Пример #1
0
        public static Boolean AllowAccess()
        {
            DovetailUser test   = new DovetailUser("test", "test", "test", "test", "test", "test", 10.0, false);
            bool         result = UserAccountHandler.RegisterNewUser(test);

            result = UserAccountHandler.AllowAccessForUser("test");
            if (result)
            {
                result = UserAccountHandler.RemoveUser(test);
            }
            return(result);
        }
Пример #2
0
        public static Boolean RegisterSignInRemove()
        {
            DovetailUser test   = new DovetailUser("test", "test", "test", "test", "test", "test", 10.0, true);
            bool         result = UserAccountHandler.RegisterNewUser(test);

            result = UserAccountHandler.UserSignIn(test);
            if (result)
            {
                result = UserAccountHandler.RemoveUser(test);
            }
            return(result);
        }
Пример #3
0
        /// <summary>
        /// API procedure for removing the specified user into the Dovetail software.
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <returns>True, if remove successful; false otherwise</returns>
        public static bool RemoveUser(DovetailUser user)
        {
            // Prepare connection to the database
            SqlConnection connection = DovetailDbConnection.GetConnection();
            bool          canRemove  = false;

            // Attempt to connect to database and verify user credentials
            try
            {
                // Prepare sign-in query
                StringBuilder sb = new StringBuilder();
                sb.Append("DELETE COUNT(1) ");
                sb.Append("FROM Users ");
                sb.Append("WHERE Username = @Username AND Password = @Password AND Access = 1;");
                string sql = sb.ToString();

                SqlCommand command = new SqlCommand(sql, connection)
                {
                    CommandType = CommandType.Text
                };

                if (string.IsNullOrEmpty(user.Username) || string.IsNullOrEmpty(user.Password))
                {
                    connection.Close();
                    return(false);
                }

                command.Parameters.AddWithValue("@Username", user.Username);
                command.Parameters.AddWithValue("@Password", user.Password);

                // Execute query; only one valid user should be found/returned
                int queryResult = Convert.ToInt32(command.ExecuteScalar());
                if (queryResult != 1)
                {
                    connection.Close();
                    return(false);
                }

                // Sign-in is successful
                canRemove = true;
            }
            catch (SqlException sqle)
            {
                connection.Close();
                MessageBox.Show(sqle.Message);
            }

            connection.Close();

            return(canRemove);
        }
Пример #4
0
        public static Boolean PasswordUpdate()
        {
            DovetailUser test   = new DovetailUser("test", "test", "test", "test", "test", "test", 10.0, false);
            bool         result = UserAccountHandler.RegisterNewUser(test);

            result = UserAccountHandler.UserUpdatePassword("test", "test1");
            if (result)
            {
                if (test.Password != "test1")
                {
                    result = false;
                }
            }
            bool remove = UserAccountHandler.RemoveUser(test);

            return(result);
        }
Пример #5
0
        public static Boolean WageUpdate()
        {
            DovetailUser test   = new DovetailUser("test", "test", "test", "test", "test", "test", 9.0, false);
            bool         result = UserAccountHandler.RegisterNewUser(test);

            result = UserAccountHandler.UserUpdateWage("test", 10.0);
            if (result)
            {
                if (test.Wage != 10.0)
                {
                    result = false;
                }
            }
            bool remove = UserAccountHandler.RemoveUser(test);

            return(result);
        }
Пример #6
0
        /// <summary>
        /// API procedure for signing the specified user into the Dovetail software.
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <returns>True, if sign-in successful; false otherwise</returns>
        public static bool UserSignIn(DovetailUser user)
        {
            // Prepare connection to the database
            SqlConnection connection = DovetailDbConnection.GetConnection();
            bool          canSignIn  = false;

            //unhashing hashed password
            //string savedPasswordHash = user.Password;
            //byte[] hashBytes = Convert.FromBase64String(savedPasswordHash);
            //byte[] salt = new byte[16];
            //Array.Copy(hashBytes,0,salt,0,16);
            //var pbkdf2 = new Rfc2898DeriveBytes(user.Password,salt,10000);
            //byte[] hash = pbkdft.GetBytes(20);
            //bool same = true;
            //for(int i = 0; i < 20; i++) {
            //    if(hashBytes[i+16]!=hash[i])
            //        same = false;
            // }
            // Attempt to connect to database and verify user credentials
            try
            {
                // Prepare sign-in query
                StringBuilder sb = new StringBuilder();
                sb.Append("SELECT COUNT(1) ");
                sb.Append("FROM Users ");
                sb.Append("WHERE Username = @Username AND Password = @Password AND Access = 1;");
                string sql = sb.ToString();

                SqlCommand command = new SqlCommand(sql, connection)
                {
                    CommandType = CommandType.Text
                };

                if (string.IsNullOrEmpty(user.Username) || string.IsNullOrEmpty(user.Password))
                {
                    connection.Close();
                    return(false);
                }

                command.Parameters.AddWithValue("@Username", user.Username);
                command.Parameters.AddWithValue("@Password", user.Password);

                // Execute query; only one valid user should be found/returned
                int queryResult = Convert.ToInt32(command.ExecuteScalar());
                if (queryResult != 1)
                {
                    connection.Close();
                    return(false);
                }

                // Sign-in is successful
                canSignIn = true;
            }
            catch (SqlException sqle)
            {
                connection.Close();
                MessageBox.Show(sqle.Message);
            }

            connection.Close();

            return(canSignIn);
        }
Пример #7
0
        /// <summary>
        /// API procedure for creating/registering a new user for the Dovetail software.
        /// </summary>
        /// <param name="user"></param>
        /// <returns>True, if success; false otherwise</returns>
        public static bool RegisterNewUser(DovetailUser user)
        {
            // Prepare connection to the database
            SqlConnection connection      = DovetailDbConnection.GetConnection();
            bool          canRegisterUser = false;

            //byte[] salt;
            //new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
            //var pbkdf2 = new Rfc2898DeriveBytes(user.Password, salt, 10000);
            //byte[] hash = pbkdf2.GetBytes(20);
            //byte[] hashBytes = new byte[36];
            //Array.Copy(salt,0,hashBytes,0,16);
            //Array.Copy(hash,0,hashBytes,16,20);
            //string savedPasswordHash = Convert.ToBase64String(hashBytes);
            //todo store with savedPasswordHash, but everything is g2g

            // Attempt to connect to database and verify user credentials
            try
            {
                // Check if user already exists
                if (UserAlreadyExists(user.Username))
                {
                    connection.Close();
                    return(false);
                }

                // Prepare register new user query
                StringBuilder sb = new StringBuilder();
                sb.Append("INSERT INTO Users ");
                sb.Append("VALUES (@Username, @Password, @FirstName, @LastName, @Email, @UserType, @Access);");
                string sql = sb.ToString();

                SqlCommand command = new SqlCommand(sql, connection)
                {
                    CommandType = CommandType.Text
                };

                if (string.IsNullOrEmpty(user.Username) || string.IsNullOrEmpty(user.Password) ||
                    string.IsNullOrEmpty(user.FirstName) || string.IsNullOrEmpty(user.LastName) ||
                    string.IsNullOrEmpty(user.Email))
                {
                    connection.Close();
                    return(false);
                }

                if (!IsValidEmail(user.Email))
                {
                    connection.Close();
                    return(false);
                }

                command.Parameters.AddWithValue("@Username", user.Username);
                command.Parameters.AddWithValue("@Password", user.Password);
                command.Parameters.AddWithValue("@FirstName", user.FirstName);
                command.Parameters.AddWithValue("@LastName", user.LastName);
                command.Parameters.AddWithValue("@Email", user.Email);
                command.Parameters.AddWithValue("@UserType", user.UserType);
                command.Parameters.AddWithValue("@Access", user.HasAccess);

                // Execute query; only one valid user should be created/returned
                int result = command.ExecuteNonQuery();
                if (result != 1)
                {
                    connection.Close();
                    return(false);
                }

                // New user successfully registered
                canRegisterUser = true;
            }
            catch (SqlException sqle)
            {
                connection.Close();
                MessageBox.Show(sqle.Message);
            }

            connection.Close();

            return(canRegisterUser);
        }