name', r.roleTitle " + "FROM person p " + "JOIN role r ON p.roleID = r.id " + "WHERE username = @username AND password = @password"; using (SqlConnection connection = ScheduleBuilder_DB_Connection.GetConnection()) { connection.Open(); SqlCommand sqlCommand = new SqlCommand(selectStatement, connection); sqlCommand.Parameters.AddWithValue("@username", username); sqlCommand.Parameters.AddWithValue("@password", hash.PasswordHashing(password)); SqlDataReader reader = sqlCommand.ExecuteReader(); dt.Columns.Add("id", typeof(int)); dt.Columns.Add("username", typeof(string)); dt.Columns.Add("password", typeof(string)); dt.Columns.Add("name", typeof(string)); dt.Columns.Add("roleTitle", typeof(string)); dt.Load(reader); } return(dt); }
/// <summary> /// Process the create user button click /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void CreateUserButton_Click(object sender, EventArgs e) { try { if (this.passwordTextBox.Text == this.confirmPasswordTextBox.Text) { Login login = new Login(); login.UserName = this.usernameTextBox.Text; login.Password = hashing.PasswordHashing(this.passwordTextBox.Text); var parent = this.ParentForm as UsernameCreationForm; login.PersonID = parent.PersonID; if (this.usernameTextBox.Text == "" || this.usernameTextBox.Text == null || this.usernameTextBox.Text.Length < 4) { MessageBox.Show("Username must not be null or blank. Username must be greater than 4 characters"); return; } if (this.passwordTextBox.Text == " " || this.passwordTextBox.Text == null || this.passwordTextBox.Text.Length < 6) { MessageBox.Show("Password must not be null or blank. Password must be at least 6 characters."); return; } healthcareController.AddLogin(login); MessageBox.Show("Username and password created successfully!"); parent.Close(); } else { MessageBox.Show("Passwords must match."); return; } } catch { MessageBox.Show("Username could not be created."); } }