//method CheckExistingAccount checks if the email already exist in database public string CheckExistingAccount(string email) { //stored procedure prc_check_existing_account and email parameter is used //to check if the email exist in the database string commandText = "prc_check_existing_account"; SqlParameter[] param = { new SqlParameter("@email", email), }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); //if the ProcessData method of DatabaseHandle class returns empty DataTable //it means that email doesn't exist if (dt.Rows.Count >= 1) { string dbEmail = dt.Rows[0][0].ToString(); return(dbEmail); } else { return(email + " not found in database"); } }
//method ChangeMp, takes old password and changes into the database //once master password is updated //all the account password encrypted by old password will be decrypted //and encrypted again with the new masterpassword public void ChangeMp(string oPwd, string nPwd) { //gets all the accounts from the database string commandText = "prc_get_account"; SqlParameter[] param = { new SqlParameter("user_ID", LoginInfo.UserId) }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); //update master password int uid = LoginInfo.UserId; string encMPwd = StringCipher.Encrypt(nPwd, nPwd); string commandText1 = "prc_update_master_pwd"; SqlParameter[] param1 = { new SqlParameter("user_ID", uid), new SqlParameter("master_pwd", encMPwd) }; DatabaseHandle dbh1 = new DatabaseHandle(); DataTable dt1 = new DataTable(); dt1 = dbh1.ProcessData(commandText1, param1); //update Login Info master password LoginInfo.MasterPwd = nPwd; //Update all the Account passwords int rows = dt.Rows.Count; int[] testArray = new int[rows]; string commandText2 = "prc_update_acccount_pwd"; foreach (DataRow dr in dt.Rows) { int id = int.Parse(dr["account_ID"].ToString()); string tempPassword = (dr["password"].ToString()); string plainPwd = StringCipher.Decrypt(tempPassword, oPwd); string encPwd = StringCipher.Encrypt(plainPwd, nPwd); SqlParameter[] param2 = { new SqlParameter("account_ID", id), new SqlParameter("password", encPwd) }; DatabaseHandle dbh2 = new DatabaseHandle(); DataTable dt2 = new DataTable(); dt2 = dbh2.ProcessData(commandText2, param2); } }
//passes the accountID that is being deleted to the DatabaseHandle class //Deletes the password from the database //Stored Procedure to delete password is passed to the DatabaseHandle class public void DeletePassword(int accountID) { string commandText = "prc_del_accountpwd"; SqlParameter[] param = { new SqlParameter("account_ID", accountID) }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); }
//passes the accountID that is being Edited to the DatabaseHandle class //Updates the password to the database //Stored Procedure to Edit password is passed to the DatabaseHandle class public void EditPassword(int accountID, string passCode) { string commandText = "prc_edit_accountpwd"; SqlParameter[] param = { new SqlParameter("account_ID", accountID), new SqlParameter("password", passCode) }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); }
//method that saves the login account to the database using //ProcessData method of class DatabaseHandle passing parameter //prc_add_user stored procedure and encrypted master password. public string SaveAccountToDB(string email, string masterPwd) { string commandText = "prc_add_user"; SqlParameter[] param = { new SqlParameter("@email", email), new SqlParameter("@master_pwd", masterPwd), }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); return("Account Added to Database Successfully"); }
//Loads the Datagrid in home window after user sucessfully logs in public void LoadDataDataGrid() { //passes parameter of stored procedure and user_ID to class DatabaseHandle //executes the SQL command in stored proc //If stored proc is to only write on database empty datatable is returned int userID = LoginInfo.UserId; string commandText = "prc_get_Account"; SqlParameter[] param = { new SqlParameter("user_ID", userID) }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); dtaGridAccount.ItemsSource = dt.DefaultView; }
//Method TextSearch filters the data using SQL command through stored procedure //the filtered result is passed to the datagrid display defaultview //method ProcessData in DatabaseHandle class filters the result using SQL command using stored proc public void TextSearch() { int userID = LoginInfo.UserId; string commandText = "prc_get_account_search"; SqlParameter[] param = { new SqlParameter("user_ID", userID), new SqlParameter("search_text", txtSearchBox.Text.ToString()) }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); string dataTableAccounts = dt.Rows[0][0].ToString(); dtaGridAccount.ItemsSource = dt.DefaultView; }
//GetDbPwd method gets the password stored in the database //prc_get_accountpwd and sql parameter is passed to ProcessData method of class DatabaseHandle //If database query returns the password, it is validated against user typed password //If the database return empty datable meaning no password found for provied email private string GetDbPwd(string email) { string commandText = "prc_get_accountpwd"; SqlParameter[] param = { new SqlParameter("email", email) }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); //If query returns at least one row if (dt.Rows.Count >= 1) { try { string txt_mp = txtMasterPwd.Password.ToString(); string encrypted_mp = dt.Rows[0][1].ToString(); //encrypted master password //stores masterpassword, userId and email to the parameters in LoginInfo class LoginInfo.MasterPwd = StringCipher.Decrypt(encrypted_mp, txt_mp); LoginInfo.UserId = int.Parse(dt.Rows[0][0].ToString()); LoginInfo.Email = txtEmail.Text.ToString(); return(LoginInfo.MasterPwd); } catch { return("Incorrect Password"); } } //if empty datatable is returned the provided email didn't have any password else { return("No password found for provided email"); } }
//Saves username and password to the database //calls ProcessData method of class DatabaseHandle //Procedure prc_add_pwd and sql parameter is passed to ProcessData of class DatabaseHandle //password provided by the user is encrypted before saving to database //using Encrypt method of StringCipher class public void AddPasswordDb() { string accountName = txtAccountName.Text.ToString(); string userName = txtUsrName.Text.ToString(); string password = txtPwd.Password.ToString(); string encryptedPassword = StringCipher.Encrypt(password, LoginInfo.MasterPwd); string notes = txtNote.Text.ToString(); var date = DateTime.Now.ToString("yyyy/MM/dd"); string commandText = "prc_add_pwd"; SqlParameter[] param = { new SqlParameter("@account_name", accountName), new SqlParameter("@user_ID", LoginInfo.UserId), new SqlParameter("@username", userName), new SqlParameter("@password", encryptedPassword), new SqlParameter("@notes", notes), }; DatabaseHandle dbh = new DatabaseHandle(); DataTable dt = new DataTable(); dt = dbh.ProcessData(commandText, param); }