/// <summary>
/// Update User Type admin
/// </summary>
/// <param name="ID"></param>
/// <returns></returns>
public int?UpdateUserTypeByAdmin(String EmployeeId, bool isAdmin, String adminId, String adminPass, String adminGUID)
{
int?ret = null;
try
{
string adminHashedPassword = AppSecurity.HashSHA1(adminPass + adminGUID);
SqlCommand selectCommand = new SqlCommand(SQL_STRINGS.SP_UPDATE_USER_TYPE_ADMIN, con);
selectCommand.Parameters.AddWithValue("@EMPLOYEE_ID", EmployeeId);
selectCommand.Parameters.AddWithValue("@ADMIN_ID", adminId);
selectCommand.Parameters.AddWithValue("@NEW_IS_ADMIN", isAdmin);
selectCommand.Parameters.AddWithValue("@ADMIM_PASS", adminHashedPassword);
SqlParameter retParam = new SqlParameter();
retParam.ParameterName = "@RetVal";
retParam.Direction = ParameterDirection.ReturnValue;
retParam.SqlDbType = SqlDbType.Int;
selectCommand.Parameters.Add(retParam);
selectCommand.CommandType = CommandType.StoredProcedure;
con.Open();
selectCommand.ExecuteNonQuery();
con.Close();
ret = (int)retParam.Value;
return(ret);
}
catch
{
throw;
}
finally
{
con.Close();
}
}
public int ValidateUserLogin(string empId, string password, ref Employee employee)
{
// this is the value we will return
int ret = -1;
using (SqlCommand cmd = new SqlCommand(SQL_STRINGS.SQL_VALIDATE_LOGIN, con))
{
cmd.Parameters.AddWithValue("@EMPLOYEE_ID", empId);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
// dr.Read() = we found user(s) with matching username!
string dbEmpId = Convert.ToString(dr["EMPLOYEE_ID"]);
string dbPassword = Convert.ToString(dr["PASS"]);
string dbUserGuid = Convert.ToString(dr["USER_GUID"]);
string dbFirstName = Convert.ToString(dr["FIRST_NAME"]);
string dbLastName = Convert.ToString(dr["LAST_NAME"]);
string dbEmail = Convert.ToString(dr["EMAIL_ID"]);
string guid = Convert.ToString(dr["USER_GUID"]);
int isAdmin = Convert.ToInt16(dr["IS_ADMIN"]);
// Now we hash the UserGuid from the database with the password we wan't to check
// In the same way as when we saved it to the database in the first place. (see AddUser() function)
string hashedPassword = AppSecurity.HashSHA1(password + dbUserGuid);
// if its correct password the result of the hash is the same as in the database
if (dbPassword == hashedPassword)
{
// The password is correct
employee = new Employee();
employee.EmployeeId = dbEmpId;
employee.FirstName = dbFirstName;
employee.LastName = dbLastName;
employee.Email = dbEmail;
employee.GUID = guid;
if (isAdmin == 0)
{
employee.IsAdmin = false;
}
else if (isAdmin == 1)
{
employee.IsAdmin = true;
}
ret = 1;
}
}
con.Close();
}
// Return the user id which is 0 if we did not found a user.
return(ret);
}
protected void btChangeProfSave_Click(object sender, EventArgs e)
{
hfTab.Value = "home";
Employee emp = new Employee();
emp.EmployeeId = Session["EmployeeId"].ToString();
emp.FirstName = tbFirstName.Text;
emp.LastName = tbLastName.Text;
emp.Email = tbEmailId.Text;
string pass = tbChangeProfPass.Text;
string hashedPassword = AppSecurity.HashSHA1(pass + Session["USER_GUID"].ToString());
DataAccessLayer dal = new DataAccessLayer();
int? ret = dal.UpdateAccountInfo(emp, hashedPassword);
switch (ret)
{
case 1:
{
// update session information
Session["FirstName"] = emp.FirstName;
Session["LastName"] = emp.LastName;
Session["EMAIL"] = emp.Email;
((Label)Master.FindControl("lbUserName")).Text = emp.FirstName + " " + emp.LastName;
//show success message
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-success");
editAlert.InnerText = "Account Information Successfully Updated";
} break;
case -1:
{
//invalid password
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-danger");
editAlert.InnerText = "Incorrect Password";
}
break;
case 0:
{
//invalid password
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-danger");
editAlert.InnerText = "Database Error Occured. Information could not be saved.";
}
break;
}
}
protected void btChPassSave_Click(object sender, EventArgs e)
{
hfTab.Value = "profile";
string oldPass = tbChPassCurr.Text;
string newPass = tbChPassNew.Text;
string empId = Session["EmployeeId"].ToString();
string oldHashedPassword = AppSecurity.HashSHA1(oldPass + Session["USER_GUID"].ToString());
string newHashedPassword = AppSecurity.HashSHA1(newPass + Session["USER_GUID"].ToString());
DataAccessLayer dal = new DataAccessLayer();
int? ret = dal.UpdatePasswordUser(empId, oldHashedPassword, newHashedPassword);
switch (ret)
{
case 1:
{
//show success message
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-success");
editAlert.InnerText = "Password Reset Successfully";
}
break;
case -1:
{
//invalid password
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-danger");
editAlert.InnerText = "Incorrect Old Password";
}
break;
case 0:
{
//invalid password
editAlert.Style.Add("display", "inline");
editAlert.Attributes.Add("class", "alert-danger");
editAlert.InnerText = "Database Error Occured. Information could not be saved.";
}
break;
}
}
/// <summary>
/// Reset user pass admin
/// </summary>
/// <param name="ID"></param>
/// <returns></returns>
public int?ResetUserPasswordByAdmin(String EmployeeId, String newUSerPass, String adminId, String adminPass, String adminGUID)
{
int?ret = null;
try
{
// First create a new Guid for the user. This will be unique for each user
Guid userGuid = System.Guid.NewGuid();
// Hash the password together with our unique userGuid
string userHashedPassword = AppSecurity.HashSHA1(newUSerPass + userGuid.ToString());
string adminHashedPassword = AppSecurity.HashSHA1(adminPass + adminGUID);
SqlCommand selectCommand = new SqlCommand(SQL_STRINGS.SP_RESET_USER_PASS_ADMIN, con);
selectCommand.Parameters.AddWithValue("@EMPLOYEE_ID", EmployeeId);
selectCommand.Parameters.AddWithValue("@ADMIN_ID", adminId);
selectCommand.Parameters.AddWithValue("@NEW_USER_PASS", userHashedPassword);
selectCommand.Parameters.AddWithValue("@NEW_USER_GUID", userGuid);
selectCommand.Parameters.AddWithValue("@ADMIM_PASS", adminHashedPassword);
SqlParameter retParam = new SqlParameter();
retParam.ParameterName = "@RetVal";
retParam.Direction = ParameterDirection.ReturnValue;
retParam.SqlDbType = SqlDbType.Int;
selectCommand.Parameters.Add(retParam);
selectCommand.CommandType = CommandType.StoredProcedure;
con.Open();
selectCommand.ExecuteNonQuery();
con.Close();
ret = (int)retParam.Value;
return(ret);
}
catch
{
throw;
}
finally
{
con.Close();
}
}
/// <summary>
/// Add New User to Database
/// </summary>
public int?AddNewUser(String empId, String firstName, String lastName, String email, String password)
{
int?ret = null;
try
{
// First create a new Guid for the user. This will be unique for each user
Guid userGuid = System.Guid.NewGuid();
// Hash the password together with our unique userGuid
string hashedPassword = AppSecurity.HashSHA1(password + userGuid.ToString());
SqlCommand selectCommand = new SqlCommand(SQL_STRINGS.SP_ADD_NEW_USER, con);
selectCommand.Parameters.AddWithValue("@EMPLOYEE_ID", empId);
selectCommand.Parameters.AddWithValue("@FIRST_NAME", firstName);
selectCommand.Parameters.AddWithValue("@LAST_NAME", lastName);
selectCommand.Parameters.AddWithValue("@EMAIL_ID", email);
selectCommand.Parameters.AddWithValue("@PASS", hashedPassword);
selectCommand.Parameters.AddWithValue("@USER_GUID", userGuid);
SqlParameter retParam = new SqlParameter();
retParam.ParameterName = "@RetVal";
retParam.Direction = ParameterDirection.ReturnValue;
retParam.SqlDbType = SqlDbType.Int;
selectCommand.Parameters.Add(retParam);
selectCommand.CommandType = CommandType.StoredProcedure;
con.Open();
selectCommand.ExecuteNonQuery();
con.Close();
ret = (int)retParam.Value;
return(ret);
}
catch
{
throw;
}
finally
{
con.Close();
}
}
