/// <summary>
/// Constructor
/// </summary>
public PersonAccess()
{
myDBManager = new DBManager();
}
/// <summary>
/// Validate login of a user
/// <param name="username">User Name of the person</param>
/// <param name="password">Password of the person</param>
/// </summary>
public override bool ValidateUser(string username, string password)
{
bool ok = false;
DBManager dbmanager = new DBManager();
int pk_person = -1;
string query = "SELECT pk_person FROM Person WHERE Person.login = @login AND Person.password = HASHBYTES('MD5', @pass)";
SqlConnection connection = dbmanager.newConnection();
connection.Open();
SqlTransaction transaction = connection.BeginTransaction(IsolationLevel.ReadCommitted, "Login");
List<SqlParameter> param = new List<SqlParameter>();
SqlParameter loginParam = new SqlParameter("@login", username);
loginParam.SqlDbType = SqlDbType.VarChar;
SqlParameter passParam = new SqlParameter("@pass", password);
passParam.SqlDbType = SqlDbType.VarChar;
param.Add(loginParam);
param.Add(passParam);
object o = dbmanager.doSelectScalar(query, connection, transaction, param);
connection.Close();
if (o != null && !DBNull.Value.Equals(o))
{
pk_person = (int)o;
}
if (pk_person != -1)
{
ok = true;
int roleID = -1;
string query_role = "SELECT role FROM Person WHERE pk_person = @pk_person;";
SqlConnection connection_role = dbmanager.newConnection();
connection_role.Open();
SqlTransaction transaction_role = connection_role.BeginTransaction(IsolationLevel.ReadCommitted, "getTypePerson");
Dictionary<string, object> param_role = new Dictionary<string, object>();
param_role.Add("@pk_person", pk_person);
object o_role = dbmanager.doSelectScalar(query_role, connection_role, transaction_role, param_role);
connection_role.Close();
if (!DBNull.Value.Equals(o_role) && o_role != null)
{
roleID = (int)o_role;
}
else
{
ok = false;
}
// add user in role if not in
if (roleID == 1)
{
if (!Roles.RoleExists("student"))
{
Roles.CreateRole("student");
}
if(!Roles.IsUserInRole(username, "student"))
{
Roles.AddUserToRole(username, "student");
}
}
else
{
if (!Roles.RoleExists("professor"))
{
Roles.CreateRole("professor");
}
if (!Roles.IsUserInRole(username, "professor"))
{
Roles.AddUserToRole(username, "professor");
}
}
user = new MemberShipPIUser(pk_person, username, true);
}
return ok;
}
/// <summary>
/// Constructor
/// </summary>
public TechnologyAccess()
{
myDBManager = new DBManager();
}