public void insertAccount(AccountDataModel customer)
{
// Get the parameters from the cache
OracleParameter[] AccountParms = GetCreateAccountParameters();
customer.accountID = Convert.ToInt32(OracleHelper.ExecuteScalarNoParm(_internalConnection, _internalADOTransaction,CommandType.Text,SQL_GET_NEXT_ACCOUNT_SEQ));
try
{
AccountParms[0].Value = customer.accountID;
AccountParms[1].Value = customer.openBalance;
AccountParms[2].Value = customer.logoutCount;
AccountParms[3].Value = customer.balance;
AccountParms[4].Value = customer.lastLogin;
AccountParms[5].Value = customer.loginCount;
AccountParms[6].Value = customer.profileID;
OracleHelper.ExecuteNonQuery(_internalConnection, _internalADOTransaction, CommandType.Text, SQL_INSERT_ACCOUNT, AccountParms);
return;
}
catch
{
throw;
}
}
public AccountDataModel getCustomerByUserID(string userID)
{
try
{
OracleParameter parm1 = new OracleParameter(PARM_USERID, OracleDbType.Varchar2, 20);
parm1.Value = userID;
OracleDataReader rdr = OracleHelper.ExecuteReaderSingleRowSingleParm(_internalConnection, _internalADOTransaction, CommandType.Text, SQL_SELECT_GET_CUSTOMER_BYUSERID, parm1);
if (rdr.Read())
{
AccountDataModel customer = new AccountDataModel(Convert.ToInt32(rdr.GetDecimal(0)), rdr.GetString(1), rdr.GetDateTime(2), rdr.GetDecimal(3), Convert.ToInt32(rdr.GetDecimal(4)), rdr.GetDecimal(5), rdr.GetDateTime(6), Convert.ToInt32(rdr.GetDecimal(7)));
rdr.Close();
return customer;
}
rdr.Close();
return null;
}
catch
{
throw;
}
}
/// <summary>
/// Adds user account data to Account table and also profile data to AccountProfile table.
/// </summary>
/// <param name="userID"></param>
/// <param name="password"></param>
/// <param name="fullname"></param>
/// <param name="address"></param>
/// <param name="email"></param>
/// <param name="creditcard"></param>
/// <param name="openBalance"></param>
/// <returns></returns>
private AccountDataModel addNewRegisteredUser(string userID, string password, string fullname, string address, string email, string creditcard, decimal openBalance)
{
AccountProfileDataModel customerprofile = new AccountProfileDataModel(userID, password, fullname, address, email, creditcard);
dalCustomer.insertAccountProfile(customerprofile, Settings.USE_SALTEDHASH_PASSWORDS);
//Check our acid test conditions here for transactional testing; we want to test part way through
//the register operations from the BSL, to make sure database is never left in state with one
//insert above going through, and the one below not--the entire BSL operation needs to be
//treated as one logical unit of work. Also note the ordering of operations here:
//since trying to register a non-unique userid might be something that happens frequently in the real
//world, lets do the insert that would fail on this condition first (accountprofile);
//rather than wait and do it last.
if (customerprofile.userID.Equals(StockTraderUtility.ACID_TEST_USER))
throw new Exception(StockTraderUtility.EXCEPTION_MESSAGE_ACID_REGISTRATION);
AccountDataModel customer = new AccountDataModel(0, userID, DateTime.Now, (decimal)openBalance, 0, (decimal)openBalance, DateTime.Now, 0);
dalCustomer.insertAccount(customer);
return customer;
}
public AccountDataModel login(string userid, string password, bool useSaltedHash)
{
try
{
OracleParameter parm1 = new OracleParameter(PARM_USERID, OracleDbType.Varchar2, 20);
parm1.Value = userid;
OracleDataReader rdr = OracleHelper.ExecuteReaderSingleRowSingleParm(_internalConnection, _internalADOTransaction, CommandType.Text,SQL_SELECT_CUSTOMERPROFILE_BYUSERID, parm1);
if (rdr.Read())
{
string salt = rdr.GetString(1);
string userPassword = rdr.GetString(2);
rdr.Close();
bool valid = false;
if (useSaltedHash)
{
SaltedHash ver = SaltedHash.Create(salt, userPassword);
valid = ver.Verify(password);
}
else
{
if (password.Equals(userPassword))
valid = true;
}
rdr.Close();
if (valid)
{
OracleParameter profileparm1 = new OracleParameter(PARM_USERID, OracleDbType.Varchar2, 20);
profileparm1.Value = userid;
rdr = OracleHelper.ExecuteReaderSingleRowSingleParm(_internalConnection, _internalADOTransaction, CommandType.Text, SQL_SELECT_CUSTOMER_LOGIN, profileparm1);
rdr.Read();
AccountDataModel customer = new AccountDataModel(Convert.ToInt32(rdr.GetDecimal(0)), userid, rdr.GetDateTime(1), rdr.GetDecimal(2), Convert.ToInt32(rdr.GetDecimal(3)), rdr.GetDecimal(4), rdr.GetDateTime(5), Convert.ToInt32(rdr.GetDecimal(6) + 1));
rdr.Close();
OracleParameter profileparm2 = new OracleParameter(PARM_USERID, OracleDbType.Varchar2, 20);
profileparm2.Value = userid;
OracleHelper.ExecuteNonQuerySingleParm(_internalConnection, _internalADOTransaction, CommandType.Text, SQL_UPDATE_CUSTOMER_LOGIN, profileparm2);
return customer;
}
rdr.Close();
}
return null;
}
catch
{
throw;
}
}
/// <summary>
/// Converts from service data contract model class to a UI Model class for quick HTML display in ASPX pages.
/// </summary>
private AccountDataModel convertAccountDataFromUI(AccountDataUI customer)
{
AccountDataModel serviceLayerCustomer = new AccountDataModel();
serviceLayerCustomer.accountID = (int)customer.accountID;
serviceLayerCustomer.balance = customer.balance;
serviceLayerCustomer.creationDate = customer.creationDate;
serviceLayerCustomer.lastLogin = customer.lastLogin;
serviceLayerCustomer.logoutCount = customer.logoutCount;
serviceLayerCustomer.openBalance = customer.openBalance;
serviceLayerCustomer.profileID = customer.profileID;
return serviceLayerCustomer;
}