public static string RegisterNewUser(tbl_userdata user)
{
string activationCode = generateActivationCode();
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_userName", user.fld_username);
dic.Add("in_password", SaltNHash(user.fld_password));
dic.Add("in_firstName", user.fld_firstname);
dic.Add("in_lastName", user.fld_lastname);
dic.Add("in_gender", user.fld_gender);
dic.Add("in_address", user.fld_address);
dic.Add("in_zipCode", user.fld_zipcode);
dic.Add("in_dob", user.fld_dateofbirth);
dic.Add("in_phoneNumber", user.fld_phonenumber);
dic.Add("in_emailAddress", user.fld_email);
dic.Add("in_activationCode", activationCode);
dic.Add("in_isActivated", false);
dic.Add("out_userId", 0);
dic = ProcedureCall <int> .ExecuteNonQuery(dic, "user_Register");
user.fld_activationcode = activationCode;
user.fld_userid = Convert.ToInt32(dic["out_userId"]);
EsUpdater <tbl_userdata> .InsertDocument(user, "moll_users", "User", dic["out_userId"].ToString());
return(activationCode);
}
catch (Exception e)
{
return("Db Error!");
}
}
public static tbl_userdata FindUserByEmail(string emailAddress)
{
tbl_userdata foundUser = new tbl_userdata();
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_email", emailAddress);
foundUser = (tbl_userdata)ProcedureCall <tbl_userdata> .ExecuteReader(dic, "FindUserByEmail");
return(foundUser);
}
public static List <Object> GetShoppingCartItems(int userid)
{
Dictionary <string, object> dic = new Dictionary <string, Object>();
dic.Add("in_givenUserId", userid);
List <Object> offeredServiceIds = ProcedureCall <Object> .returnPrimitiveList(dic, "GetShoppingCartItems");
return(offeredServiceIds);
}
public static tbl_userdata FindUserById(int userId)
{
tbl_userdata foundUser = new tbl_userdata();
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_givenUserId", userId);
foundUser = (tbl_userdata)ProcedureCall <tbl_userdata> .ExecuteReader(dic, "FindUserById");
return(foundUser);
}
public static tbl_servicedata FindServiceById(int serviceId)
{
tbl_servicedata foundService = new tbl_servicedata();
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_givenServiceId", serviceId);
foundService = (tbl_servicedata)ProcedureCall <tbl_servicedata> .ExecuteReader(dic, "FindServiceById");
return(foundService);
}
public static tbl_labourerdata FindLabourerById(string labourerId)
{
tbl_labourerdata foundLabourer = new tbl_labourerdata();
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_givenLabourerId", labourerId);
foundLabourer = ProcedureCall <tbl_labourerdata> .ExecuteReader(dic, "FindLabourerById");
return(foundLabourer);
}
public static bool CheckShoppingCartItem(int fld_offeredserviceid, int fld_userid)
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_givenServiceId", fld_offeredserviceid);
dic.Add("in_givenUserId", fld_userid);
dic.Add("out_result", 0);
dic = ProcedureCall <int> .ExecuteNonQuery(dic, "CheckShoppingCartItemExistance");
if (Convert.ToInt32(dic["out_result"]) > 0)
{
return(true);
}
return(false);
}
public static int FindOrderId(int fld_offeredserviceid, string email)
{
try
{
Dictionary <string, object> dic = new Dictionary <string, Object>();
dic.Add("in_offeredServiceId", fld_offeredserviceid);
dic.Add("in_givenEmail", email);
dic.Add("out_result", -1);
dic = ProcedureCall <int> .ExecuteNonQuery(dic, "util_getOrderId");
return(Convert.ToInt32(dic["out_result"]));
}
catch (Exception e)
{
return(-1);
}
}
//Creating a row using a ModelStateDictionary
public static int CreateRow(ModelStateDictionary modelState, string targetTable)
{
try
{
Dictionary <string, object> dic = new Dictionary <string, object>();
dic.Add("in_TargetTable", targetTable);
dic.Add("out_generatedId", -1);
dic = CreateStrings(modelState, dic);
dic = ProcedureCall <object> .ExecuteNonQuery(dic, "util_CreateRow");
return(Convert.ToInt32(dic["out_generatedId"]));
}
catch (Exception e)
{
return(-1);
}
}
//Creating a row from an object
public static int CreateRow(Object row)
{
try
{
Dictionary <string, object> dic = new Dictionary <string, object>();
dic.Add("in_targetTable", row.GetType().Name);
dic.Add("out_generatedId", -1);
dic = CreateStrings(row, dic);
dic = ProcedureCall <object> .ExecuteNonQuery(dic, "util_CreateRow");
return(Convert.ToInt32(dic["out_generatedId"]));
}
catch (Exception e)
{
return(-1);
}
}
public static int CheckIfUserExists(string emailAddress)
{
int result = -1;
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_emailAddress", emailAddress);
dic.Add("out_result", result);
dic = ProcedureCall <int> .ExecuteNonQuery(dic, "auth_CheckUserExists");
return(Convert.ToInt32(dic["out_result"]));
}
catch (Exception e)
{
return(-2);
}
}
public static int FindUserIdByEmail(string emailAddress)
{
int result = -1;
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_email", emailAddress);
dic.Add("out_userId", result);
Dictionary <string, Object> results = ProcedureCall <int> .ExecuteNonQuery(dic, "user_FindUserIdByEmail");
return(Convert.ToInt32(results["out_userId"]));
}
catch (Exception e)
{
return(result);
}
}
public static int CheckIfPasswordsMatchs(LoginModel loginMdl)
{
int errorResult = 2;
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_emailAddress", loginMdl.EmailAddress);
dic.Add("in_password", SaltNHash(loginMdl.Password));
dic.Add("out_result", -2);
dic = ProcedureCall <int> .ExecuteNonQuery(dic, "auth_CheckUserExists");
return(Convert.ToInt32(dic["out_result"]));
}
catch (Exception ex)
{
return(errorResult);
}
}
public static int CheckIfUserNameIsTaken(string userName)
{
int result = -2;
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_userName", userName);
dic.Add("out_result", -2);
dic = ProcedureCall <int> .ExecuteNonQuery(dic, "CheckIfUserNameIsTaken");
return(Convert.ToInt32(dic["out_result"]));
}
catch (Exception e)
{
return(result);
}
}
public static int VerifyUser(string token, int userid)
{
int result = 0;
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_token", token);
dic.Add("in_userid", userid);
dic.Add("out_result", result);
dic = ProcedureCall <int> .ExecuteNonQuery(dic, "user_verify");
EsUpdater <tbl_userdata> .UpdateField("" + userid, "fld_isactivated", 1);
return(Convert.ToInt32(dic["out_result"]));
}
catch (Exception e)
{
return(result);
}
}
public static string DeleteRow(string targetTable, string targetColumn, int targetValue)
{
string result = "";
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_TargetTable", targetTable);
dic.Add("in_TargetColumn", targetColumn);
dic.Add("in_TargetValue", targetValue);
dic = ProcedureCall <Object> .ExecuteNonQuery(dic, "util_DeleteRow");
return("Change successful");
}
catch (Exception e)
{
result = "Failed to change field";
return(result);
}
}
public static string UpdateNumberField(string targetTable, string fieldToChange, int valueForField, string primaryKeyColumn, int id)
{
string result = "";
try
{
Dictionary <string, Object> dic = new Dictionary <string, Object>();
dic.Add("in_TargetTable", targetTable);
dic.Add("in_FieldToChange", fieldToChange);
dic.Add("in_valueForField", valueForField);
dic.Add("in_PrimaryKeyColumn", primaryKeyColumn);
dic.Add("in_Id", id);
dic = ProcedureCall <Object> .ExecuteNonQuery(dic, "util_UpdateNumberField");
return("Change successful");
}
catch (Exception e)
{
result = "Failed to change field";
return(result);
}
}
public static LoginModel UserLogin(LoginModel loginMdl)
{
//Check if user is found (return the password)
Dictionary <string, Object> dic1 = new Dictionary <string, object>();
dic1.Add("in_emailAddress", loginMdl.EmailAddress);
tbl_userdata user = ProcedureCall <tbl_userdata> .ExecuteReader(dic1, "auth_CheckUserExistsLogin");
string result = user.fld_password;
if (result == null)
{
//Account was not found
loginMdl.UserId = -1;
return(loginMdl);
}
//Check if passwords match
//First we convert the storedPassword to bytes
if (result != null)
{
string storedPassword = result.ToString();
byte[] passwordBytes = Convert.FromBase64String(storedPassword);
//We grab the salt
byte[] salt = new byte[16];
Array.Copy(passwordBytes, 0, salt, 0, 16);
//Hash the given password and grab the resulting hash
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(loginMdl.Password, salt, 10000);
byte[] givenHash = pbkdf2.GetBytes(20);
//Compare the hashes of the stored password with the given password
int success = 1;
for (int i = 0; i < 20; i++)
{
if (passwordBytes[i + 16] != givenHash[i])
{
loginMdl.UserId = 0;
return(loginMdl);
}
}
}
//Lastly, we check if the account is verified. If it is, the procedure will return all relevant information for later usage
if (user.fld_isactivated == 0)
{
loginMdl.UserId = -3;
loginMdl.UserName = user.fld_username;
return(loginMdl);
}
loginMdl.Admin = user.fld_adminPriv;
loginMdl.UserName = user.fld_username;
loginMdl.EmailAddress = user.fld_email;
loginMdl.UserId = user.fld_userid;
return(loginMdl);
//Retrieve relevant info
}
