/// <summary>
/// Used to authenticate the user credentials before accessing the main interface of the application
/// </summary>
/// <param name="username">Username of the user</param>
/// <param name="password">Password of the user</param>
/// <returns>returns the account id of the authenticated user</returns>
public int LoginAccount(string username, string password)
{
try
{
using (SqlConnection connection = new SqlConnection(conStr))
{
using (SqlCommand command = new SqlCommand("spLoginAccount", connection))
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("username", SqlDbType.VarChar, 99).Value = DBConvert.From(username);
command.Parameters.Add("password", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(password));
connection.Open();
return((int)command.ExecuteScalar()); //returns id of user
}
}
}
catch
{
return(-1);
}
}
/// <summary>
/// Used to add a new user account after successfull registration
/// </summary>
/// <param name="account">Account object which contains the supplied information by the user</param>
/// <returns>Returns integer value -69 if username exists, -70 if email exists, -1 if failed, and 1 if success</returns>
public int AddAccount(Account account)
{
try
{
using (SqlConnection connection = new SqlConnection(conStr))
{
using (SqlCommand command = new SqlCommand("spAddAccount", connection))
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("firstname", SqlDbType.VarChar, 99).Value = DBConvert.From(account.FirstName);
command.Parameters.Add("lastname", SqlDbType.VarChar, 99).Value = DBConvert.From(account.LastName);
command.Parameters.Add("birthday", SqlDbType.Date).Value = DBConvert.From(account.Birthday);
command.Parameters.Add("email", SqlDbType.VarChar, 99).Value = DBConvert.From(account.Email);
command.Parameters.Add("username", SqlDbType.VarChar, 99).Value = DBConvert.From(account.Username);
command.Parameters.Add("password", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(account.Password));
connection.Open();
return((int)command.ExecuteScalar());
}
}
}
catch
{
return(-1);
}
}
/// <summary>
/// Used to update the user's account password
/// </summary>
/// <param name="account_id">ID assigned to the user's account</param>
/// <param name="old_password">Current password of the user</param>
/// <param name="new_password">New password supplied by the user</param>
/// <returns>returns positive integer if success otherwise failed</returns>
public int UpdateAccountPassword(int account_id, string old_password, string new_password)
{
try
{
using (SqlConnection connection = new SqlConnection(conStr))
{
using (SqlCommand command = new SqlCommand("spUpdateAccountPassword", connection))
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("account_id", SqlDbType.Int).Value = DBConvert.From(account_id);
command.Parameters.Add("oldPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(old_password));
command.Parameters.Add("newPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(new_password));
connection.Open();
return((int)command.ExecuteScalar());
}
}
}
catch
{
return(-1);
}
}
