public static Result RegisterUser(Class.User u) { Result res = new Result(); try { PasswordHandling pw = new PasswordHandling(); pw.hashPassword(u.Password); using (MySqlConnection conn = DataAccessBase.GetConnection()) { conn.Open(); MySqlCommand command = new MySqlCommand("RegisterUser", conn); command.CommandType = System.Data.CommandType.StoredProcedure; command.Parameters.AddWithValue("Name", u.Name); command.Parameters.AddWithValue("Surname", u.Surname); command.Parameters.AddWithValue("title_Id", u.titleId); command.Parameters.AddWithValue("Password", pw.getHashedPassword()); command.Parameters.AddWithValue("Salt", pw.getSalt()); command.Parameters.AddWithValue("username", u.Username); command.Parameters.AddWithValue("Email", u.Email); command.Parameters.AddWithValue("Type", u.Type); command.Parameters.AddWithValue("YearOfExperience", u.YearsOfExperience); command.Parameters.AddWithValue("DateInsert", u.DateInsert); command.ExecuteNonQuery(); res.result = true; } } catch (Exception ex) { res.result = false; res.Message = ex.Message; } return(res); }
public static Result UpdateProfileView(long iduser, Class.User user) { Result res = new Result(); PasswordHandling newPassword = new PasswordHandling(); newPassword.generateSalt(); newPassword.hashPassword(user.Password); try { using (MySqlConnection conn = DataAccessBase.GetConnection()) { conn.Open(); MySqlCommand command = new MySqlCommand("UpdateProfileView", conn); command.CommandType = System.Data.CommandType.StoredProcedure; command.Parameters.AddWithValue("name", user.Name); command.Parameters.AddWithValue("Surname", user.Surname); command.Parameters.AddWithValue("PW", newPassword.getHashedPassword()); command.Parameters.AddWithValue("Salt", newPassword.getSalt()); command.Parameters.AddWithValue("username", user.Username); command.Parameters.AddWithValue("Email", user.Email); command.Parameters.AddWithValue("iduser", iduser); command.ExecuteNonQuery(); res.result = true; } } catch (Exception ex) { res.result = false; res.Message = ex.Message; } return(res); }
public static Result ChangePasswordUser(string mail) { Result res = new Result(); PasswordHandling newPassword = new PasswordHandling(); newPassword.salt_length = 10; newPassword.generateSalt(); string password = newPassword.getSalt(); newPassword.generateSalt(); newPassword.hashPassword(password); string dbEmail = "mail address not in db"; string username = "******"; try { using (MySqlConnection conn = DataAccessBase.GetConnection()) { conn.Open(); MySqlCommand command = new MySqlCommand("ChangePassword", conn); command.CommandType = System.Data.CommandType.StoredProcedure; command.Parameters.AddWithValue("PW", newPassword.getHashedPassword()); command.Parameters.AddWithValue("salt", newPassword.getSalt()); command.Parameters.AddWithValue("Email", mail.Trim()); using (MySqlDataReader reader = command.ExecuteReader()) { while (reader.Read()) { if (reader["email"] != DBNull.Value) { dbEmail = reader.GetString(0); } else { dbEmail = "mail address not in db"; } } } res.result = true; } } catch (Exception ex) { res.result = false; res.Message = ex.Message; } if (res.result) // if password has been successfully changed, send an email to user { if (mail == dbEmail) { string salutation = "Sir / Madam"; try { using (MySqlConnection conn = DataAccessBase.GetConnection()) { conn.Open(); MySqlCommand command = new MySqlCommand("getUserWithEmail", conn); command.CommandType = System.Data.CommandType.StoredProcedure; command.Parameters.AddWithValue("in_email", mail); using (MySqlDataReader reader = command.ExecuteReader()) { while (reader.Read()) { if (reader["Title"] != DBNull.Value) { salutation = reader.GetString(0) + " "; } if (reader["surname"] != DBNull.Value) { salutation += reader.GetString(1); } username = reader.GetString(2); } } } }catch (Exception) {} List <string> message = Constant.changePasswordMail(salutation, password, username); MyEmail notification = new MyEmail(); // notification.email.Bcc.Add(notification.sender); // send a copy of the mail to the email address of the admin notification.sendEmail(mail, message[0], message[1]); } else { } } return(res); }