public string ChangeAccount(Login login) { LogEntry log = new LogEntry("ChangeAccount", login.Name); string query; string result = ""; if (gpxConnection.IsConnect()) { try { if (login.PW != string.Empty) // has actually been changed { string hash = Logdata.GetHash(login.PW); query = string.Format("update logins set pw = '{0}' where id = {1}", hash, login.ID); var cmd = new MySqlCommand(query, gpxConnection.Connection); cmd.ExecuteNonQuery(); } if (login.Email != string.Empty) // has actually been changed { query = string.Format("update logins set email = '{0}' where id = {1}", login.Email, login.ID); var cmd = new MySqlCommand(query, gpxConnection.Connection); cmd.ExecuteNonQuery(); } if (login.Name != string.Empty) // has actually been changed { query = string.Format("update logins set name = '{0}' where id = {1}", login.Name, login.ID); var cmd = new MySqlCommand(query, gpxConnection.Connection); cmd.ExecuteNonQuery(); } if (true) { query = string.Format("update logins set units = '{0}', climbs={1} where id = {2}", login.Units, login.Climbs, login.ID); var cmd = new MySqlCommand(query, gpxConnection.Connection); cmd.ExecuteNonQuery(); } result = "OK"; } catch (Exception ex2) { result = "There is a database error, some details not changed, please try again: " + ex2.Message; log.Error = ex2.Message; } finally { log.Result = result; log.Save(gpxConnection); gpxConnection.Close(); } } else { return(DBConnection.ErrStr); } return(result); }
public string Register(Login login) { LogEntry log = new LogEntry("Register2", login.Name + " " + login.EmailCode); string result = ""; if (login.EmailCode == Logdata.GetHash(login.Name + login.Name)) { string query = string.Format("update logins set role = 1 where name = '{0}'", login.Name); if (gpxConnection.IsConnect()) { try { var cmd = new MySqlCommand(query, gpxConnection.Connection); cmd.ExecuteNonQuery(); result = "Thank you, you have now registered"; } catch (Exception ex) { result = "There is a database error, please try again:" + ex.Message; log.Error = ex.Message; } finally { log.Result = login.Name; log.Save(gpxConnection); gpxConnection.Close(); } } else { return(DBConnection.ErrStr); } return(result); } else { return("Error with email or code, sorry"); } }
/// <summary> /// Log in to the system /// </summary> /// <param name="login">login object with just a username and password</param> /// <returns>login object with details of role and user id</returns> public Login Login(Login login) { string hash = Logdata.GetHash(login.PW); LogEntry log = new LogEntry("Login", login.Name); string result = ""; // can now login with either username or email string query = string.Format("SELECT Id, name, pw, email, role, units, climbs FROM logins where name = '{0}' or email = '{0}'", login.Name); if (gpxConnection.IsConnect()) { try { using (MySqlDataAdapter loginAdapter = new MySqlDataAdapter(query, gpxConnection.Connection)) { dataLogins = new DataTable(); loginAdapter.Fill(dataLogins); int length = dataLogins.Rows.Count; for (int row = 0; row < length; row++) { DataRow dr = dataLogins.Rows[row]; string dbname = (string)dr["name"]; dbname = dbname.Trim(); string dbpw = (string)dr["pw"]; dbpw = dbpw.Trim(); string dbemail = (string)dr["email"]; dbemail = dbemail.Trim(); // login with either username or email if ((dbname == login.Name && dbpw == hash) || (dbemail == login.Name && dbpw == hash)) { if (dbemail == login.Name) { // change back to actual login name login.Name = dbname; } login.Role = (int)dr["role"]; login.ID = (int)dr["id"]; login.Email = (string)dr["email"]; login.Units = ((string)dr["units"])[0]; login.Climbs = (int)dr["climbs"]; // don't need to return the password login.PW = String.Empty; break; } } } } catch (Exception ex) { result = "There is a database error, please try again:" + ex.Message; log.Error = ex.Message; } finally { log.Result = login.Name; log.Save(gpxConnection); gpxConnection.Close(); } return(login); } return(null); }
public string ForgetPassword(string email) { LogEntry log = new LogEntry("ForgetPassword", email); string result = "OK, now please wait for an email and click the link to set a new password"; string username = ""; MailAddress emailAddr; try { emailAddr = new MailAddress(email); // Valid address } catch { return("This email address appears to be invalid"); } if (gpxConnection.IsConnect()) { string query = string.Format("SELECT Id, name, email FROM logins where email = '{0}'", email); try { using (MySqlDataAdapter loginAdapter = new MySqlDataAdapter(query, gpxConnection.Connection)) { dataLogins = new DataTable(); loginAdapter.Fill(dataLogins); int count = dataLogins.Rows.Count; if (count == 1) { DataRow dr = dataLogins.Rows[0]; string dbname = (string)dr["name"]; username = dbname.Trim(); } else if (count == 0) { return(string.Format("Error: cannot find an account with that email")); } else { return(string.Format("Error: {0} users found with that email", dataLogins.Rows.Count)); } } } catch (Exception ex) { log.Error = ex.Message; return("DB error: " + ex.Message); } // create and send an email try { // create a code based on data string emailCode = Logdata.GetHash(username + username); // string URLstr = string.Format("https://quilkin.co.uk/tccrides?pwuser={0}®code={1}", username, emailCode); string URLstr = string.Format(Connections.serviceURL + "?pwuser={0}®code={1}", username, emailCode); EmailConnection ec = new EmailConnection(); MailAddress from = new MailAddress("*****@*****.**"); MailMessage message = new MailMessage(from, emailAddr) { Subject = "TCC rides forgotten password", Body = string.Format("Please click {0} to reset your password or other details.\n\rFor security, this link will expire in 15 minutes!", URLstr) }; try { SmtpClient client = new System.Net.Mail.SmtpClient(ec.Server) { Credentials = new System.Net.NetworkCredential(ec.User, ec.PW) }; client.Send(message); // save the time this message was delivered query = string.Format("update logins set messagetime = '{0}' where email = '{1}'", Logdata.DBTimeString(DateTime.Now), email); try { var cmd = new MySqlCommand(query, gpxConnection.Connection); cmd.ExecuteNonQuery(); } catch (Exception ex2) { result = "There is a database error, please try again:" + ex2.Message; log.Error = ex2.Message; } result = "OK, now please wait for an email and click the link to set a new password"; } catch (Exception ex) { result = "Sorry, there is an error with the email service: " + ex.Message; log.Error = ex.Message; } } catch (Exception ex2) { return("Error: " + ex2.Message); } finally { log.Result = result; log.Save(gpxConnection); gpxConnection.Close(); } return(result); } else { return(DBConnection.ErrStr); } }
public string Signup(Login login) { string hash = Logdata.GetHash(login.PW); LogEntry log = new LogEntry("Signup", login.Name); MailAddress emailAddr; string result = "OK, now please wait for an email and click the link to complete your registration"; try { emailAddr = new MailAddress(login.Email); // Valid address } catch { return("This email address appears to be invalid"); } if (login.PW.Length < 4 || login.PW.Length > 10) { return("Password must be between 4 and 10 characters"); } if (gpxConnection.IsConnect()) { // check username and email string query = "SELECT Id, name, pw, email FROM logins"; try { using (MySqlDataAdapter loginAdapter = new MySqlDataAdapter(query, gpxConnection.Connection)) { dataLogins = new DataTable(); loginAdapter.Fill(dataLogins); int length = dataLogins.Rows.Count; for (int row = 0; row < length; row++) { DataRow dr = dataLogins.Rows[row]; string dbname = (string)dr["name"]; dbname = dbname.Trim(); string dbpw = (string)dr["pw"]; dbpw = dbpw.Trim(); string dbemail = (string)dr["email"]; dbemail = dbemail.Trim(); if (dbname.ToLower() == login.Name.ToLower()) { return("Sorry, this username has already been taken"); } if (dbemail == login.Email) { return("Sorry, only one login allowed per email address"); } if (EmailConnection.IsValidEmail(dbemail) == false) { return("Sorry, this email doesn't appear to be valid"); } } } } catch (Exception ex) { log.Error = ex.Message; return("DB error: " + ex.Message); } // create and send an email try { // create a code based on data login.EmailCode = Logdata.GetHash(login.Name + login.Name); string URLstr = string.Format(Connections.serviceURL + "?user={0}®code={1}", login.Name, login.EmailCode); //string URLstr = string.Format("http://localhost/routes/www?user={0}®code={1}",login.Name, login.EmailCode); EmailConnection ec = new EmailConnection(); MailAddress from = new MailAddress("*****@*****.**"); MailMessage message = new MailMessage(from, emailAddr) { Subject = "TCC rides signup", Body = string.Format("Please click {0} to complete your registration", URLstr) }; try { SmtpClient client = new System.Net.Mail.SmtpClient(ec.Server) { Credentials = new System.Net.NetworkCredential(ec.User, ec.PW) }; client.Send(message); // save the login details but with role as zero so login won't yet work log = new LogEntry("Register1", login.Name + " " + login.EmailCode); query = string.Format("insert into logins (name, pw, email,role,messagetime,units,climbs) values ('{0}','{1}','{2}',{3},'{4}','{5}',{6})", login.Name, hash, login.Email, 0, Logdata.DBTimeString(DateTime.Now), login.Units, login.Climbs); try { var cmd = new MySqlCommand(query, gpxConnection.Connection); cmd.ExecuteNonQuery(); result = "Thank you, please wait for an email and click link to complete registration"; } catch (Exception ex2) { result = "There is a database error, please try again:" + ex2.Message;; } } catch (Exception ex) { result = "Sorry, there is an error with the email service: " + ex.Message; } } catch (Exception ex2) { result = "Error: " + ex2.Message; log.Error = ex2.Message; } finally { log.Result = result; log.Save(gpxConnection); gpxConnection.Close(); } return(result); } else { return(DBConnection.ErrStr); } }