public ActionResult CheckSecurityAnswer(ASFUser user)
{
Dictionary<string, object> dict = new Dictionary<string, object>();
try
{
dict["success"] = service.CheckSecurityAnswer(user.Username, user.Member.SecurityAnswer);
}
catch
{
dict["success"] = false;
}
return Json(dict);
}
public PatientInformation()
{
_student = new ASFUser();
_clinician = new ASFUser();
_procedure = new DropdownValue();
_temperament = new DropdownValue();
_preOperationPainAssessment = new DropdownValue();
_postOperationPainAssessment = new DropdownValue();
_ageInMonths = -1;
_ageInYears = -1;
_cageOrStallNumber = -1;
_dateSeenOn = DateTime.Now;
}
public bool ChangePassword(ASFUser user, string oldpassword, string newPassword)
{
if (service.CheckPassword(user.Username, oldpassword))
{
user.Member.Password = newPassword;
user.Member.Username = user.Username;
service.UpdateMembershipPassword(user.Member);
return true;
}
else
{
return false;
}
}
public ActionResult ChangeForgottenPassword(ASFUser user)
{
Dictionary<string, object> dict = new Dictionary<string, object>();
try
{
user.Member.Password = PasswordHash.CreateHash(user.Member.Password);
service.ChangeForgottenPassword(user);
dict["success"] = true;
}
catch
{
dict["success"] = false;
}
return Json(dict);
}
public ActionResult ChangePassword(ASFUser user)
{
Dictionary<string, object> dict = new Dictionary<string, object>();
try
{
user.Member.Password = PasswordHash.CreateHash(user.Member.Password);
if (service.ChangePassword(user, user.Member.OldPassword, user.Member.Password))
{
dict["success"] = true;
}
else
{
dict["success"] = false;
}
}
catch
{
dict["success"] = false;
}
return Json(dict);
}
public ActionResult PromoteUser(ASFUser user)
{
Dictionary<string, object> dict = new Dictionary<string, object>();
try
{
service.Promote(user);
dict["success"] = true;
}
catch
{
dict["success"] = false;
}
return Json(dict);
}
public ActionResult GetUserForms(ASFUser user)
{
Dictionary<string, object> dict = new Dictionary<string, object>();
try
{
dict["Forms"] = service.GetForms(user);
dict["success"] = true;
}
catch
{
dict["success"] = false;
}
return Json(dict);
}
public ActionResult GetSecurityQuestion(ASFUser user)
{
Dictionary<string, object> dict = new Dictionary<string, object>();
try
{
dict["securityQuestion"] = service.GetSecurityQuestion(user.Username);
dict["success"] = true;
}
catch
{
dict["success"] = false;
}
return Json(dict);
}
public List<Patient> GetForms(ASFUser user)
{
return service.GetForms(user);
}
public bool CreateASFUser(ASFUser user)
{
service.CreateMembership(user.Member);
return service.CreateASFUser(user);
}
public void Demote(ASFUser user)
{
service.Demote(user);
}
public int Promote(ASFUser user)
{
int returnNum = 0;
using (SqlConnection conn = new SqlConnection(connString))
{
string sql = @"UPDATE dbo.ASF_User SET
IsAdmin = @IsAdmin
WHERE
Username = @Username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.NVarChar).Value = user.Username;
cmd.Parameters.Add("@IsAdmin", SqlDbType.Bit).Value = 1;
try
{
conn.Open();
returnNum = cmd.ExecuteNonQuery();
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
return returnNum;
}
public void SaveASFUser(ASFUser user)
{
service.UpdateASFUser(user);
}
public void ChangeForgottenPassword(ASFUser user)
{
service.UpdateForgottenPassword(user.Username, user.Member.Password);
}
public void Promote(ASFUser user)
{
service.Promote(user);
}
public bool CreateASFUser(ASFUser user)
{
bool val = false;
using (SqlConnection conn = new SqlConnection(connString))
{
string sql = @"INSERT INTO dbo.ASF_User (
Username, FullName, Email, IsAdmin
) VALUES (
@Username, @FullName, @Email, @IsAdmin
)";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.NVarChar).Value = user.Username;
if (user.FullName == null)
cmd.Parameters.Add("@FullName", SqlDbType.NVarChar).Value = DBNull.Value;
else
cmd.Parameters.Add("@FullName", SqlDbType.NVarChar).Value = user.FullName;
if (user.EmailAddress == null)
cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = DBNull.Value;
else
cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = user.EmailAddress;
cmd.Parameters.Add("@IsAdmin", SqlDbType.Bit).Value = 0;
try
{
conn.Open();
if (cmd.ExecuteNonQuery() > 0)
val = true;
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
return val;
}
public void UpdateASFUser(ASFUser user)
{
using (SqlConnection conn = new SqlConnection(connString))
{
string sql = @"UPDATE dbo.ASF_User SET
FullName = @FullName, Email = @Email
WHERE
Username = @Username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.NVarChar).Value = user.Username;
if (user.FullName == null)
cmd.Parameters.Add("@FullName", SqlDbType.NVarChar).Value = DBNull.Value;
else
cmd.Parameters.Add("@FullName", SqlDbType.NVarChar).Value = user.FullName;
if (user.EmailAddress == null)
cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = DBNull.Value;
else
cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = user.EmailAddress;
try
{
conn.Open();
cmd.ExecuteNonQuery();
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
}
public ActionResult RegisterUser(ASFUser user)
{
Dictionary<string, object> dict = new Dictionary<string, object>();
try
{
user.Member.Password = PasswordHash.CreateHash(user.Member.Password);
dict["success"] = service.CreateASFUser(user);
}
catch
{
dict["success"] = false;
}
return Json(dict);
}
public List<Patient> GetPatientWithUserId(ASFUser user)
{
List<Patient> pats = new List<Patient>();
using (SqlConnection conn = new SqlConnection(connString))
{
string sql = @"SELECT PatientId FROM dbo.Patient WHERE StudentId = @StudentId";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@StudentId", SqlDbType.NVarChar).Value = user.Username;
try
{
conn.Open();
SqlDataReader read = cmd.ExecuteReader();
while (read.Read())
{
Patient pat = new Patient();
pat.PatientId = Convert.ToInt32(read["PatientId"].ToString());
pats.Add(pat);
}
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
return pats;
}
public void DeleteASFUser(ASFUser user)
{
using (SqlConnection conn = new SqlConnection(connString))
{
string sql = @"DELETE FROM dbo.ASF_User
WHERE
Username = @Username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.NVarChar).Value = user.Username;
try
{
conn.Open();
cmd.ExecuteNonQuery();
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
}
public ASFUser GetUser(MembershipInfo user)
{
ASFUser singleUser = new ASFUser();
using (SqlConnection conn = new SqlConnection(connString))
{
// If user has correct password, then select user database
string sql = BuildASFUserSQL() + ", b.Password ";
string fromUser = @"FROM dbo.ASF_User AS a INNER JOIN dbo.aspnet_Membership as b ON a.Username = b.Username ";
string whereUser = @"WHERE a.Username = @Username";
sql = sql + fromUser + whereUser;
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.NVarChar).Value = user.Username;
try
{
conn.Open();
SqlDataReader read = cmd.ExecuteReader();
while (read.Read())
{
singleUser = new ASFUserCallback().ProcessRow(read);
singleUser.Member.Password = read["Password"].ToString() ;
}
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
return singleUser;
}
public void DeleteASFUser(ASFUser user)
{
List<Patient> pats = service.GetPatientWithUserId(user);
foreach (Patient pat in pats)
{
DeletePatient(pat);
}
user.Member.Username = user.Username;
service.DeleteASFUser(user);
service.DeleteASPNetMembership(user.Member);
}
public ASFUser DoLogin(MembershipInfo user)
{
ASFUser singleUser = new ASFUser();
using (SqlConnection conn = new SqlConnection(connString))
{
// If user has correct password, then select user database
string sql = BuildASFUserSQL();
string sqlMember = @"SELECT a.UserId FROM dbo.aspnet_Membership as b WHERE b.Username = @Username AND b.Password = @Password";
string fromUser = @"FROM dbo.ASF_User AS a";
string whereUser = @" WHERE a.UserId = (" + sqlMember + ")";
sql = sql + fromUser + whereUser;
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.Int).Value = user.Username;
cmd.Parameters.Add("@Password", SqlDbType.Int).Value = user.Password;
try
{
conn.Open();
SqlDataReader read = cmd.ExecuteReader();
while (read.Read())
{
singleUser = new ASFUserCallback().ProcessRow(read);
}
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
return singleUser;
}
