protected bool isTopicCorrect() { bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(topicId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(topicId)) { correct = false; } if (correct) { connect.Open(); SqlCommand cmd = connect.CreateCommand(); //Count the existance of the topic: cmd.CommandText = "select count(*) from Topics where topicId = '" + topicId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the topic ID exists in DB. { cmd.CommandText = "select topic_createdBy from Topics where topicId = '" + topicId + "' "; string creatorId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' "; string userId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select topic_isDeleted from Topics where topicId = '" + topicId + "' "; int isDeleted = Convert.ToInt32(cmd.ExecuteScalar()); //check if id belongs to a different user: //if (!userId.Equals(creatorId)) // correct = false; //else if (isDeleted == 1) { correct = false; } } else { correct = false; // means that the topic ID does not exists in DB. } connect.Close(); } return(correct); }
protected static bool isTestCaseCorrect(string testCaseId, string creatorId) { bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(testCaseId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(testCaseId)) { correct = false; } if (correct) { Configuration config = new Configuration(); SqlConnection connect = new SqlConnection(config.getConnectionString()); SqlCommand cmd = connect.CreateCommand(); connect.Open(); //Count the existance of the topic: cmd.CommandText = "select count(*) from TestCases where testCaseId = '" + testCaseId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the project ID exists in DB. { cmd.CommandText = "select testCase_createdBy from TestCases where testCaseId = '" + testCaseId + "' "; string actual_creatorId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select testCase_isDeleted from TestCases where testCaseId = '" + testCaseId + "' "; int isDeleted = Convert.ToInt32(cmd.ExecuteScalar()); if (isDeleted == 1) { correct = false; } } else { correct = false; // means that the project ID does not exists in DB. } connect.Close(); } return(correct); }
protected bool isUserCorrect() { bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(profileId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(profileId)) { correct = false; } if (correct) { connect.Open(); SqlCommand cmd = connect.CreateCommand(); //Count the existance of the user: cmd.CommandText = "select count(*) from Users where userId = '" + profileId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the user ID exists in DB. { //Get the current user's ID who is trying to access the profile: cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' "; string current_userId = cmd.ExecuteScalar().ToString(); //Maybe later use the current user's ID to check if the current user has access to view the selected profile. } else { correct = false; // means that the user ID does not exists in DB. } connect.Close(); } return(correct); }
protected static bool isAccountCorrect(string in_profileId, int terminateOrUnlock) { Configuration config = new Configuration(); SqlConnection connect = new SqlConnection(config.getConnectionString()); bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(in_profileId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(in_profileId)) { correct = false; } if (correct) { connect.Open(); SqlCommand cmd = connect.CreateCommand(); //Count the existance of the user: cmd.CommandText = "select count(*) from Users where userId = '" + in_profileId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the user ID exists in DB. { //Get the current user's ID who is trying to access the profile: cmd.CommandText = "select userId from Users where loginId = '" + g_loginId + "' "; string current_userId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select loginId from users where userId = '" + in_profileId + "' "; string account_loginId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select login_isActive from Logins where loginId = '" + account_loginId + "' "; int isActive = Convert.ToInt32(cmd.ExecuteScalar()); if (terminateOrUnlock == 1)// if the command was to terminate: { if (isActive == 0) { correct = false; } else if (terminateOrUnlock == 2)// if the command was to unlock: { if (isActive == 1) { correct = false; } } } //Maybe later use the current user's ID to check if the current user has access to view the selected profile. if (account_loginId == g_loginId) { correct = false; } } else { correct = false; // means that the user ID does not exists in DB. } connect.Close(); } return(correct); }