/// <summary> /// Used to authenticate the user credentials before accessing the main interface of the application /// </summary> /// <param name="username">Username of the user</param> /// <param name="password">Password of the user</param> /// <returns>returns the account id of the authenticated user</returns> public int LoginAccount(string username, string password) { try { using (SqlConnection connection = new SqlConnection(conStr)) { using (SqlCommand command = new SqlCommand("spLoginAccount", connection)) { command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("username", SqlDbType.VarChar, 99).Value = DBConvert.From(username); command.Parameters.Add("password", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(password)); connection.Open(); return((int)command.ExecuteScalar()); //returns id of user } } } catch { return(-1); } }
/// <summary> /// Used to add a new user account after successfull registration /// </summary> /// <param name="account">Account object which contains the supplied information by the user</param> /// <returns>Returns integer value -69 if username exists, -70 if email exists, -1 if failed, and 1 if success</returns> public int AddAccount(Account account) { try { using (SqlConnection connection = new SqlConnection(conStr)) { using (SqlCommand command = new SqlCommand("spAddAccount", connection)) { command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("firstname", SqlDbType.VarChar, 99).Value = DBConvert.From(account.FirstName); command.Parameters.Add("lastname", SqlDbType.VarChar, 99).Value = DBConvert.From(account.LastName); command.Parameters.Add("birthday", SqlDbType.Date).Value = DBConvert.From(account.Birthday); command.Parameters.Add("email", SqlDbType.VarChar, 99).Value = DBConvert.From(account.Email); command.Parameters.Add("username", SqlDbType.VarChar, 99).Value = DBConvert.From(account.Username); command.Parameters.Add("password", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(account.Password)); connection.Open(); return((int)command.ExecuteScalar()); } } } catch { return(-1); } }
/// <summary> /// Used to update the user's account password /// </summary> /// <param name="account_id">ID assigned to the user's account</param> /// <param name="old_password">Current password of the user</param> /// <param name="new_password">New password supplied by the user</param> /// <returns>returns positive integer if success otherwise failed</returns> public int UpdateAccountPassword(int account_id, string old_password, string new_password) { try { using (SqlConnection connection = new SqlConnection(conStr)) { using (SqlCommand command = new SqlCommand("spUpdateAccountPassword", connection)) { command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("account_id", SqlDbType.Int).Value = DBConvert.From(account_id); command.Parameters.Add("oldPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(old_password)); command.Parameters.Add("newPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(new_password)); connection.Open(); return((int)command.ExecuteScalar()); } } } catch { return(-1); } }