public static bool CreateUserAccount(Users user, SecurityO sec)
{
string ins = "INSERT INTO USERS " +
" (ID, Name, DOB, email, phone, address) " +
" Values (@ID, @Username, @dob, @email, @phone, @address);";
string ins2 = "INSERT INTO Security " +
" (username, password) " +
" Values (@username, @password);";
//+ user.Name + ", " + user.Dob + ", " + user.Email + ", " +
//user.Phone + ", " + user.Address + ", " + "0" + ", false;";
//Checks if there is a user already if so return false
sec.Password = SecureEncrypt.Encrypt(sec.Password);
int userCheck = GetUserID(sec.Username, sec.Password);
if (userCheck >= 0) //find out if there is already a user with that username ad password
{
return(false);
}
using (SqlConnection con = new SqlConnection(GetConnectionString()))
{
using (SqlCommand cmd = new SqlCommand(ins2, con))//Create User ID, username, and password
{
cmd.Parameters.AddWithValue("username", sec.Username.ToUpper());
cmd.Parameters.AddWithValue("password", sec.Password);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
//Get the new User's ID
sec.ID = GetUserID(sec.Username, sec.Password);
using (SqlCommand cmd = new SqlCommand(ins, con)) //Create User Info
{
cmd.Parameters.AddWithValue("ID", sec.ID);
cmd.Parameters.AddWithValue("Username", user.Name.ToUpper().Trim());
cmd.Parameters.AddWithValue("dob", user.Dob.ToString());
cmd.Parameters.AddWithValue("email", user.Email);
cmd.Parameters.AddWithValue("phone", user.Phone);
cmd.Parameters.AddWithValue("address", user.Address);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
return(true);
}
public Users GetUserLogin(string username, string password)
{
password = SecureEncrypt.Encrypt(password);
//checks and makes sure that this is a user if not return user id number as -1
bool check = false;
//Get Users ID from password and Username
String selectMethod = "SELECT *" +
"FROM Security " +
"WHERE Username = @name" +
" AND Password = @password;";
//Get Users info by ID
String selectMethod2 = "SELECT * FROM USERS " +
"WHERE ID = @ID;";
//Get connection
SqlConnection connection = new SqlConnection(GetConnectionString());
//New User and Security
Users user = new Users();
SecurityO sec = new SecurityO();
//default error number
sec.ID = -100;
//Take userName to Uppercase
string u = username.ToUpper();
//Input command and connection
SqlCommand command = new SqlCommand(selectMethod, connection);
//add parameters input
command.Parameters.AddWithValue("name", u);
command.Parameters.AddWithValue("password", password.ToString());
//Open connection
connection.Open();
//Execute command
SqlDataReader datareader2 = command.ExecuteReader();
//Read input
while (datareader2.Read())
{
check = true;
sec.ID = Convert.ToInt32(datareader2["ID"].ToString());
sec.Username = username;
sec.Password = password;
}
datareader2.Close();
//Make sure the ID was found. If not found close connection
if (sec.ID > 0)
{
user.Password = SecureEncrypt.Decrypt(sec.Password);
//Input new command
command = new SqlCommand(selectMethod2, connection);
//add parameters
command.Parameters.AddWithValue("ID", sec.ID);
SqlDataReader datareader = command.ExecuteReader();
//Read input of User Info
while (datareader.Read())
{
check = true;
user.Name = datareader["NAME"].ToString();
user.Dob = Convert.ToDateTime(datareader["DOB"].ToString());
user.Email = datareader["Email"].ToString();
user.Phone = datareader["PHONE"].ToString();
user.Address = datareader["ADDRESS"].ToString();
user.Usertype = Convert.ToInt32(datareader["USERTYPE"].ToString());
user.Ban = Convert.ToBoolean(datareader["BAN"]);
user.Id = Convert.ToInt32(datareader["ID"].ToString()); //return the users id
}
datareader.Close();
}
else
{
connection.Close();
user.Id = -1;
return(user);
}
//For performance purposes close now
connection.Close();
if (user.Ban == true)
{
user.Id = -23; //Ban the User
}
if (check == false) //Check failed user either does not exsist or input wrong password.
{
user.Id = -1;
return(user);
}
return(user);
}
