//method to add credit card orders
public bool CreateCreditCardOrder(Order order)
{
CreditCardValidationService card = new CreditCardValidationService();
if (card.Validate(order.CreditCardNumber))
{
var ccEncrypted = CcOperation.Encrypt(Config.Key, order.CreditCardNumber);
var lastFourDigits = order.CreditCardNumber.Substring(order.CreditCardNumber.Length - 4, 4);
using (SqlConnection sqlCon = new SqlConnection(Config.ConnString))
{
sqlCon.Open();
try
{
SqlCommand cmd = new SqlCommand("spCreateCreditCardOrder", sqlCon);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@Product", order.Product));
cmd.Parameters.Add(new SqlParameter("@Quantity", order.Quantity));
cmd.Parameters.Add(new SqlParameter("@Condition", order.Condition));
cmd.Parameters.Add(new SqlParameter("@Date", order.Date));
cmd.Parameters.Add(new SqlParameter("@Total", order.Total));
cmd.Parameters.Add(new SqlParameter("@CustomerName", order.CustomerName));
cmd.Parameters.Add(new SqlParameter("@CustomerPhoneNumber", order.CustomerPhoneNumber));
cmd.Parameters.Add(new SqlParameter("@Email", order.Email));
cmd.Parameters.Add(new SqlParameter("@SaleType", order.SaleType));
cmd.Parameters.Add(new SqlParameter("@CreditCardName", order.CreditCardName));
cmd.Parameters.Add(new SqlParameter("@CreditCardNumber", lastFourDigits));
cmd.Parameters.Add(new SqlParameter("@EncryptedCreditCardNumber", ccEncrypted));
cmd.Parameters.Add(new SqlParameter("@ExpirationDate", order.ExpirationDate));
cmd.Parameters.Add(new SqlParameter("@SecurityCode", order.SecurityCode));
cmd.ExecuteNonQuery();
var sql2 = $"UPDATE Inventory SET AvailableUnits = AvailableUnits - {order.Quantity} WHERE GameTitle = '{order.Product}'";
using (SqlConnection sqlConnection = new SqlConnection(Config.ConnString))
{
sqlConnection.Open();
cmd = new SqlCommand(sql2, sqlConnection);
cmd.ExecuteNonQuery();
}
return(true);
}
catch (Exception ex)
{
var Err = new CreateLogFiles();
Err.ErrorLog(Config.PathToData + "err.log", ex.Message);
return(false);
throw;
}
}
}
else
{
return(false);
}
}
/// <summary>
/// Saves Sales CSV data into database, removes 1 item from inventory where Game Title matches, returns number of rows affected by querie
/// </summary>
public int SaveCsvOrders(string inputFileName)
{
SqlCommand cmd;
int rowsAffected = 0;
//insert each item to database
foreach (var order in new ChoCSVReader <Order>(inputFileName)
.WithFirstLineHeader()
)
{
//inserts each item into database
string sql;
//check if its credit to insert credit card fields
if (order.SaleType == "Credit")
{
var validateCc = new CreditCardValidationService();
//check if credit card is valid to start insert
if (validateCc.Validate(order.CreditCardNumber))
{
//encrypt credit card
var ccEncrypted = CcOperation.Encrypt(Config.Key, order.CreditCardNumber);
//displayig only last 4 digits so save them as a string
var lastFourDigits = order.CreditCardNumber.Substring(order.CreditCardNumber.Length - 4, 4);
sql = "INSERT INTO Sales(Product, Quantity, Condition, Date, Total, CustomerName, CustomerPhoneNumber ,Email, SaleType," +
"CreditCardName, CreditCardNumber, EncryptedCreditCardNumber, ExpirationDate, SecurityCode)" +
$"VALUES ('{order.Product}', {order.Quantity}, '{order.Condition}', '{order.Date}', {order.Total}," +
$"'{order.CustomerName}', '{order.CustomerPhoneNumber}', '{order.Email}','{order.SaleType}'," +
$"'{order.CreditCardName}', '{lastFourDigits}', '{ccEncrypted}', '{order.ExpirationDate}', {order.SecurityCode})";
}
else
{
continue;
}
}
//if not credit then insert only order information
else
{
sql = "INSERT INTO Sales(Product, Quantity, Condition, Date, Total, CustomerName, CustomerPhoneNumber ,Email, SaleType)" +
$"VALUES ('{order.Product}', {order.Quantity}, '{order.Condition}', '{order.Date}', {order.Total}," +
$"'{order.CustomerName}', '{order.CustomerPhoneNumber}', '{order.Email}','{order.SaleType}')";
}
using (SqlConnection sqlConnection = new SqlConnection(Config.ConnString))
{
sqlConnection.Open();
cmd = new SqlCommand(sql, sqlConnection);
rowsAffected += cmd.ExecuteNonQuery();
}
//Removes 1 from inventory where Game Title matches
var sql2 = $"UPDATE Inventory SET AvailableUnits = AvailableUnits - 1 WHERE GameTitle = '{order.Product}'";
using (SqlConnection sqlConnection = new SqlConnection(Config.ConnString))
{
sqlConnection.Open();
cmd = new SqlCommand(sql2, sqlConnection);
rowsAffected += cmd.ExecuteNonQuery();
}
}
return(rowsAffected);
}