// UPDATE: api/Users
public void Update(string userName, string password, string name, string email, string address)
{
EncryptionController encryptionController = new EncryptionController();
string sql = "UPDATE Users(Password, Name, Email, Address, Rating, NumberOfSales, IsAdmin, SALT)" +
"VALUES(@username, @password, @name, @email, @address, @rating, @numberOfSales, @isAdmin, @SALT)" +
"WHERE Username ='******'";
//Current User Data
var user = Get(userName);
string salt = user.Salt;
string hashedPassword = encryptionController.EncryptPassword(password + salt);
if (password == null || password == "")
{
hashedPassword = user.Password;
}
if (name == null || name == "")
{
name = user.Name;
}
if (email == null || email == "")
{
email = user.Email;
}
if (address == null || address == "")
{
address = user.Address;
}
string connStr = ConfigurationManager.ConnectionStrings["ConnStr"].ConnectionString;
using (var connection = new SqlConnection(connStr))
{
connection.Query(sql, new
{
password = hashedPassword,
name = name,
email = email,
address = address,
rating = user.Rating,
numberOfSales = user.NumberOfSales,
isAdmin = user.IsAdmin,
SALT = salt
});
}
}
// CREATE: api/Users
public int Create(string userName, string password, string name, string email, string address)
{
EncryptionController encryptionController = new EncryptionController();
string sql = "INSERT INTO Users (Username, Password, Name, Email, Address, Rating, NumberOfSales, IsAdmin, SALT)" +
" VALUES (@username, @password, @name, @email, @address, @rating, @numberOfSales, @isAdmin, @SALT)";
if (Get(userName) != null)
{
return(1);//Username taken error code
}
if ((userName != null && userName != "") && (password != null && password != "") &&
(name != null && name != "") && (email != null && email != "") &&
(address != null && address != ""))
{
string connStr = ConfigurationManager.ConnectionStrings["ConnStr"].ConnectionString;
string salt = Guid.NewGuid().ToString("N").Substring(0, 20);
string hashedPassword = encryptionController.EncryptPassword(password + salt);
using (var connection = new SqlConnection(connStr))
{
connection.Query(sql, new
{
username = userName,
password = hashedPassword,
name = name,
email = email,
address = address,
rating = 0,
numberOfSales = 0,
isAdmin = 0,
SALT = salt
});
}
return(0); //No errors found
}
return(2); //User couldn't be created
}