//method CheckExistingAccount checks if the email already exist in database
        public string CheckExistingAccount(string email)
        {
            //stored procedure prc_check_existing_account and email parameter is used
            //to check if the email exist in the database
            string commandText = "prc_check_existing_account";

            SqlParameter[] param =
            {
                new SqlParameter("@email", email),
            };

            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);
            //if the ProcessData method of DatabaseHandle class returns empty DataTable
            //it means that email doesn't exist
            if (dt.Rows.Count >= 1)
            {
                string dbEmail = dt.Rows[0][0].ToString();

                return(dbEmail);
            }
            else
            {
                return(email + " not found in database");
            }
        }
        //method ChangeMp, takes old password and changes into the database
        //once master password is updated
        //all the account password encrypted by old password will be decrypted
        //and encrypted again with the new masterpassword
        public void ChangeMp(string oPwd, string nPwd)
        {
            //gets all the accounts from the database
            string commandText = "prc_get_account";

            SqlParameter[] param =
            {
                new SqlParameter("user_ID", LoginInfo.UserId)
            };

            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);

            //update master password
            int    uid          = LoginInfo.UserId;
            string encMPwd      = StringCipher.Encrypt(nPwd, nPwd);
            string commandText1 = "prc_update_master_pwd";

            SqlParameter[] param1 =
            {
                new SqlParameter("user_ID",    uid),
                new SqlParameter("master_pwd", encMPwd)
            };
            DatabaseHandle dbh1 = new DatabaseHandle();
            DataTable      dt1  = new DataTable();

            dt1 = dbh1.ProcessData(commandText1, param1);
            //update Login Info master password
            LoginInfo.MasterPwd = nPwd;

            //Update all the Account passwords
            int rows = dt.Rows.Count;

            int[]  testArray    = new int[rows];
            string commandText2 = "prc_update_acccount_pwd";

            foreach (DataRow dr in dt.Rows)
            {
                int    id           = int.Parse(dr["account_ID"].ToString());
                string tempPassword = (dr["password"].ToString());
                string plainPwd     = StringCipher.Decrypt(tempPassword, oPwd);
                string encPwd       = StringCipher.Encrypt(plainPwd, nPwd);

                SqlParameter[] param2 =
                {
                    new SqlParameter("account_ID", id),
                    new SqlParameter("password",   encPwd)
                };
                DatabaseHandle dbh2 = new DatabaseHandle();
                DataTable      dt2  = new DataTable();
                dt2 = dbh2.ProcessData(commandText2, param2);
            }
        }
        //passes the accountID that is being deleted to the DatabaseHandle class
        //Deletes the password from the database
        //Stored Procedure to delete password is passed to the DatabaseHandle class
        public void DeletePassword(int accountID)
        {
            string commandText = "prc_del_accountpwd";

            SqlParameter[] param =
            {
                new SqlParameter("account_ID", accountID)
            };
            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);
        }
        //passes the accountID that is being Edited to the DatabaseHandle class
        //Updates the password to the database
        //Stored Procedure to Edit password is passed to the DatabaseHandle class
        public void EditPassword(int accountID, string passCode)
        {
            string commandText = "prc_edit_accountpwd";

            SqlParameter[] param =
            {
                new SqlParameter("account_ID", accountID),
                new SqlParameter("password",   passCode)
            };

            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);
        }
        //method that saves the login account to the database using
        //ProcessData method of class DatabaseHandle passing parameter
        //prc_add_user stored procedure and encrypted master password.
        public string SaveAccountToDB(string email, string masterPwd)
        {
            string commandText = "prc_add_user";

            SqlParameter[] param =
            {
                new SqlParameter("@email",      email),
                new SqlParameter("@master_pwd", masterPwd),
            };
            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);

            return("Account Added to Database Successfully");
        }
        //Loads the Datagrid in home window after user sucessfully logs in
        public void LoadDataDataGrid()
        {
            //passes parameter of stored procedure and user_ID to class DatabaseHandle
            //executes the SQL command in stored proc
            //If stored proc is to only write on database empty datatable is returned
            int    userID      = LoginInfo.UserId;
            string commandText = "prc_get_Account";

            SqlParameter[] param =
            {
                new SqlParameter("user_ID", userID)
            };
            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);
            dtaGridAccount.ItemsSource = dt.DefaultView;
        }
        //Method TextSearch filters the data using SQL command through stored procedure
        //the filtered result is passed to the datagrid display defaultview
        //method ProcessData in DatabaseHandle class filters the result using SQL command using stored proc
        public void TextSearch()
        {
            int userID = LoginInfo.UserId;

            string commandText = "prc_get_account_search";

            SqlParameter[] param =
            {
                new SqlParameter("user_ID",     userID),
                new SqlParameter("search_text", txtSearchBox.Text.ToString())
            };
            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);
            string dataTableAccounts = dt.Rows[0][0].ToString();

            dtaGridAccount.ItemsSource = dt.DefaultView;
        }
        //GetDbPwd method gets the password stored in the database
        //prc_get_accountpwd and sql parameter is passed to ProcessData method of class DatabaseHandle
        //If database query returns the password, it is validated against user typed password
        //If the database return empty datable meaning no password found for provied email
        private string GetDbPwd(string email)
        {
            string commandText = "prc_get_accountpwd";

            SqlParameter[] param =
            {
                new SqlParameter("email", email)
            };

            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);

            //If query returns at least one row
            if (dt.Rows.Count >= 1)
            {
                try
                {
                    string txt_mp       = txtMasterPwd.Password.ToString();
                    string encrypted_mp = dt.Rows[0][1].ToString();     //encrypted master password

                    //stores masterpassword, userId and email to the parameters in LoginInfo class
                    LoginInfo.MasterPwd = StringCipher.Decrypt(encrypted_mp, txt_mp);
                    LoginInfo.UserId    = int.Parse(dt.Rows[0][0].ToString());
                    LoginInfo.Email     = txtEmail.Text.ToString();

                    return(LoginInfo.MasterPwd);
                }
                catch
                {
                    return("Incorrect Password");
                }
            }
            //if empty datatable is returned the provided email didn't have any password
            else
            {
                return("No password found for provided email");
            }
        }
Exemplo n.º 9
0
        //Saves username and password to the database
        //calls ProcessData method of class DatabaseHandle
        //Procedure prc_add_pwd and sql parameter is passed to ProcessData of class DatabaseHandle
        //password provided by the user is encrypted before saving to database
        //using Encrypt method of StringCipher class
        public void AddPasswordDb()
        {
            string accountName       = txtAccountName.Text.ToString();
            string userName          = txtUsrName.Text.ToString();
            string password          = txtPwd.Password.ToString();
            string encryptedPassword = StringCipher.Encrypt(password, LoginInfo.MasterPwd);
            string notes             = txtNote.Text.ToString();
            var    date = DateTime.Now.ToString("yyyy/MM/dd");

            string commandText = "prc_add_pwd";

            SqlParameter[] param =
            {
                new SqlParameter("@account_name", accountName),
                new SqlParameter("@user_ID",      LoginInfo.UserId),
                new SqlParameter("@username",     userName),
                new SqlParameter("@password",     encryptedPassword),
                new SqlParameter("@notes",        notes),
            };
            DatabaseHandle dbh = new DatabaseHandle();
            DataTable      dt  = new DataTable();

            dt = dbh.ProcessData(commandText, param);
        }