/// <summary> /// Gets the user's ID from the security table and returns it for the Users table /// </summary> /// <param name="username">User's username</param> /// <param name="password">User's password</param> /// <returns></returns> private static int GetUserID(string username, string password) { //checks and makes sure that this is a user if not return user id number as -1 bool check = false; //Get Users ID from password and Username String selectMethod = "SELECT *" + "FROM Security " + "WHERE Username = @name" + " AND password = @password;"; //Get connection SqlConnection connection = new SqlConnection(GetConnectionString()); //New User and Security Users user = new Users(); SecurityO sec = new SecurityO(); //To know something is wrong sec.ID = -100; //Take userName to Uppercase string u = username.ToUpper(); //Input command and connection SqlCommand command = new SqlCommand(selectMethod, connection); //add parameters input command.Parameters.AddWithValue("name", u); command.Parameters.AddWithValue("password", password.ToString()); //Open connection connection.Open(); //Execute command SqlDataReader datareader2 = command.ExecuteReader(); //Read input while (datareader2.Read()) { check = true; sec.ID = Convert.ToInt32(datareader2["ID"].ToString()); sec.Username = username; sec.Password = password; } datareader2.Close(); //For performance purposes close now connection.Close(); if (check == false) //Check failed user either does not exsist or input wrong password. { sec.ID = -1; return(sec.ID); } return(sec.ID); }
public static bool CreateUserAccount(Users user, SecurityO sec) { string ins = "INSERT INTO USERS " + " (ID, Name, DOB, email, phone, address) " + " Values (@ID, @Username, @dob, @email, @phone, @address);"; string ins2 = "INSERT INTO Security " + " (username, password) " + " Values (@username, @password);"; //+ user.Name + ", " + user.Dob + ", " + user.Email + ", " + //user.Phone + ", " + user.Address + ", " + "0" + ", false;"; //Checks if there is a user already if so return false sec.Password = SecureEncrypt.Encrypt(sec.Password); int userCheck = GetUserID(sec.Username, sec.Password); if (userCheck >= 0) //find out if there is already a user with that username ad password { return(false); } using (SqlConnection con = new SqlConnection(GetConnectionString())) { using (SqlCommand cmd = new SqlCommand(ins2, con))//Create User ID, username, and password { cmd.Parameters.AddWithValue("username", sec.Username.ToUpper()); cmd.Parameters.AddWithValue("password", sec.Password); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } //Get the new User's ID sec.ID = GetUserID(sec.Username, sec.Password); using (SqlCommand cmd = new SqlCommand(ins, con)) //Create User Info { cmd.Parameters.AddWithValue("ID", sec.ID); cmd.Parameters.AddWithValue("Username", user.Name.ToUpper().Trim()); cmd.Parameters.AddWithValue("dob", user.Dob.ToString()); cmd.Parameters.AddWithValue("email", user.Email); cmd.Parameters.AddWithValue("phone", user.Phone); cmd.Parameters.AddWithValue("address", user.Address); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } return(true); }
public Users GetUserLogin(string username, string password) { password = SecureEncrypt.Encrypt(password); //checks and makes sure that this is a user if not return user id number as -1 bool check = false; //Get Users ID from password and Username String selectMethod = "SELECT *" + "FROM Security " + "WHERE Username = @name" + " AND Password = @password;"; //Get Users info by ID String selectMethod2 = "SELECT * FROM USERS " + "WHERE ID = @ID;"; //Get connection SqlConnection connection = new SqlConnection(GetConnectionString()); //New User and Security Users user = new Users(); SecurityO sec = new SecurityO(); //default error number sec.ID = -100; //Take userName to Uppercase string u = username.ToUpper(); //Input command and connection SqlCommand command = new SqlCommand(selectMethod, connection); //add parameters input command.Parameters.AddWithValue("name", u); command.Parameters.AddWithValue("password", password.ToString()); //Open connection connection.Open(); //Execute command SqlDataReader datareader2 = command.ExecuteReader(); //Read input while (datareader2.Read()) { check = true; sec.ID = Convert.ToInt32(datareader2["ID"].ToString()); sec.Username = username; sec.Password = password; } datareader2.Close(); //Make sure the ID was found. If not found close connection if (sec.ID > 0) { user.Password = SecureEncrypt.Decrypt(sec.Password); //Input new command command = new SqlCommand(selectMethod2, connection); //add parameters command.Parameters.AddWithValue("ID", sec.ID); SqlDataReader datareader = command.ExecuteReader(); //Read input of User Info while (datareader.Read()) { check = true; user.Name = datareader["NAME"].ToString(); user.Dob = Convert.ToDateTime(datareader["DOB"].ToString()); user.Email = datareader["Email"].ToString(); user.Phone = datareader["PHONE"].ToString(); user.Address = datareader["ADDRESS"].ToString(); user.Usertype = Convert.ToInt32(datareader["USERTYPE"].ToString()); user.Ban = Convert.ToBoolean(datareader["BAN"]); user.Id = Convert.ToInt32(datareader["ID"].ToString()); //return the users id } datareader.Close(); } else { connection.Close(); user.Id = -1; return(user); } //For performance purposes close now connection.Close(); if (user.Ban == true) { user.Id = -23; //Ban the User } if (check == false) //Check failed user either does not exsist or input wrong password. { user.Id = -1; return(user); } return(user); }
public ActionResult NewUser(FormCollection form, Users userss) { var response = Request["g-recaptcha-response"]; string secretKey = "6LcH-TQUAAAAAPKXLLGq65vU3yo06BZ2FgGyiWxs"; var client = new WebClient(); var result = client.DownloadString(string.Format("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}", secretKey, response)); var obj = JObject.Parse(result); var status = (bool)obj.SelectToken("success"); //ViewBag.Message = status ? "Google reCaptcha validation success" : "Google reCaptcha validation failed"; ViewData["loginModal"] = -100; Users users = new Users(); bool agreed = form["agree"].Equals("on"); if (status && agreed) { //New user db Access function users.Name = form["Username"].ToString(); users.Email = form["Email"].ToString(); users.Phone = form["Phone"].ToString(); users.Address = form["Address"].ToString(); users.Password = form["Password"].ToString(); users.Repassword = form["RepeatPassword"].ToString(); users.Dob = System.Convert.ToDateTime(form["DOB"].ToString()); users.Rememberme = userss.Rememberme; //Check user input if (inputValidation.UserInputValidation(users) && inputValidation.UserInputValidation(userss)) { SecurityO sec = new SecurityO(); sec.Username = users.Name; sec.Password = users.Password; UserDBAccess db = new UserDBAccess(); //Create user in Database bool correct = UserDBAccess.CreateUserAccount(users, sec); if (correct) { SessionVariables.UserData = users; //get users id by name users = db.GetUserInfoByName(users.Name); //set agreed UsersDatabaseEntities entities = new UsersDatabaseEntities(); entities.AgreeToTermsOfUse(users.Id); } else { ModelState.AddModelError("Username", "Username Already exists"); ViewData["LoginFail"] = "Name Already exists"; return(RedirectToAction("Login", ViewData)); } } else { ModelState.AddModelError("Username", "You input an invalid character into the text box"); } } //Default return(RedirectToAction("Login", users)); }