/// <summary>
/// Resets the password,creates a string with the length of 8, encodes the new password and writes back into database.
/// </summary>
/// <param name="userId">User that password will be resetted.</param>
/// <returns>string value which contains the new password.</returns>
public static string ResetPassword(string userId)
{
int result = 0;
string newPassword = CreateRandomString(8);
string sql = "select Salt from user where UserId='" + userId + "';";
List <object[]> rows = RepositoryManager.Repository.DoQuery(sql);
if (rows.Count == 0)
{
return(null);
}
string salt = (string)rows[0][0];
string newHashedPassword = EncryptionManager.EncodePassword(newPassword, salt);
sql = "update user set HashedPassword = '******' where UserId = '" + userId + "';";
result = RepositoryManager.Repository.DoCommand(sql);
if (result == 1)
{
return(newPassword);
}
else
{
return(null);
}
}
/// <summary>
/// Updates user information over options and userId and alters the database.
/// </summary>
/// <param name="update">New value which is wanted to change.</param>
/// <param name="userId">User that wants to make the change.</param>
/// <param name="option">The value (Ranged from 1 to 6) to determine which field will be changed.</param>
/// <returns>Boolean value whether the transaction is happened or not.</returns>
public static bool UpdateUser(string update, string userId, int option)
{
string sql = "";
int result = 0;
if (option == 1)
{
sql = "update user set Name ='" + update + "' where UserId = '" + userId + "';";
result = RepositoryManager.Repository.DoCommand(sql);
}
else if (option == 2)
{
sql = "select Salt from user where UserId='" + userId + "';";
List <object[]> rows = RepositoryManager.Repository.DoQuery(sql);
if (rows.Count == 0)
{
return(false);
}
string salt = (string)rows[0][0];
string hashedPassword = EncryptionManager.EncodePassword(update, salt);
sql = "update user set HashedPassword='******' where UserId = '" + userId + "';";
result = RepositoryManager.Repository.DoCommand(sql);
}
else if (option == 3)
{
sql = "update user set Email='" + update + "' where UserId = '" + userId + "';";
result = RepositoryManager.Repository.DoCommand(sql);
}
else if (option == 4)
{
sql = "update user set Gender='" + update + "' where UserId = '" + userId + "';";
result = RepositoryManager.Repository.DoCommand(sql);
}
else if (option == 5)
{
sql = "update user set BirthDate='" + update + "' where UserId = '" + userId + "';";
result = RepositoryManager.Repository.DoCommand(sql);
}
else if (option == 6)
{
sql = "update user set Location='" + update + "' where UserId = '" + userId + "';";
result = RepositoryManager.Repository.DoCommand(sql);
}
if (result == 1)
{
return(true);
}
else
{
return(false);
}
}
/*
* This method adds an admin that's name is admin and password is abc123
*/
public static void addAdmin()
{
string salt = EncryptionManager.PasswordSalt;
User Users = new User
{
Id = 0,
Name = "admin",
EmailAddress = "*****@*****.**",
Salt = salt,
HashPassword = EncryptionManager.EncodePassword("abc123", salt),
IsAdmin = 1,
Status = 1
};
AddUser(Users);
}
/*
* Recreate and reinitialize the database.
* The return value is true iff the initialization succeeds.
*/
public bool Initialize()
{
bool success = true;
Close();
try
{
SQLiteConnection.CreateFile(databaseFile);
}
catch (IOException e)
{
success = false;
}
bool openResult = Open();
if (success & openResult)
{
string salt = EncryptionManager.PasswordSalt;
string HashedPassword = EncryptionManager.EncodePassword("deneme1234", salt);
string sql = "CREATE TABLE doctor (doctorID VARCHAR(50), doctorName VARCHAR(50), doctorEmail VARCHAR(50)," +
"password VARCHAR(50), salt VARCHAR(50), hashedPassword VARCHAR(50)," +
"doctorSex VARCHAR(50), isadmin VARCHAR(50), status VARCHAR(50), PRIMARY KEY(doctorID))";
DoCommand(sql);
sql = "insert into doctor(doctorID, doctorName, doctorEmail, password," +
"salt, hashedPassword, doctorSex, isadmin, status) values "
+ "('1234567', 'Deniz Merve Gunduz', '*****@*****.**', 'pass', '" + salt + "', '" + HashedPassword + "', 'female', '1', '1')";
DoCommand(sql);
string sql1 = "CREATE TABLE patient (patientID VARCHAR(50), doctorID VARCHAR(50), patientName VARCHAR(50), patientEmail VARCHAR(50)," +
"patientPhone VARCHAR(50), patientSex VARCHAR(50)," +
"patientAge VARCHAR(50), healthProblem VARCHAR(50), PRIMARY KEY(patientID))";
DoCommand(sql1);
sql1 = "insert into patient(patientID, doctorID, patientName, patientEmail," +
"patientPhone, patientSex, patientAge, healthProblem) values "
+ "('1234567', '1', 'Deniz', '*****@*****.**', '050666666666', 'female', '22', 'Crazy')";
DoCommand(sql1);
}
return(success);
}
/*
* Add a Doctor to the database.
* Return true iff the add succeeds.
*/
public static bool AddDoctor(Doctor doctor)
{
string salt = EncryptionManager.PasswordSalt;
string HashedPassword = EncryptionManager.EncodePassword(doctor.Password, salt);
string sql = "insert into doctor (DoctorID, DoctorName, DoctorEmail, Password, Salt, HashedPassword, " +
"DoctorSex, Isadmin, Status) values ('"
+ doctor.DoctorID + "', '"
+ doctor.DoctorName + "', '"
+ doctor.DoctorEmail + "', '"
+ doctor.Password + "', '"
+ salt + "', '"
+ HashedPassword + "', '"
+ doctor.DoctorSex + "', '"
+ doctor.IsAdmin + "', '"
+ doctor.Status + "')";
RepositoryManager.Repository.DoCommand(sql);
return(true);
}
/// <summary>
/// Adds user over credential to the database.
/// </summary>
/// <param name="cr">New user's information is kept in credential object.</param>
/// <returns>Boolean value whether the transaction is happened or not.</returns>
public static bool AddUser(Credential cr)
{
string salt = User.CreateSalt();
string hashedPassword = EncryptionManager.EncodePassword(cr.Password, salt);
string sql = "insert into user (UserId, Name,Salt, HashedPassword,Email,IsAdmin,Status,Gender,BirthDate,Location) values ('"
+ cr.UserId + "', '"
+ cr.Name + "', '"
+ salt + "', '"
+ hashedPassword + "', '"
+ cr.Email + "',"
+ "0" + ", '"
+ "A" + "','"
+ cr.gender + "', '"
+ cr.BirthDate + "', '"
+ cr.Location + "'); ";
RepositoryManager.Repository.DoCommand(sql);
PrintAllUsers();
return(true);
}
/*
* Recreate and reinitialize the database.
* The return value is true iff the initialization succeeds.
*/
public bool Initialize()
{
bool openResult;
if (File.Exists(databaseFile) && new FileInfo(databaseFile).Length > 10)
{
openResult = Open();
return(openResult);
}
bool success = true;
Close();
try
{
SQLiteConnection.CreateFile(databaseFile);
}
catch (IOException e)
{
success = false;
}
openResult = Open();
if (success & openResult)
{
string salt;
string sql = "CREATE TABLE user (UserId VARCHAR(50), Name VARCHAR(50),Salt VARCHAR(50), HashedPassword VARCHAR(50),Email VARCHAR(50),IsAdmin BIT,Status VARCHAR(1),Gender VARCHAR(6),BirthDate VARCHAR(10), Location VARCHAR(30), PRIMARY KEY(UserId));";
DoCommand(sql);
sql = "CREATE TABLE car (carId INTEGER, Brand VARCHAR(50), Model VARCHAR(50),Owner VARCHAR(50),YearOfProduction INTEGER,KM INT,Url VARCHAR(200),TransmissionType VARCHAR(15), Fuel VARCHAR(15),TopSpeed INT, Acceleration Float,UrbanConsumption Float, WheelDrive VARCHAR(20), PRIMARY KEY(carId),FOREIGN KEY (Owner) references user(UserId));";
DoCommand(sql);
sql = "CREATE TABLE comment (CommentId INTEGER, carId INTEGER,UserId VARCHAR(50), Text VARCHAR(300),FOREIGN KEY (carId) references car(carId),PRIMARY KEY(CommentId),FOREIGN KEY (UserId) references user(UserId));";
DoCommand(sql);
sql = "CREATE TABLE favourites (UserId VARCHAR(12), carId INTEGER,FOREIGN KEY (carId) references car(carId),FOREIGN KEY (UserId) references user(UserId));";
DoCommand(sql);
salt = User.CreateSalt();
sql = "insert into user (UserId, Name,Salt, HashedPassword,Email,IsAdmin,Status,Gender,BirthDate,Location) values ('"
+ "crysispeed" + "', '"
+ "Caglar" + "', '"
+ salt + "', '"
+ EncryptionManager.EncodePassword("123456", salt) + "', '"
+ "*****@*****.**" + "',"
+ "1" + ", '"
+ "A" + "','"
+ "Male" + "', '"
+ "1995-08-26" + "', '"
+ "Ankara" + "');";
DoCommand(sql);
salt = User.CreateSalt();
sql = "insert into user (UserId, Name,Salt, HashedPassword,Email,IsAdmin,Status,Gender,BirthDate,Location) values ('"
+ "gurko32" + "', '"
+ "Gurkan" + "', '"
+ salt + "', '"
+ EncryptionManager.EncodePassword("123456", salt) + "', '"
+ "*****@*****.**" + "',"
+ "1" + ", '"
+ "A" + "', '"
+ "Male" + "', '"
+ "1996-10-16" + "', '"
+ "Ankara" + "');";
DoCommand(sql);
UserPersistence.PrintAllUsers();
}
return(success);
}
public ActionResult UserName(User newUser)
{
string newEmail = newUser.EmailAddress;
string newName = newUser.Name;
newUser = (User)Session["user"];
if (newUser == null)
{
return(View("User", "ChangeUser"));
}
string salt = EncryptionManager.PasswordSalt;
if (newEmail != null && newName != null)
{
User Users = new User
{
Id = newUser.Id,
Name = newName,
EmailAddress = newEmail,
Salt = salt,
HashPassword = EncryptionManager.EncodePassword("abc123", salt),
IsAdmin = 0,
Status = 0
};
bool result = UserPersistence.UpdateUser(Users);
if (result)
{
ViewBag.message = "User Updated";
}
else
{
ViewBag.message = "That user could not be Updated";
}
}
else if (newEmail != null && newName == null)
{
User Users = new User
{
Id = newUser.Id,
Name = newUser.Name,
EmailAddress = newEmail,
Salt = salt,
HashPassword = EncryptionManager.EncodePassword("abc123", salt),
IsAdmin = 0,
Status = 0
};
bool result = UserPersistence.UpdateUser(Users);
if (result)
{
ViewBag.message = "User Updated";
}
else
{
ViewBag.message = "That user could not be Updated";
}
}
else
{
User Users = new User
{
Id = newUser.Id,
Name = newName,
EmailAddress = newUser.EmailAddress,
Salt = salt,
HashPassword = EncryptionManager.EncodePassword("abc123", salt),
IsAdmin = 0,
Status = 0
};
bool result = UserPersistence.UpdateUser(Users);
if (result)
{
ViewBag.message = "User Updated";
}
else
{
ViewBag.message = "That user could not be Updated";
}
}
return(View(newUser));
}
public ActionResult SignUp(RegisterCredential registerCredential)
{
ViewBag.Title = "SignUp";
// Validate book data from the transaction
if (registerCredential == null)
{
TempData["signupMessage"] = "Error: Invalid Request - please try again";
return(View(new RegisterCredential()));
}
if (registerCredential.Name == null || registerCredential.Name.Length == 0)
{
TempData["signupMessage"] = "Error: Name is required";
return(View(registerCredential));
}
if (registerCredential.Email == null || registerCredential.Email.Length == 0 || !registerCredential.Email.Contains("@"))
{
TempData["signupMessage"] = "Error: Please type a valid mail";
return(View(registerCredential));
}
if (registerCredential.Password == null)
{
TempData["signupMessage"] = "Error: Please type a valid password";
return(View(registerCredential));
}
// Create the user
String salt = EncryptionManager.PasswordSalt;
System.Diagnostics.Debug.WriteLine("signup passhash: " + EncryptionManager.EncodePassword(registerCredential.Password, salt));
System.Diagnostics.Debug.WriteLine("signup salt: " + salt);
User user = new User
{
UserId = registerCredential.UserId,
Salt = salt,
PasswordHash = EncryptionManager.EncodePassword(registerCredential.Password, salt),
Name = registerCredential.Name,
Email = registerCredential.Email,
IsAdmin = false,
IsActive = true,
RegisterDate = DateTime.Now,
Age = registerCredential.Age,
IsProvider = registerCredential.IsProvider
};
System.Diagnostics.Debug.WriteLine("user passhash: " + user.PasswordHash);
System.Diagnostics.Debug.WriteLine("user salt: " + user.Salt);
//Add user
bool result = UserManager.AddNewUser(user);
if (result)
{
TempData["signupMessage"] = "";
return(RedirectToAction("Index", "Home"));
}
else
{
TempData["signupMessage"] = "User name " + registerCredential.UserId + " already exists, try again";
return(View(registerCredential));
}
}
