public ActionResult Register(RegisterModel model)
{
model.UserTypes = GetAllUserTypes();
model.Institutions = GetAllInstitutions();
if (ModelState.IsValid)
{
// Attempt to register the user
string query_string = "SELECT * FROM Users WHERE Username = @parameter0 OR Email = @parameter1";
SqlConnection db = new SqlConnection(@"Data Source="",1044;Initial Catalog="";User ID="";Password=""");
SqlCommand Command = new SqlCommand(query_string);
Command.Connection = db;
Command.Parameters.AddWithValue("@parameter0", model.UserName);
Command.Parameters.AddWithValue("@parameter1", model.Email);
db.Open();
SqlDataReader reader = Command.ExecuteReader();
AuditController.CreateAuditEntry(null, model.UserName, "Users", null, "Select");
if (reader.HasRows) //User already exists.
{
Alert("Username and/or Email Address already in use.");
db.Close();
reader.Close();
}
else //Work on registering new user.
{
if(model.InstitutionID == null) //If institution does not exist add into database and get reader results after.
{
query_string = "Insert INTO Institution (institutionName, institutionLocation) VALUES (@p0, @p1) SET @ID = SCOPE_IDENTITY();";
Command.CommandText = query_string;
Command.Parameters.Clear();
Command.Parameters.AddWithValue("@p0", model.InstitutionName);
Command.Parameters.AddWithValue("@p1", model.InstitutionLocation);
Command.Parameters.Add("@ID", SqlDbType.Int, 4).Direction = ParameterDirection.Output;
reader.Close();
Command.ExecuteNonQuery();
AuditController.CreateAuditEntry(null, model.UserName, "Institution", null, "Insert");
model.InstitutionID = Command.Parameters["@ID"].Value.ToString();
}
string institutionID = model.InstitutionID;
//Get user type ID
string userTypeID = model.UserType;
//Add user to database.
string add_user_insert_string = "INSERT INTO Users(firstname,lastname,username,password,email,typeID) VALUES (@p0,@p1,@p2,@p3,@p4,@p5) SET @ID = SCOPE_IDENTITY();";
Command.CommandText = add_user_insert_string;
Command.Parameters.Clear();
Command.Parameters.AddWithValue("@p0", model.FirstName);
Command.Parameters.AddWithValue("@p1", model.LastName);
Command.Parameters.AddWithValue("@p2", model.UserName);
Command.Parameters.AddWithValue("@p3", model.Password);
Command.Parameters.AddWithValue("@p4", model.Email);
Command.Parameters.AddWithValue("@p5", userTypeID);
Command.Parameters.Add("@ID", SqlDbType.Int, 4).Direction = ParameterDirection.Output;
reader.Close();
Command.ExecuteNonQuery();
string userID = Command.Parameters["@ID"].Value.ToString();
AuditController.CreateAuditEntry(userID, model.UserName, "Users", null, "Insert");
//if a Surgeon, add to Surgeon Table as well
if (Convert.ToInt32(userTypeID) == 3)
{
query_string = "Insert INTO Surgeon (firstname,lastname,username,password,email,institutionID) VALUES (@p0,@p1,@p2,@p3,@p4,@p5);";
Command.CommandText = query_string;
Command.Parameters.Clear();
Command.Parameters.AddWithValue("@p0", model.FirstName);
Command.Parameters.AddWithValue("@p1", model.LastName);
Command.Parameters.AddWithValue("@p2", model.UserName);
Command.Parameters.AddWithValue("@p3", model.Password);
Command.Parameters.AddWithValue("@p4", model.Email);
Command.Parameters.AddWithValue("@p5", institutionID);
reader.Close();
Command.ExecuteNonQuery();
AuditController.CreateAuditEntry(userID, model.UserName, "Surgeon", null, "Insert");
}
db.Close();
//Sign in.
Session["username"] = model.UserName;
Session["userID"] = userID;
Session["typeID"] = userTypeID;
CheckAndSetSurgeonID();
FormsService.SignIn(model.UserName, false /* createPersistentCookie */ );
return RedirectToAction("Index", "Home");
}
}
// If we got this far, something failed, redisplay form
ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
return View(model);
}
// **************************************
// URL: /Account/Register
// **************************************
public ActionResult Register()
{
ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
var model = new RegisterModel();
model.UserTypes = GetAllUserTypes();
model.Institutions = GetAllInstitutions();
return View(model);
}
