///<summary>Must pass in a hash of the actual password since we don't want to be moving the real password around. It will be checked against the one in the database. Passhash should be empty string if user does not have a password. Returns true if user and password valid.</summary> public static bool CheckUserAndPassword(string username, string passhash) { string command = "SELECT Password FROM userod WHERE UserName='******'"; DataConnection dcon = new DataConnection(); DataTable table = dcon.GetTable(command); if (table.Rows.Count == 0) //user does not exist { return(false); } string actualHash = table.Rows[0][0].ToString(); if (actualHash == passhash) { return(true); } return(false); }
public static int Insert(Procedure proc) { if (PrefB.RandomKeys) { proc.ProcNum = MiscDataB.GetKey("procedurelog", "ProcNum"); } string command = "INSERT INTO procedurelog ("; if (PrefB.RandomKeys) { command += "ProcNum,"; } command += "PatNum, AptNum, ADACode, ProcDate,ProcFee,Surf," + "ToothNum,ToothRange,Priority,ProcStatus,ProvNum," + "Dx,PlannedAptNum,PlaceService,Prosthesis,DateOriginalProsth,ClaimNote," + "DateEntryC,ClinicNum,MedicalCode,DiagnosticCode,IsPrincDiag,ProcNumLab) VALUES("; if (PrefB.RandomKeys) { command += "'" + POut.PInt(proc.ProcNum) + "', "; } command += "'" + POut.PInt(proc.PatNum) + "', " + "'" + POut.PInt(proc.AptNum) + "', " + "'" + POut.PString(proc.ADACode) + "', " + POut.PDate(proc.ProcDate) + ", " + "'" + POut.PDouble(proc.ProcFee) + "', " + "'" + POut.PString(proc.Surf) + "', " + "'" + POut.PString(proc.ToothNum) + "', " + "'" + POut.PString(proc.ToothRange) + "', " + "'" + POut.PInt(proc.Priority) + "', " + "'" + POut.PInt((int)proc.ProcStatus) + "', " + "'" + POut.PInt(proc.ProvNum) + "', " + "'" + POut.PInt(proc.Dx) + "', " + "'" + POut.PInt(proc.PlannedAptNum) + "', " + "'" + POut.PInt((int)proc.PlaceService) + "', " + "'" + POut.PString(proc.Prosthesis) + "', " + POut.PDate(proc.DateOriginalProsth) + ", " + "'" + POut.PString(proc.ClaimNote) + "', "; if (DataConnection.DBtype == DatabaseType.Oracle) { command += POut.PDateT(MiscDataB.GetNowDateTime()); } else //Assume MySQL { command += "NOW()"; } command += ", " //DateEntryC + "'" + POut.PInt(proc.ClinicNum) + "', " + "'" + POut.PString(proc.MedicalCode) + "', " + "'" + POut.PString(proc.DiagnosticCode) + "', " + "'" + POut.PBool(proc.IsPrincDiag) + "', " + "'" + POut.PInt(proc.ProcNumLab) + "')"; //MessageBox.Show(cmd.CommandText); DataConnection dcon = new DataConnection(); if (PrefB.RandomKeys) { dcon.NonQ(command); } else { dcon.NonQ(command, true); proc.ProcNum = dcon.InsertID; } if (proc.Note != "") { ProcNote note = new ProcNote(); note.PatNum = proc.PatNum; note.ProcNum = proc.ProcNum; note.UserNum = proc.UserNum; note.Note = proc.Note; ProcNoteB.Insert(note); } return(proc.ProcNum); }
///<summary>Inserts a new document into db, creates a filename based on Cur.DocNum, and then updates the db with this filename. Also attaches the document to the current patient.</summary> public static int Insert(Document doc, string patLF, int patNum) { if (PrefB.RandomKeys) { doc.DocNum = MiscDataB.GetKey("document", "DocNum"); } string command = "INSERT INTO document ("; if (PrefB.RandomKeys) { command += "DocNum,"; } command += "Description,DateCreated,DocCategory,WithPat,FileName,ImgType," + "IsFlipped,DegreesRotated,ToothNumbers,Note,SigIsTopaz,Signature,CropX,CropY,CropW,CropH," + "WindowingMin,WindowingMax) VALUES("; if (PrefB.RandomKeys) { command += "'" + POut.PInt(doc.DocNum) + "', "; } command += "'" + POut.PString(doc.Description) + "', " + POut.PDate(doc.DateCreated) + ", " + "'" + POut.PInt(doc.DocCategory) + "', " + "'" + POut.PInt(doc.WithPat) + "', " + "'" + POut.PString(doc.FileName) + "', " //this may simply be the extension at this point, or it may be the full filename. + "'" + POut.PInt((int)doc.ImgType) + "', " + "'" + POut.PBool(doc.IsFlipped) + "', " + "'" + POut.PInt(doc.DegreesRotated) + "', " + "'" + POut.PString(doc.ToothNumbers) + "', " + "'" + POut.PString(doc.Note) + "', " + "'" + POut.PBool(doc.SigIsTopaz) + "', " + "'" + POut.PString(doc.Signature) + "'," + "'" + POut.PInt(doc.CropX) + "'," + "'" + POut.PInt(doc.CropY) + "'," + "'" + POut.PInt(doc.CropW) + "'," + "'" + POut.PInt(doc.CropH) + "'," + "'" + POut.PInt(doc.WindowingMin) + "'," + "'" + POut.PInt(doc.WindowingMax) + "')"; /*+"'"+POut.PDate (LastAltered)+"', "//will later be used in backups +"'"+POut.PBool (IsDeleted)+"')";//ditto*/ //MessageBox.Show(cmd.CommandText); DataConnection dcon = new DataConnection(); if (PrefB.RandomKeys) { dcon.NonQ(command); } else { dcon.NonQ(command, true); doc.DocNum = dcon.InsertID; } //If the current filename is just an extension, then assign it a unique name. if (doc.FileName == Path.GetExtension(doc.FileName)) { string extension = doc.FileName; doc.FileName = ""; string s = patLF; //pat.LName+pat.FName; for (int i = 0; i < s.Length; i++) { if (Char.IsLetter(s, i)) { doc.FileName += s.Substring(i, 1); } } doc.FileName += doc.DocNum.ToString() + extension; //ensures unique name //there is still a slight chance that someone manually added a file with this name, so quick fix: command = "SELECT FileName FROM document WHERE WithPat=" + POut.PInt(doc.WithPat); DataTable table = dcon.GetTable(command); string[] usedNames = new string[table.Rows.Count]; for (int i = 0; i < table.Rows.Count; i++) { usedNames[i] = PIn.PString(table.Rows[i][0].ToString()); } while (IsFileNameInList(doc.FileName, usedNames)) { doc.FileName = "x" + doc.FileName; } /*Document[] docList=GetAllWithPat(doc.WithPat); * while(IsFileNameInList(doc.FileName,docList)) { * doc.FileName="x"+doc.FileName; * }*/ Update(doc); } DocAttach docAttach = new DocAttach(); docAttach.DocNum = doc.DocNum; docAttach.PatNum = patNum; DocAttachB.Insert(docAttach); return(doc.DocNum); }
///<summary>Updates only the changed columns.</summary> public static int Update(Procedure proc, Procedure oldProc) { bool comma = false; string c = "UPDATE procedurelog SET "; if (proc.PatNum != oldProc.PatNum) { c += "PatNum = '" + POut.PInt(proc.PatNum) + "'"; comma = true; } if (proc.AptNum != oldProc.AptNum) { if (comma) { c += ","; } c += "AptNum = '" + POut.PInt(proc.AptNum) + "'"; comma = true; } if (proc.ADACode != oldProc.ADACode) { if (comma) { c += ","; } c += "ADACode = '" + POut.PString(proc.ADACode) + "'"; comma = true; } if (proc.ProcDate != oldProc.ProcDate) { if (comma) { c += ","; } c += "ProcDate = " + POut.PDate(proc.ProcDate); comma = true; } if (proc.ProcFee != oldProc.ProcFee) { if (comma) { c += ","; } c += "ProcFee = '" + POut.PDouble(proc.ProcFee) + "'"; comma = true; } if (proc.Surf != oldProc.Surf) { if (comma) { c += ","; } c += "Surf = '" + POut.PString(proc.Surf) + "'"; comma = true; } if (proc.ToothNum != oldProc.ToothNum) { if (comma) { c += ","; } c += "ToothNum = '" + POut.PString(proc.ToothNum) + "'"; comma = true; } if (proc.ToothRange != oldProc.ToothRange) { if (comma) { c += ","; } c += "ToothRange = '" + POut.PString(proc.ToothRange) + "'"; comma = true; } if (proc.Priority != oldProc.Priority) { if (comma) { c += ","; } c += "Priority = '" + POut.PInt(proc.Priority) + "'"; comma = true; } if (proc.ProcStatus != oldProc.ProcStatus) { if (comma) { c += ","; } c += "ProcStatus = '" + POut.PInt((int)proc.ProcStatus) + "'"; comma = true; } if (proc.ProvNum != oldProc.ProvNum) { if (comma) { c += ","; } c += "ProvNum = '" + POut.PInt(proc.ProvNum) + "'"; comma = true; } if (proc.Dx != oldProc.Dx) { if (comma) { c += ","; } c += "Dx = '" + POut.PInt(proc.Dx) + "'"; comma = true; } if (proc.PlannedAptNum != oldProc.PlannedAptNum) { if (comma) { c += ","; } c += "PlannedAptNum = '" + POut.PInt(proc.PlannedAptNum) + "'"; comma = true; } if (proc.PlaceService != oldProc.PlaceService) { if (comma) { c += ","; } c += "PlaceService = '" + POut.PInt((int)proc.PlaceService) + "'"; comma = true; } if (proc.Prosthesis != oldProc.Prosthesis) { if (comma) { c += ","; } c += "Prosthesis = '" + POut.PString(proc.Prosthesis) + "'"; comma = true; } if (proc.DateOriginalProsth != oldProc.DateOriginalProsth) { if (comma) { c += ","; } c += "DateOriginalProsth = " + POut.PDate(proc.DateOriginalProsth); comma = true; } if (proc.ClaimNote != oldProc.ClaimNote) { if (comma) { c += ","; } c += "ClaimNote = '" + POut.PString(proc.ClaimNote) + "'"; comma = true; } if (proc.DateEntryC != oldProc.DateEntryC) { if (comma) { c += ","; } c += "DateEntryC = "; if (DataConnection.DBtype == DatabaseType.Oracle) { c += POut.PDateT(MiscDataB.GetNowDateTime()); } else //Assume MySQL { c += "NOW()"; } comma = true; } if (proc.ClinicNum != oldProc.ClinicNum) { if (comma) { c += ","; } c += "ClinicNum = '" + POut.PInt(proc.ClinicNum) + "'"; comma = true; } if (proc.MedicalCode != oldProc.MedicalCode) { if (comma) { c += ","; } c += "MedicalCode = '" + POut.PString(proc.MedicalCode) + "'"; comma = true; } if (proc.DiagnosticCode != oldProc.DiagnosticCode) { if (comma) { c += ","; } c += "DiagnosticCode = '" + POut.PString(proc.DiagnosticCode) + "'"; comma = true; } if (proc.IsPrincDiag != oldProc.IsPrincDiag) { if (comma) { c += ","; } c += "IsPrincDiag = '" + POut.PBool(proc.IsPrincDiag) + "'"; comma = true; } if (proc.ProcNumLab != oldProc.ProcNumLab) { if (comma) { c += ","; } c += "ProcNumLab = '" + POut.PInt(proc.ProcNumLab) + "'"; comma = true; } int rowsChanged = 0; if (comma) { c += " WHERE ProcNum = '" + POut.PInt(proc.ProcNum) + "'"; DataConnection dcon = new DataConnection(); rowsChanged = dcon.NonQ(c); } else { //rowsChanged=0;//this means no change is actually required. } if (proc.Note != oldProc.Note || proc.UserNum != oldProc.UserNum || proc.SigIsTopaz != oldProc.SigIsTopaz || proc.Signature != oldProc.Signature) { ProcNote note = new ProcNote(); note.PatNum = proc.PatNum; note.ProcNum = proc.ProcNum; note.UserNum = proc.UserNum; note.Note = proc.Note; note.SigIsTopaz = proc.SigIsTopaz; note.Signature = proc.Signature; ProcNoteB.Insert(note); } return(rowsChanged); }