public ReturnData ChangePassword()
{
ReturnData rd = new ReturnData();
SqlConnection usercon = new SqlConnection(user_db_connection_string);
EncriptionDecription ed = new EncriptionDecription();
UserAccess ua = new UserAccess();
int Count = 0;
string sql = "update user_profile set password=@NewPassword where user_id=@user_id and password=@password";
SqlCommand cmd = new SqlCommand(sql, usercon);
cmd.Parameters.AddWithValue("@NewPassword", ed.GetHashSha256(this.NewPassword));
cmd.Parameters.AddWithValue("@user_id", ua.getLoggedUser(this.Token));
cmd.Parameters.AddWithValue("@password", ed.GetHashSha256(this.Password));
usercon.Open();
try
{
Count = (int)cmd.ExecuteNonQuery();
if (Count > 0)
{
rd.status = 1; rd.message = "Password changed!";
}
else
{
rd.status = 0; rd.message = "Wrong password!";
}
}
catch (Exception e)
{
rd.status = 0;
rd.message = "Something went wrong! " + e.Message;
}
usercon.Close();
return(rd);
}
public ReturnData SetUser()
{
ReturnData rd = new ReturnData();
EncriptionDecription ed = new EncriptionDecription();
UserAccess ua = new UserAccess();
SqlConnection usercon = new SqlConnection(user_db_connection_string);
if (!ua.validateFunctions(this.Token, "ADMIN_PANEL"))
{
rd.status = 0; rd.message = "You do not have privileges!"; return(rd);
}
string sql = "";
if (IsEdit)
{
sql = "Update user_profile set first_name=@first_name,last_name=@last_name,email=@email,mobile_phone=@mobile_phone,user_role=@user_role,status=@status where user_id=@user_id;";
}
else
{
sql = "Insert into user_profile (user_id,first_name,last_name,email,mobile_phone,password,user_role,status) values(@user_id,@first_name,@last_name,@email,@mobile_phone,@password,@user_role,@status);";
}
SqlCommand cmd = new SqlCommand(sql, usercon);
cmd.Parameters.AddWithValue("@user_id", this.UserID);
cmd.Parameters.AddWithValue("@first_name", this.FirstName);
cmd.Parameters.AddWithValue("@last_name", this.LastName);
cmd.Parameters.AddWithValue("@email", this.Email);
cmd.Parameters.AddWithValue("@mobile_phone", this.MobilePhone);
cmd.Parameters.AddWithValue("@password", ed.GetHashSha256(this.Password));
cmd.Parameters.AddWithValue("@user_role", this.UserRole);
cmd.Parameters.AddWithValue("@status", this.Status);
usercon.Open();
int count = 0;
try
{
count = (int)cmd.ExecuteNonQuery();
}
catch (Exception e)
{
rd.status = 0;
rd.message = "Something went wrong! " + e.Message;
return(rd);
}
usercon.Close();
if (count > 0)
{
rd.status = 1; rd.message = "Saved!";
}
else
{
rd.status = 0; rd.message = "Unable to save!";
}
return(rd);
}
public ReturnData login()
{
ReturnData rd = new ReturnData();
EncriptionDecription ed = new EncriptionDecription();
if (this.user_id == null || this.password == null || this.user_id == "" || this.password == "")
{
rd.status = 0;
rd.message = "Not a valid username of password";
return(rd);
}
string sql = "select * from user_profile where user_id=@para_user_id and password=@para_password and status = 'Active' ";
SqlConnection con = new SqlConnection(user_db_connection_string);
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.AddWithValue("@para_user_id", this.user_id);
//cmd.Parameters.AddWithValue("@para_password", this.password); //Check plain text password
cmd.Parameters.AddWithValue("@para_password", ed.GetHashSha256(this.password)); //Check Hash(sha256) password
con.Open();
SqlDataReader rdr = cmd.ExecuteReader();
if (rdr.HasRows)
{
rdr.Read();
rd.status = 1;
rd.message = "OK";
rd.para1 = get_token(rdr["user_id"].ToString());
}
else
{
rd.status = 0;
rd.message = "Not a valid username of password";
}
con.Close();
return(rd);
}
public ReturnData UserRegistration()
{
ReturnData rd = new ReturnData();
SqlConnection usercon = new SqlConnection(user_db_connection_string);
EncriptionDecription ed = new EncriptionDecription();
if (this.NewPassword != this.ConfirmPassword)
{
rd.status = 0;
rd.message = "password mismatch!";
return(rd);
}
string sql = "Insert into user_profile (user_id,password,status) values(@UserID,@NewPassword,@status);";
SqlCommand cmd = new SqlCommand(sql, usercon);
cmd.Parameters.AddWithValue("@UserID", this.UserID);
cmd.Parameters.AddWithValue("@NewPassword", ed.GetHashSha256(this.NewPassword));
cmd.Parameters.AddWithValue("@status", "Active");
usercon.Open();
try
{
int count = cmd.ExecuteNonQuery();
if (count > 0)
{
rd.status = 1;
rd.message = "User added!";
}
}
catch (Exception e)
{
rd.status = 0;
rd.message = e.Message;
}
usercon.Close();
return(rd);
}