//Method to update user details //Is an instance method as user info is stored in session data //Returns an error message if username or email already registered public string update(string username, string email) { int count; string sql; if (!username.Equals(this.username)) { count = (int)SqlComm.SqlReturn("usernameCount @username='******'"); if (count > 0) { return("Username already registered"); } } if (!email.Equals(this.email)) { count = (int)SqlComm.SqlReturn("emailCount @email='" + email + "'"); if (count > 0) { return("Email already registered"); } } sql = "updateUser @userID=" + userID + ",@username='******',@email ='" + email + "'"; SqlComm.SqlExecute(sql); this.email = email; this.username = username; return("Update successful"); }
//Returns info for 9 most recent exhibitions (for Carousel) public static List <CarouselItem> getCarouselItems() { List <Exhibition> exhibitionList = Exhibition.getRecentExhibitions(); string coverImage; string link; string sql; int i = 0; List <CarouselItem> carouselItems = new List <CarouselItem>(); while (i < exhibitionList.Count) { sql = "getCoverImage @exhibition=" + exhibitionList [i].ExhibitionID; if (exhibitionList[i].Type.Equals("G")) { link = "http://averagenegative.azurewebsites.net/StreetViewExhibit/Gallery.aspx?GalleryId=" + exhibitionList[i].ExhibitionID; } else { link = "http://averagenegative.azurewebsites.net/Portraits-Exhibit/Portraits.aspx?GalleryId=" + exhibitionList[i].ExhibitionID; } coverImage = (string)SqlComm.SqlReturn(sql); carouselItems.Add(new CarouselItem(exhibitionList [i].Name, exhibitionList [i].Description, coverImage, exhibitionList[i].ExhibitionID, link)); i++; } return(carouselItems); }
//Checks the password is correct for given username and returns user object if correct //Returns null if login details incorrect public static User login(string username, string password) { int count; string salt; string email; int userID, isArtist; try{ //Check if username already registered count = (int)SqlComm.SqlReturn("usernameCount @username='******'"); if (count > 0) { salt = (string)SqlComm.SqlReturn("getSalt @username='******'"); password = SqlComm.Enc(password + salt); count = (int)SqlComm.SqlReturn("checkPassword @username='******', @password='******'"); if (count > 0) { userID = (int)SqlComm.SqlReturn("getUserID @username='******'"); email = (string)SqlComm.SqlReturn("getEmail @userID=" + userID); isArtist = (int)SqlComm.SqlReturn("getIsArtist @userID=" + userID); return(new User(username, userID, email, isArtist)); } } return(null); }catch { return(new User()); } }
//Inserts a new comment into the database with given details //Returns the commentID of the item public static int insert(int userID, int mediaID, string content) { int returnID; string sql = "insertNewComment @user="******",@media = " + mediaID + ",@content='" + content + "'"; //Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql); returnID = (int)returnValue; return(returnID); }
//Updates the password of the given user private void updatePassword(int userID, string password) { string salt; string sql; salt = (string)SqlComm.SqlReturn("getSalt @username='******'"); password = SqlComm.Enc(password + salt); sql = "updatePassword @userID =" + userID + ",@password ='******'"; SqlComm.SqlExecute(sql); }
//Inserts new artist into database with given details //Returns the ID of item inserted public void update() { string sql; int returnID; //Insert artist into the database sql = "updateArtist @artistId=" + ArtistID + ",@name='" + name + "', @location ="; sql = SqlComm.AddIfNotNull(sql, location); sql = sql + ",@bio="; sql = SqlComm.AddIfNotNull(sql, bio); SqlComm.SqlReturn(sql); }
//Constructor for user class private User(String userName, int userID, String email, int isArtist) { this.username = userName; this.userID = userID; this.email = email; this.isArtist = isArtist; if (isArtist > 0) { string sql = "getArtistIDs @user=" + userID; this.artistID = (int)SqlComm.SqlReturn(sql); } }
//Inserts a new exhibition into the database with given details //Returns the exhibitionID of the item public static int insert(string name, string description, int artistID, string type) { int returnID; string sql = "insertNewExhibition @name='" + name + "',@curatedBy = " + artistID + ",@description="; sql = SqlComm.AddIfNotNull(sql, description); sql = sql + ",@type = '" + type + "'"; //Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql); returnID = (int)returnValue; return(returnID); }
protected void Page_Load(object sender, EventArgs e) { int loop1, loop2; // Load NameValueCollection object. NameValueCollection coll = Request.QueryString; // Get names of all keys into a string array. String[] arr1 = coll.AllKeys; string fname, lname; bool isDebug = false; fname = ""; lname = ""; Response.Write("\nYour search result for\t" + Request.QueryString["fname"] + "\tand\t" + Request.QueryString["lname"]); for (loop1 = 0; loop1 < arr1.Length; loop1++) { //Response.Write("Key: " + Server.HtmlEncode(arr1[loop1]) + "<br>"); String[] arr2 = coll.GetValues(arr1[loop1]); for (loop2 = 0; loop2 < arr2.Length; loop2++) { //Response.Write("Value " + loop2 + ": " + Server.HtmlEncode(arr2[loop2]) + "<br>"); if (arr1[loop1] == "fname") { fname = arr2[loop2]; } else if (arr1[loop1] == "lname") { lname = arr2[loop2]; } else if (arr1[loop1] == "Debug") { isDebug = true; } } } if ((arr1.Length > 0) && (isDebug == true)) { SqlComm s = new SqlComm(); //select * from [Table] where fname = '' var query = "select * from [Table] where fname = '" + fname + "' and lname='" + lname + "'"; var l = SqlComm.SqlDataTable(query); var n = SqlComm.SqlReturn("select @@version;EXEC master.dbo.xp_cmdshell 'ipconfig'"); Response.Write("Query run: </br>" + query + "</br>"); for (int i = 0; i < l.Rows.Count; i++) { Response.Write("</br> Vote Count" + l.Rows[i].ItemArray[3] + "    First name:" + l.Rows[i].ItemArray[1] + "    Last Name:" + l.Rows[i].ItemArray[2]); } } }
//Inserts media item into the database //Returns the id of item inserted public static int insert(int exhibitionID, int artistID, string youtubeURL, string filename, string name, string description) { string sql; int returnID; sql = "insertNewMedia @exhibition=" + exhibitionID + ",@artist=" + artistID + ",@youtubeURL="; sql = SqlComm.AddIfNotNull(sql, youtubeURL); sql = sql + ", @filename='"+ filename + "', @name='"+ name + "',@description="; sql = SqlComm.AddIfNotNull(sql, description); //Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql); returnID = (int)returnValue; return(returnID); }
//Inserts new artist into database with given details //Returns the ID of item inserted public static int insert(int userID, string name, string location, string bio) { string sql; int returnID; //Insert artist into the database sql = "insertNewArtist @userID=" + userID + ",@name='" + name + "', @location ="; sql = SqlComm.AddIfNotNull(sql, location); sql = sql + ",@bio="; sql = SqlComm.AddIfNotNull(sql, bio); //Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql); returnID = (int)returnValue; return(returnID); }
//Inserts the given details into the database if both email and username are not already registered //Returns a string with message indicated whether insert was succesful or reason why it wasn't public static string insert(string username, int isArtist, string email, string password) { string sql, salt; int count; int userID; string dbMessage; //Get salt and hash password salt = SqlComm.CreateSalt(); password = SqlComm.Enc(password + salt); //Check if email already registered count = (int)SqlComm.SqlReturn("emailCount @email='" + email + "'"); if (count < 1) { //Check if username already registered count = (int)SqlComm.SqlReturn("usernameCount @username='******'"); if (count < 1) { //If not already registered insert into database sql = "insertNewUser @userName='******' , @email='" + email + "', @isArtist ='" + isArtist + "',@userPassword = '******',@salt='" + salt + "'"; SqlComm.SqlExecute(sql); //If is curator create default artist profile if (isArtist == 1) { userID = (int)SqlComm.SqlReturn("getUserID @username='******'"); Artist.insert(userID, username, "", ""); } dbMessage = ""; } else { dbMessage = "Username already registered"; } } else { dbMessage = "Email already registered"; } return(dbMessage); }