public Response Post(Login login)
{
if (login.Username.StartsWith("ADM", StringComparison.OrdinalIgnoreCase))
{
con.Open();
string query = "Select * from [Admin] where username='******' and password='******'";
SqlDataAdapter sda = new SqlDataAdapter(query, con);
DataTable dtb = new DataTable();
sda.Fill(dtb);
if (dtb.Rows.Count == 1)
{
return(new Response {
Status = "Success", Message = "Login Successfully into Admin"
});
}
else
{
con.Close();
return(new Response {
Status = "Invalid", Message = "Invalid User."
});
}
}
else if (login.Username.StartsWith("VIC", StringComparison.OrdinalIgnoreCase))
{
con.Open();
string query = "Select * from [Account] where customerId='" + login.Username + "'";
SqlDataAdapter sda = new SqlDataAdapter(query, con);
DataTable dtb = new DataTable();
sda.Fill(dtb);
if (dtb.Rows.Count == 1)
{
string savedPasswordHash = dtb.Rows[0][6].ToString();
bool verify = SecuredPasswordHasher.verify(savedPasswordHash, login.password);
if (verify)
{
UserID = login.Username;
return(new Response {
Status = "Success", Message = "Login Successfully into User"
});
}
else
{
return(new Response {
Status = "Invalid", Message = "Invalid User."
});
}
}
}
con.Close();
return(new Response {
Status = "Invalid", Message = "Invalid User."
});
}
public Response Post(Account account)
{
SqlConnection con = new SqlConnection(LoginController.conString);
if (account.FirstName == "" || account.LastName == "" || account.AccountId == "" || account.CustomerId == "" ||
account.Balance == "" || account.City == "" || account.Description == "" || account.Password == "" ||
account.Phone == "" || account.Date == "")
{
return(new Response {
Status = "Error", Message = "One or more fields is empty"
});
}
else
{
con.Open();
SqlCommand command = con.CreateCommand();
SqlTransaction transaction;
transaction = con.BeginTransaction();
command.Connection = con;
command.Transaction = transaction;
try
{
command.CommandText = "INSERT INTO Customer(customerId,lastName,firstName,city,phone,date) VALUES(@user, @lname, @fname, @city,@phone,@date)";
command.Parameters.AddWithValue("@user", account.CustomerId);
command.Parameters.AddWithValue("@lname", account.LastName);
command.Parameters.AddWithValue("@fname", account.FirstName);
command.Parameters.AddWithValue("@city", account.City);
command.Parameters.AddWithValue("@phone", account.Phone);
command.Parameters.AddWithValue("@date", account.Date);
command.ExecuteNonQuery();
command.CommandText = "INSERT INTO Account(accountId,customerId,accountType,description,balance, password) " +
"VALUES(@accNum,@userr,@accType,@desc,@bal, @password)";
command.Parameters.AddWithValue("@accNum", account.AccountId);
command.Parameters.AddWithValue("@userr", account.CustomerId);
command.Parameters.AddWithValue("@accType", account.AccounType);
command.Parameters.AddWithValue("@desc", account.Description);
command.Parameters.AddWithValue("@bal", double.Parse(account.Balance));
command.Parameters.AddWithValue("@password", SecuredPasswordHasher.hashPassword(account.Password));
command.ExecuteNonQuery();
transaction.Commit();
return(new Response {
Status = "Success", Message = "New Account Created"
});
}
catch (Exception ex)
{
transaction.Rollback();
return(new Response {
Status = "Error", Message = "An Error has occurred"
});
}
finally
{
con.Close();
}
}
}
