public ActionResult Profile(string username, string email, string password, string confirmPassword, string firstname, string lastname) { try { UserHasAccess(Models.Content.Profile); User user = new User(); // TODO: validation messages username, email and password if (string.IsNullOrEmpty(username)) return View(_data.GetCurrentUser(UserID.Value)); if (string.IsNullOrEmpty(email)) return View(_data.GetCurrentUser(UserID.Value)); user.ID = UserID; user.Username = username; user.Email = email; user.FirstName = firstname; user.LastName = lastname; if (!string.IsNullOrEmpty(password) && password == confirmPassword) user.Password = password; _data.UpsertUser(user); } catch (Exception ex) { ErrorLog.WriteError("Account Profile", ex.Message); ViewBag.ErrorMessage = GenericErrorMessage; } ViewBag.ErrorMessage = "<span style='color: green'>Success!</span>"; return View(_data.GetCurrentUser(UserID.Value)); }
public int? LoginUser(User user) { int userId; using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["IYFD"].ToString())) { connection.Open(); using (SqlCommand cmd = new SqlCommand("dbo.LogonUser", connection)) { cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@username", user.Username); cmd.Parameters.AddWithValue("@password", Encrypt(user.Password)); using (SqlDataReader reader = cmd.ExecuteReader()) { if (reader.Read()) { if (int.TryParse(reader["ID"].ToString(), out userId)) return userId; } } } } return null; }
public int? UpsertUser(User user) { int userId; using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["IYFD"].ToString())) { connection.Open(); using (SqlCommand cmd = new SqlCommand("dbo.UpsertUser", connection)) { if (user.ID.HasValue && user.ID.Value > 0) cmd.Parameters.AddWithValue("@ID", user.ID.Value); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@username", user.Username); cmd.Parameters.AddWithValue("@firstname", user.FirstName); cmd.Parameters.AddWithValue("@lastname", user.LastName); if(!string.IsNullOrEmpty(user.Password)) cmd.Parameters.AddWithValue("@password", Encrypt(user.Password)); cmd.Parameters.AddWithValue("@email", user.Email); cmd.Parameters.AddWithValue("@active", user.Active); using (SqlDataReader reader = cmd.ExecuteReader()) { if (reader.Read()) { if (int.TryParse(reader["ID"].ToString(), out userId)) return userId; } } } } return null; }