/// <summary>
/// method to update user account info by user
/// </summary>
public int? UpdateAccountInfo(Employee emp,string pass)
{
int? ret = null;
try
{
SqlCommand selectCommand = new SqlCommand(SQL_STRINGS.SP_UPDATE_ACCOUNT_INFO, con);
selectCommand.Parameters.AddWithValue("@EMPLOYEE_ID", emp.EmployeeId);
selectCommand.Parameters.AddWithValue("@FIRST_NAME",emp.FirstName);
selectCommand.Parameters.AddWithValue("@LAST_NAME",emp.LastName);
selectCommand.Parameters.AddWithValue("@EMAIL_ID", emp.Email);
selectCommand.Parameters.AddWithValue("@PASS", pass);
SqlParameter retParam = new SqlParameter();
retParam.ParameterName = "@RetVal";
retParam.Direction = ParameterDirection.ReturnValue;
retParam.SqlDbType = SqlDbType.Int;
selectCommand.Parameters.Add(retParam);
selectCommand.CommandType = CommandType.StoredProcedure;
con.Open();
selectCommand.ExecuteNonQuery();
con.Close();
ret = (int)retParam.Value;
return ret;
}
catch
{
throw;
}
finally
{
con.Close();
}
}
protected void btChangeProfSave_Click(object sender, EventArgs e)
{
hfTab.Value = "home";
Employee emp = new Employee();
emp.EmployeeId = Session["EmployeeId"].ToString();
emp.FirstName = tbFirstName.Text;
emp.LastName = tbLastName.Text;
emp.Email = tbEmailId.Text;
string pass = tbChangeProfPass.Text;
string hashedPassword = AppSecurity.HashSHA1(pass + Session["USER_GUID"].ToString());
DataAccessLayer dal = new DataAccessLayer();
int? ret = dal.UpdateAccountInfo(emp, hashedPassword);
switch (ret)
{
case 1:
{
// update session information
Session["FirstName"] = emp.FirstName;
Session["LastName"] = emp.LastName;
Session["EMAIL"] = emp.Email;
((Label)Master.FindControl("lbUserName")).Text = emp.FirstName + " " + emp.LastName;
//show success message
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-success");
editAlert.InnerText = "Account Information Successfully Updated";
} break;
case -1:
{
//invalid password
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-danger");
editAlert.InnerText = "Incorrect Password";
}
break;
case 0:
{
//invalid password
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-danger");
editAlert.InnerText = "Database Error Occured. Information could not be saved.";
}
break;
}
}
public int ValidateUserLogin(string empId, string password , ref Employee employee)
{
// this is the value we will return
int ret = -1;
using (SqlCommand cmd = new SqlCommand(SQL_STRINGS.SQL_VALIDATE_LOGIN, con))
{
cmd.Parameters.AddWithValue("@EMPLOYEE_ID", empId);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
// dr.Read() = we found user(s) with matching username!
string dbEmpId = Convert.ToString(dr["EMPLOYEE_ID"]);
string dbPassword = Convert.ToString(dr["PASS"]);
string dbUserGuid = Convert.ToString(dr["USER_GUID"]);
string dbFirstName = Convert.ToString(dr["FIRST_NAME"]);
string dbLastName = Convert.ToString(dr["LAST_NAME"]);
string dbEmail = Convert.ToString(dr["EMAIL_ID"]);
string guid = Convert.ToString(dr["USER_GUID"]);
int isAdmin = Convert.ToInt16(dr["IS_ADMIN"]);
// Now we hash the UserGuid from the database with the password we wan't to check
// In the same way as when we saved it to the database in the first place. (see AddUser() function)
string hashedPassword = AppSecurity.HashSHA1(password + dbUserGuid);
// if its correct password the result of the hash is the same as in the database
if (dbPassword == hashedPassword)
{
// The password is correct
employee = new Employee();
employee.EmployeeId = dbEmpId;
employee.FirstName = dbFirstName;
employee.LastName = dbLastName;
employee.Email = dbEmail;
employee.GUID = guid;
if (isAdmin == 0)
{
employee.IsAdmin = false;
}
else if (isAdmin == 1)
{
employee.IsAdmin = true;
}
ret = 1;
}
}
con.Close();
}
// Return the user id which is 0 if we did not found a user.
return ret;
}