public UserObject ViewUser(string userId, UserObject.UserRole userRole) { try { string sqlSelect = $"SELECT u.[userId], u.[password], u.[roleId], u.[fName], u.[lName], u.[email], u.[phone] FROM user_tbl u WHERE userId = @UserId"; if (userRole != UserObject.UserRole.Instructor || userRole != UserObject.UserRole.Student) { throw new NullReferenceException(); } parameters = new List <ParameterList>(); UserObject user = null; switch (userRole) { case UserObject.UserRole.Instructor: user = new InstructorObject(); break; case UserObject.UserRole.Student: user = new StudentObject(); break; default: break; } parameters.Add(new ParameterList() { Key = "@UserId", Value = userId }); adminDataAccess = new DataAccess(); Task <DataTable> task = Task.Run(() => adminDataAccess.GetDataAsync(sqlSelect, parameters)); user.UserId = task.Result.Columns["userId"].ToString(); user.Password = task.Result.Columns["password"].ToString(); user.userRole = (UserObject.UserRole)Convert.ToInt32(task.Result.Columns["roleId"]); user.FirstName = task.Result.Columns["fName"].ToString(); user.LastName = task.Result.Columns["lName"].ToString(); user.Email = task.Result.Columns["email"].ToString(); user.Phone = task.Result.Columns["phone"].ToString(); if (user == null) { throw new NullReferenceException(); } else { return(user); } } catch (Exception ex) { throw; } }
public UserObject.UserRole Login(string userId, string password, out string errorMsg) { try { //check if username exists //check if password matches //get user role userAccess = new DataAccess(); parameterLists = new List <ParameterList>(); errorMsg = ""; string usernameSql, passwordSql, roleSql; ParameterList usernameParam, roleParam; string usernameTask, passwordTask; DataTable roleTask; usernameSql = "select userId from user_tbl where userId = @UserId"; usernameParam = new ParameterList() { Key = "@UserId", Value = userId }; parameterLists.Add(usernameParam); passwordSql = "select password from user_tbl where userId = @UserId"; usernameTask = (string)userAccess.ExecuteScalar(usernameSql, parameterLists); if (usernameTask != null)//username exists { passwordTask = (string)userAccess.ExecuteScalar(passwordSql, parameterLists); if (passwordTask != null && (password.ToUpper().Equals(passwordTask.ToString().ToUpper())))//password exists and is equal { roleSql = "select roleId, fName + ' ' + lName full_Name from user_tbl where userId = @UserId and password = @Password;"; roleParam = new ParameterList() { Key = "@Password", Value = password }; parameterLists.Add(roleParam); roleTask = userAccess.GetData(roleSql, parameterLists); if (roleTask != null) { isLoginSuccessfull = true; fullName = roleTask.Rows[0].Field <string>("full_Name"); userRole = (UserObject.UserRole)roleTask.Rows[0].Field <int>("roleId"); } else { errorMsg = "An unknown error has occured"; throw new Exception(); } } else { errorMsg = "Incorrect Password"; } } else { errorMsg = "Username does not exist"; } return(userRole); } catch (Exception ex) { throw; } }