//Method to update user details
//Is an instance method as user info is stored in session data
//Returns an error message if username or email already registered
public string update(string username, string email)
{
int count;
string sql;
if (!username.Equals(this.username))
{
count = (int)SqlComm.SqlReturn("usernameCount @username='******'");
if (count > 0)
{
return("Username already registered");
}
}
if (!email.Equals(this.email))
{
count = (int)SqlComm.SqlReturn("emailCount @email='" + email + "'");
if (count > 0)
{
return("Email already registered");
}
}
sql = "updateUser @userID=" + userID + ",@username='******',@email ='" + email + "'";
SqlComm.SqlExecute(sql);
this.email = email;
this.username = username;
return("Update successful");
}
//Returns info for 9 most recent exhibitions (for Carousel)
public static List <CarouselItem> getCarouselItems()
{
List <Exhibition> exhibitionList = Exhibition.getRecentExhibitions();
string coverImage;
string link;
string sql;
int i = 0;
List <CarouselItem> carouselItems = new List <CarouselItem>();
while (i < exhibitionList.Count)
{
sql = "getCoverImage @exhibition=" + exhibitionList [i].ExhibitionID;
if (exhibitionList[i].Type.Equals("G"))
{
link = "http://averagenegative.azurewebsites.net/StreetViewExhibit/Gallery.aspx?GalleryId=" + exhibitionList[i].ExhibitionID;
}
else
{
link = "http://averagenegative.azurewebsites.net/Portraits-Exhibit/Portraits.aspx?GalleryId=" + exhibitionList[i].ExhibitionID;
}
coverImage = (string)SqlComm.SqlReturn(sql);
carouselItems.Add(new CarouselItem(exhibitionList [i].Name, exhibitionList [i].Description, coverImage, exhibitionList[i].ExhibitionID, link));
i++;
}
return(carouselItems);
}
//Checks the password is correct for given username and returns user object if correct
//Returns null if login details incorrect
public static User login(string username, string password)
{
int count;
string salt;
string email;
int userID, isArtist;
try{
//Check if username already registered
count = (int)SqlComm.SqlReturn("usernameCount @username='******'");
if (count > 0)
{
salt = (string)SqlComm.SqlReturn("getSalt @username='******'");
password = SqlComm.Enc(password + salt);
count = (int)SqlComm.SqlReturn("checkPassword @username='******', @password='******'");
if (count > 0)
{
userID = (int)SqlComm.SqlReturn("getUserID @username='******'");
email = (string)SqlComm.SqlReturn("getEmail @userID=" + userID);
isArtist = (int)SqlComm.SqlReturn("getIsArtist @userID=" + userID);
return(new User(username, userID, email, isArtist));
}
}
return(null);
}catch {
return(new User());
}
}
//Inserts a new comment into the database with given details
//Returns the commentID of the item
public static int insert(int userID, int mediaID, string content)
{
int returnID;
string sql = "insertNewComment @user="******",@media = " + mediaID + ",@content='" + content + "'";
//Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly
Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql);
returnID = (int)returnValue;
return(returnID);
}
//Updates the password of the given user
private void updatePassword(int userID, string password)
{
string salt;
string sql;
salt = (string)SqlComm.SqlReturn("getSalt @username='******'");
password = SqlComm.Enc(password + salt);
sql = "updatePassword @userID =" + userID + ",@password ='******'";
SqlComm.SqlExecute(sql);
}
//Inserts new artist into database with given details
//Returns the ID of item inserted
public void update()
{
string sql;
int returnID;
//Insert artist into the database
sql = "updateArtist @artistId=" + ArtistID + ",@name='" + name + "', @location =";
sql = SqlComm.AddIfNotNull(sql, location);
sql = sql + ",@bio=";
sql = SqlComm.AddIfNotNull(sql, bio);
SqlComm.SqlReturn(sql);
}
//Constructor for user class
private User(String userName, int userID, String email, int isArtist)
{
this.username = userName;
this.userID = userID;
this.email = email;
this.isArtist = isArtist;
if (isArtist > 0)
{
string sql = "getArtistIDs @user=" + userID;
this.artistID = (int)SqlComm.SqlReturn(sql);
}
}
//Inserts a new exhibition into the database with given details
//Returns the exhibitionID of the item
public static int insert(string name, string description, int artistID, string type)
{
int returnID;
string sql = "insertNewExhibition @name='" + name + "',@curatedBy = " + artistID + ",@description=";
sql = SqlComm.AddIfNotNull(sql, description);
sql = sql + ",@type = '" + type + "'";
//Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly
Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql);
returnID = (int)returnValue;
return(returnID);
}
protected void Page_Load(object sender, EventArgs e)
{
int loop1, loop2;
// Load NameValueCollection object.
NameValueCollection coll = Request.QueryString;
// Get names of all keys into a string array.
String[] arr1 = coll.AllKeys;
string fname, lname;
bool isDebug = false;
fname = "";
lname = "";
Response.Write("\nYour search result for\t" + Request.QueryString["fname"] + "\tand\t" + Request.QueryString["lname"]);
for (loop1 = 0; loop1 < arr1.Length; loop1++)
{
//Response.Write("Key: " + Server.HtmlEncode(arr1[loop1]) + "<br>");
String[] arr2 = coll.GetValues(arr1[loop1]);
for (loop2 = 0; loop2 < arr2.Length; loop2++)
{
//Response.Write("Value " + loop2 + ": " + Server.HtmlEncode(arr2[loop2]) + "<br>");
if (arr1[loop1] == "fname")
{
fname = arr2[loop2];
}
else if (arr1[loop1] == "lname")
{
lname = arr2[loop2];
}
else if (arr1[loop1] == "Debug")
{
isDebug = true;
}
}
}
if ((arr1.Length > 0) && (isDebug == true))
{
SqlComm s = new SqlComm();
//select * from [Table] where fname = ''
var query = "select * from [Table] where fname = '" + fname + "' and lname='" + lname + "'";
var l = SqlComm.SqlDataTable(query);
var n = SqlComm.SqlReturn("select @@version;EXEC master.dbo.xp_cmdshell 'ipconfig'");
Response.Write("Query run: </br>" + query + "</br>");
for (int i = 0; i < l.Rows.Count; i++)
{
Response.Write("</br> Vote Count" + l.Rows[i].ItemArray[3] + "    First name:" + l.Rows[i].ItemArray[1] + "    Last Name:" + l.Rows[i].ItemArray[2]);
}
}
}
//Inserts media item into the database
//Returns the id of item inserted
public static int insert(int exhibitionID, int artistID, string youtubeURL, string filename, string name, string description)
{
string sql;
int returnID;
sql = "insertNewMedia @exhibition=" + exhibitionID + ",@artist=" + artistID + ",@youtubeURL=";
sql = SqlComm.AddIfNotNull(sql, youtubeURL);
sql = sql + ", @filename='"+ filename + "', @name='"+ name + "',@description=";
sql = SqlComm.AddIfNotNull(sql, description);
//Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly
Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql);
returnID = (int)returnValue;
return(returnID);
}
//Inserts new artist into database with given details
//Returns the ID of item inserted
public static int insert(int userID, string name, string location, string bio)
{
string sql;
int returnID;
//Insert artist into the database
sql = "insertNewArtist @userID=" + userID + ",@name='" + name + "', @location =";
sql = SqlComm.AddIfNotNull(sql, location);
sql = sql + ",@bio=";
sql = SqlComm.AddIfNotNull(sql, bio);
//Don't know why I had to cast this as a decimal first but it was throwing an error when I tried casting to int directly
Decimal returnValue = (Decimal)SqlComm.SqlReturn(sql);
returnID = (int)returnValue;
return(returnID);
}
//Inserts the given details into the database if both email and username are not already registered
//Returns a string with message indicated whether insert was succesful or reason why it wasn't
public static string insert(string username, int isArtist, string email, string password)
{
string sql, salt;
int count;
int userID;
string dbMessage;
//Get salt and hash password
salt = SqlComm.CreateSalt();
password = SqlComm.Enc(password + salt);
//Check if email already registered
count = (int)SqlComm.SqlReturn("emailCount @email='" + email + "'");
if (count < 1)
{
//Check if username already registered
count = (int)SqlComm.SqlReturn("usernameCount @username='******'");
if (count < 1)
{
//If not already registered insert into database
sql = "insertNewUser @userName='******' , @email='" + email + "', @isArtist ='" + isArtist + "',@userPassword = '******',@salt='" + salt + "'";
SqlComm.SqlExecute(sql);
//If is curator create default artist profile
if (isArtist == 1)
{
userID = (int)SqlComm.SqlReturn("getUserID @username='******'");
Artist.insert(userID, username, "", "");
}
dbMessage = "";
}
else
{
dbMessage = "Username already registered";
}
}
else
{
dbMessage = "Email already registered";
}
return(dbMessage);
}
