Exemplo n.º 1
0
        public ActionResult Profile(string username, string email, string password, string confirmPassword, string firstname, string lastname)
        {
            try
            {
                UserHasAccess(Models.Content.Profile);
                User user = new User();
                // TODO: validation messages username, email and password
                if (string.IsNullOrEmpty(username))
                    return View(_data.GetCurrentUser(UserID.Value));

                if (string.IsNullOrEmpty(email))
                    return View(_data.GetCurrentUser(UserID.Value));

                user.ID = UserID;
                user.Username = username;
                user.Email = email;
                user.FirstName = firstname;
                user.LastName = lastname;

                if (!string.IsNullOrEmpty(password) && password == confirmPassword)
                    user.Password = password;

                _data.UpsertUser(user);
            }
            catch (Exception ex)
            {
                ErrorLog.WriteError("Account Profile", ex.Message);
                ViewBag.ErrorMessage = GenericErrorMessage;
            }
            ViewBag.ErrorMessage = "<span style='color: green'>Success!</span>";
            return View(_data.GetCurrentUser(UserID.Value));
        }
Exemplo n.º 2
0
        public int? LoginUser(User user)
        {
            int userId;
            using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["IYFD"].ToString()))
            {
                connection.Open();
                using (SqlCommand cmd = new SqlCommand("dbo.LogonUser", connection))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@username", user.Username);
                    cmd.Parameters.AddWithValue("@password", Encrypt(user.Password));

                    using (SqlDataReader reader = cmd.ExecuteReader())
                    {
                        if (reader.Read())
                        {
                            if (int.TryParse(reader["ID"].ToString(), out userId))
                                return userId;
                        }
                    }
                }
            }
            return null;
        }
Exemplo n.º 3
0
        public int? UpsertUser(User user)
        {
            int userId;
            using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["IYFD"].ToString()))
            {
                connection.Open();
                using (SqlCommand cmd = new SqlCommand("dbo.UpsertUser", connection))
                {
                    if (user.ID.HasValue && user.ID.Value > 0)
                        cmd.Parameters.AddWithValue("@ID", user.ID.Value);

                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@username", user.Username);
                    cmd.Parameters.AddWithValue("@firstname", user.FirstName);
                    cmd.Parameters.AddWithValue("@lastname", user.LastName);
                    if(!string.IsNullOrEmpty(user.Password))
                        cmd.Parameters.AddWithValue("@password", Encrypt(user.Password));
                    cmd.Parameters.AddWithValue("@email", user.Email);
                    cmd.Parameters.AddWithValue("@active", user.Active);

                    using (SqlDataReader reader = cmd.ExecuteReader())
                    {
                        if (reader.Read())
                        {
                            if (int.TryParse(reader["ID"].ToString(), out userId))
                                return userId;
                        }
                    }
                }
            }
            return null;
        }