private async void Register_Button_Click(object sender, RoutedEventArgs e)
{
try
{
RequestSender request = new RequestSender();
var userJson = TBUser.Create(UserName_TextBox.Text, Password_TextBox.Password, PhoneNumber_TextBox.Text, Email_TextBox.Text);
var result = request.SendPost("NewUser", userJson);
dynamic resDetailed = JsonConvert.DeserializeObject(result);
resDetailed = JsonConvert.DeserializeObject((string)resDetailed);
if ((int)resDetailed["Status"] == 1)
{
SessionState.LoggedInId = Convert.ToInt32(resDetailed["Data"]["UserId"]);
SessionState.LoggedInName = resDetailed["Data"]["UserName"].ToString();
SessionState.LoggedIn = true;
}
else
{
MessageDialog msg = new MessageDialog("There is a user already associated with that username.");
await msg.ShowAsync();
}
// Then log in with those credentials
NavigateToPage.Navigate(typeof(HomePage));
}
catch (Exception ex)
{
MessageDialog msg = new MessageDialog("There is a user already associated with that username.");
await msg.ShowAsync();
}
}
public ActionResult Login(UserLogginViewModel p)
{
if (ModelState.IsValid)
{
if (p.EmailOrPhone.Equals(Session["userid"]))
{
//hacker attack
return(Redirect("../"));
}
SqlParameter emailParameter = new SqlParameter("FDEmailOrPhone", SqlDbType.VarChar, Common.Const.EmailOrPhoneLength);
emailParameter.Value = p.EmailOrPhone;
SqlParameter passwordParameter = new SqlParameter("FDPassword", SqlDbType.VarChar, Common.Const.PasswordLength_Max);
passwordParameter.Value = p.Password;
//int count = db.Database.ExecuteSqlCommand("select count(*) from TBUsers");
TBUser user = db.Database.SqlQuery <TBUser>("select * from TBUsers where FDEmailOrPhone = @FDEmailOrPhone and FDPassword = HASHBYTES('SHA2_256',@FDPassword)", emailParameter, passwordParameter).FirstOrDefault();
if (user == null)
{
//Verification Code Error
ModelState.AddModelError("Password", "User ID or Password not correct");
return(View(p));
}
else
{
Session.Add("userid", p.EmailOrPhone);
Session.Add("nickname", user.FDNickname);
}
}
return(Redirect("../"));
}
private void Button_Click(object sender, RoutedEventArgs e)
{
//dados do usuario da tela
TBUser U = new TBUser();
U.Nome = txtNome.Text;
U.Email = txtEmail.Text;
//gravar no banco de dados
using (FisioEntities3 ctx = new FisioEntities3())
{
ctx.TBUser.Add(U);
ctx.SaveChanges();
}
}
private void BtSalvar(object sender, RoutedEventArgs e)
{
//gravar no banco de dados
if (operacao == "inserir")
{
//dados do usuario da tela
TBUser U = new TBUser();
U.Nome = txtNome.Text;
U.Email = txtEmail.Text;
U.Fone = txtFone.Text;
U.Login = txtLogin.Text;
U.Senha = txtSenha.Password;
U.Ativo = checkAtivo.IsChecked;
U.Tipo = txttipo.Text;
using (FisioEntities3 ctx = new FisioEntities3())
{
ctx.TBUser.Add(U);
ctx.SaveChanges();
}
}
if (operacao == "alterar")
{
using (FisioEntities3 ctx = new FisioEntities3())
{
TBUser U = ctx.TBUser.Find(Convert.ToInt32(txtID.Text));
if (U != null)
{
U.Nome = txtNome.Text;
U.Email = txtEmail.Text;
U.Fone = txtFone.Text;
U.Login = txtLogin.Text;
U.Senha = txtSenha.Password;
U.Ativo = checkAtivo.IsChecked;
U.Tipo = txttipo.Text;
ctx.SaveChanges();
}
}
}
this.ListarUser();
this.AlteraBotoes(1);
this.LimpaCampos();
}
//excluir
private void BtExcluir_Click(object sender, RoutedEventArgs e)
{
using (FisioEntities3 ctx = new FisioEntities3())
{
TBUser U = ctx.TBUser.Find(Convert.ToInt32(txtID.Text));
if (U != null)
{
ctx.TBUser.Remove(U);
ctx.SaveChanges();
}
}
this.ListarUser();
this.AlteraBotoes(1);
this.LimpaCampos();
}
//pesquisar
private void BtPesquisar_Click(object sender, RoutedEventArgs e)
{
if (txtID.Text.Trim().Count() > 0)
{
try
{
//busca pelo codigo
int id = Convert.ToInt32(txtID.Text);
using (FisioEntities3 ctx = new FisioEntities3())
{
// var consulta = ctx.TBUser;
// dgDados.ItemsSource = consulta.ToList();
//procura elemento pelo codigo - substitui select
TBUser U = ctx.TBUser.Find(id);
dgDados.ItemsSource = new TBUser[1] {
U
};
}
}
catch { }
}
//procura pelo nome
if (txtNome.Text.Trim().Count() > 0)
{
try
{
using (FisioEntities3 ctx = new FisioEntities3())
{
var consulta = from U in ctx.TBUser
where U.Nome.Contains(txtNome.Text)
select U;
dgDados.ItemsSource = consulta.ToList();
}
}
catch { }
}
}
public ActionResult Validate(UserRegistrationCodeVerificationViewModel validateForm)
{
if (ModelState.IsValid)
{
if (!validateForm.EmailOrPhone.Equals(Session["userid"]))
{
//hacker attack
}
SqlParameter emailParameter = new SqlParameter("FDEmailOrPhone", SqlDbType.VarChar, Common.Const.EmailOrPhoneLength);
emailParameter.Value = validateForm.EmailOrPhone;
SqlParameter passwordParameter = new SqlParameter("FDPassword", SqlDbType.VarChar, Common.Const.VerificationCodeLength);
passwordParameter.Value = validateForm.VerificationCode;
//int count = db.Database.ExecuteSqlCommand("select count(*) from TBUsers");
TBUser user = db.Database.SqlQuery <TBUser>("select * from TBUsers where FDEmailOrPhone = @FDEmailOrPhone and FDPassword = HASHBYTES('SHA2_256',@FDPassword)", emailParameter, passwordParameter).FirstOrDefault();
if (user == null)
{
//Verification Code Error
ModelState.AddModelError("VerificationCode", "Verification Code is wrong ");
}
else
{
if (user.FDNickname.StartsWith(" "))
{
UserInfoCompletionViewModel p = new UserInfoCompletionViewModel();
p.EmailOrPhone = validateForm.EmailOrPhone;
return(View("Completion", p));
}
else
{
//hacker attack or wrong user request
return(Redirect("../"));
}
}
}
return(View("RegistrationCodeVerification", validateForm));
}
