Esempio n. 1
0
        /// <summary>
        /// method to update user account info by user
        /// </summary>
        
        public int? UpdateAccountInfo(Employee emp,string pass)
        {
            int? ret = null;
            try
            {
                SqlCommand selectCommand = new SqlCommand(SQL_STRINGS.SP_UPDATE_ACCOUNT_INFO, con);
                selectCommand.Parameters.AddWithValue("@EMPLOYEE_ID", emp.EmployeeId);
                selectCommand.Parameters.AddWithValue("@FIRST_NAME",emp.FirstName);
                selectCommand.Parameters.AddWithValue("@LAST_NAME",emp.LastName);
                selectCommand.Parameters.AddWithValue("@EMAIL_ID", emp.Email);
                selectCommand.Parameters.AddWithValue("@PASS", pass);

                SqlParameter retParam = new SqlParameter();
                retParam.ParameterName = "@RetVal";
                retParam.Direction = ParameterDirection.ReturnValue;
                retParam.SqlDbType = SqlDbType.Int;
                selectCommand.Parameters.Add(retParam);
                selectCommand.CommandType = CommandType.StoredProcedure;
                con.Open();
                selectCommand.ExecuteNonQuery();
                con.Close();
                ret = (int)retParam.Value;
                return ret;

            }
            catch
            {
                throw;
            }
            finally
            {
                con.Close();
            }

        }
        protected void btChangeProfSave_Click(object sender, EventArgs e)
        {

            hfTab.Value = "home";
            Employee emp = new Employee();
            emp.EmployeeId = Session["EmployeeId"].ToString();
            emp.FirstName = tbFirstName.Text;
            emp.LastName = tbLastName.Text;
            emp.Email = tbEmailId.Text;
            string pass = tbChangeProfPass.Text;
            string hashedPassword = AppSecurity.HashSHA1(pass + Session["USER_GUID"].ToString());
            DataAccessLayer dal = new DataAccessLayer();
            int? ret = dal.UpdateAccountInfo(emp, hashedPassword);
            switch (ret)
            {

                case 1:
                    {
                        // update session information
                        Session["FirstName"] = emp.FirstName;
                        Session["LastName"] = emp.LastName;
                        Session["EMAIL"] = emp.Email;
                        ((Label)Master.FindControl("lbUserName")).Text = emp.FirstName + " " + emp.LastName;
                        //show success message
                       
                        editAlert.Style.Add("display", "inline");
                        editAlert.Attributes.Add("class", "alert-success");
                        editAlert.InnerText = "Account Information Successfully Updated";
                    } break;
                case -1:
                    {
                        //invalid password
                        editAlert.Style.Add("display", "inline");
                        editAlert.Attributes.Add("class", "alert-danger");
                        editAlert.InnerText = "Incorrect Password";
                                                
                    }
                    break;
                case 0:
                    {
                        //invalid password
                        editAlert.Style.Add("display", "inline");
                        editAlert.Attributes.Add("class", "alert-danger");
                        editAlert.InnerText = "Database Error Occured. Information could not be saved.";

                    }
                    break;
            }
        }
Esempio n. 3
0
        public  int ValidateUserLogin(string empId, string password , ref Employee employee)
        {
            // this is the value we will return
            int ret = -1;

            using (SqlCommand cmd = new SqlCommand(SQL_STRINGS.SQL_VALIDATE_LOGIN, con))
            {
                cmd.Parameters.AddWithValue("@EMPLOYEE_ID", empId);
                con.Open();
                SqlDataReader dr = cmd.ExecuteReader();
                while (dr.Read())
                {
                    // dr.Read() = we found user(s) with matching username!

                    string dbEmpId = Convert.ToString(dr["EMPLOYEE_ID"]);
                    string dbPassword = Convert.ToString(dr["PASS"]);
                    string dbUserGuid = Convert.ToString(dr["USER_GUID"]);
                    string dbFirstName = Convert.ToString(dr["FIRST_NAME"]);
                    string dbLastName = Convert.ToString(dr["LAST_NAME"]);
                    string dbEmail = Convert.ToString(dr["EMAIL_ID"]);
                    string guid = Convert.ToString(dr["USER_GUID"]);
                    int isAdmin = Convert.ToInt16(dr["IS_ADMIN"]);
                    // Now we hash the UserGuid from the database with the password we wan't to check
                    // In the same way as when we saved it to the database in the first place. (see AddUser() function)
                    string hashedPassword = AppSecurity.HashSHA1(password + dbUserGuid);

                    // if its correct password the result of the hash is the same as in the database
                    if (dbPassword == hashedPassword)
                    {
                        // The password is correct
                        employee = new Employee();
                        employee.EmployeeId = dbEmpId;
                        employee.FirstName = dbFirstName;
                        employee.LastName = dbLastName;
                        employee.Email = dbEmail;
                        employee.GUID = guid;
                        if (isAdmin == 0)
                        {
                            employee.IsAdmin = false;
                        }
                        else if (isAdmin == 1)
                        {
                            employee.IsAdmin = true;
                        }

                        ret = 1;
                    }
                }
                con.Close();
            }

            // Return the user id which is 0 if we did not found a user.
            return ret;
        }