public static bool CreateUserAccount(Users user, SecurityO sec) { string ins = "INSERT INTO USERS " + " (ID, Name, DOB, email, phone, address) " + " Values (@ID, @Username, @dob, @email, @phone, @address);"; string ins2 = "INSERT INTO Security " + " (username, password) " + " Values (@username, @password);"; //+ user.Name + ", " + user.Dob + ", " + user.Email + ", " + //user.Phone + ", " + user.Address + ", " + "0" + ", false;"; //Checks if there is a user already if so return false sec.Password = SecureEncrypt.Encrypt(sec.Password); int userCheck = GetUserID(sec.Username, sec.Password); if (userCheck >= 0) //find out if there is already a user with that username ad password { return(false); } using (SqlConnection con = new SqlConnection(GetConnectionString())) { using (SqlCommand cmd = new SqlCommand(ins2, con))//Create User ID, username, and password { cmd.Parameters.AddWithValue("username", sec.Username.ToUpper()); cmd.Parameters.AddWithValue("password", sec.Password); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } //Get the new User's ID sec.ID = GetUserID(sec.Username, sec.Password); using (SqlCommand cmd = new SqlCommand(ins, con)) //Create User Info { cmd.Parameters.AddWithValue("ID", sec.ID); cmd.Parameters.AddWithValue("Username", user.Name.ToUpper().Trim()); cmd.Parameters.AddWithValue("dob", user.Dob.ToString()); cmd.Parameters.AddWithValue("email", user.Email); cmd.Parameters.AddWithValue("phone", user.Phone); cmd.Parameters.AddWithValue("address", user.Address); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } return(true); }
public Users GetUserLogin(string username, string password) { password = SecureEncrypt.Encrypt(password); //checks and makes sure that this is a user if not return user id number as -1 bool check = false; //Get Users ID from password and Username String selectMethod = "SELECT *" + "FROM Security " + "WHERE Username = @name" + " AND Password = @password;"; //Get Users info by ID String selectMethod2 = "SELECT * FROM USERS " + "WHERE ID = @ID;"; //Get connection SqlConnection connection = new SqlConnection(GetConnectionString()); //New User and Security Users user = new Users(); SecurityO sec = new SecurityO(); //default error number sec.ID = -100; //Take userName to Uppercase string u = username.ToUpper(); //Input command and connection SqlCommand command = new SqlCommand(selectMethod, connection); //add parameters input command.Parameters.AddWithValue("name", u); command.Parameters.AddWithValue("password", password.ToString()); //Open connection connection.Open(); //Execute command SqlDataReader datareader2 = command.ExecuteReader(); //Read input while (datareader2.Read()) { check = true; sec.ID = Convert.ToInt32(datareader2["ID"].ToString()); sec.Username = username; sec.Password = password; } datareader2.Close(); //Make sure the ID was found. If not found close connection if (sec.ID > 0) { user.Password = SecureEncrypt.Decrypt(sec.Password); //Input new command command = new SqlCommand(selectMethod2, connection); //add parameters command.Parameters.AddWithValue("ID", sec.ID); SqlDataReader datareader = command.ExecuteReader(); //Read input of User Info while (datareader.Read()) { check = true; user.Name = datareader["NAME"].ToString(); user.Dob = Convert.ToDateTime(datareader["DOB"].ToString()); user.Email = datareader["Email"].ToString(); user.Phone = datareader["PHONE"].ToString(); user.Address = datareader["ADDRESS"].ToString(); user.Usertype = Convert.ToInt32(datareader["USERTYPE"].ToString()); user.Ban = Convert.ToBoolean(datareader["BAN"]); user.Id = Convert.ToInt32(datareader["ID"].ToString()); //return the users id } datareader.Close(); } else { connection.Close(); user.Id = -1; return(user); } //For performance purposes close now connection.Close(); if (user.Ban == true) { user.Id = -23; //Ban the User } if (check == false) //Check failed user either does not exsist or input wrong password. { user.Id = -1; return(user); } return(user); }