bool CustomAuthenticate(string username, string password)
{
DBDriver db = new DBDriver();
string q = "select count(*) from softeng4.users where userName='******';";
db.Query = q;
int k = (int)db.scalar();
if (k == 0)
{
//user does not exist in DB
ErrorLabel.Text = "You have entered an unknown username.";
return(false);
}
else
{
q = "select count(*) from softeng4.users u where u.userName='******' and u.password='******'";
db.Query = q;
k = (int)db.scalar();
if (k == 0)
{
//password incorrect
ErrorLabel.Text = "You have entered an incorrect password.";
return(false);
}
else
{
//successful authentication
q = "select u.security s, u.ID id, p.firstName fname, p.lastName lname from softeng4.users u, softeng4.person p where u.ID = p.ID and u.username='******'";
db.Query = q;
SqlDataReader dr = db.createReader();
dr.Read();
user = new User(dr["id"].ToString());
db.close();
// create the cookie
Response.Cookies["user"].Values.Add("role", user.Role);
Response.Cookies["user"].Values.Add("id", user.ID);
Response.Cookies["user"].Values.Add("name", user.UserName);
Response.Cookies["user"].Values.Add("fname", user.FirstName);
Response.Cookies["user"].Values.Add("lname", user.LastName);
return(true);
}
}
}
bool CustomAuthenticate(string username, string password)
{
DBDriver db = new DBDriver();
string q="select count(*) from softeng4.users where userName='******';";
db.Query = q;
int k=(int)db.scalar();
if(k==0)
{
//user does not exist in DB
ErrorLabel.Text = "You have entered an unknown username.";
return false;
}
else
{
q="select count(*) from softeng4.users u where u.userName='******' and u.password='******'";
db.Query = q;
k=(int)db.scalar();
if(k==0)
{
//password incorrect
ErrorLabel.Text = "You have entered an incorrect password.";
return false;
}
else
{
//successful authentication
q="select u.security s, u.ID id, p.firstName fname, p.lastName lname from softeng4.users u, softeng4.person p where u.ID = p.ID and u.username='******'";
db.Query = q;
SqlDataReader dr=db.createReader();
dr.Read();
user = new User(dr["id"].ToString());
db.close();
// create the cookie
Response.Cookies["user"].Values.Add("role", user.Role);
Response.Cookies["user"].Values.Add("id", user.ID);
Response.Cookies["user"].Values.Add("name", user.UserName);
Response.Cookies["user"].Values.Add("fname", user.FirstName);
Response.Cookies["user"].Values.Add("lname", user.LastName);
return true;
}
}
}
/// <summary>
/// Verify that an email address exists in the database
/// </summary>
/// <param name="email">email address to verify</param>
/// <returns>true if it exists, false if it doesn't</returns>
static public bool verifyEmailExists(string email)
{
DBDriver myDB = new DBDriver();
myDB.Query = "select count(*) from person where email=@email;";
myDB.addParam("@email", email);
int k = Convert.ToInt32(myDB.scalar());
if (k == 1)
{
return(true);
}
return(false);
}
/// <summary>
/// Verify that a username exists in the database
/// </summary>
/// <param name="userName">the username to verify</param>
/// <returns>true if it exists, false if it doesn't</returns>
static public bool verifyUserNameExists(string userName, bool isNew)
{
DBDriver myDB = new DBDriver();
myDB.Query = "select count(*) from users where userName=@name;";
myDB.addParam("@name", userName);
int k = Convert.ToInt32(myDB.scalar());
if (k != 1)
{
if (isNew)
{
myDB.Query = "select count(*) from newUsers where userName=@name;";
myDB.addParam("@name", userName);
k = Convert.ToInt32(myDB.scalar());
}
}
if (k == 1)
{
return(true);
}
return(false);
}
/// <summary>
/// Create a new User
/// </summary>
/// <param name="un">The username</param>
/// <param name="pwd">the Password</param>
/// <param name="r">the security/role</param>
/// <param name="fn">the first name</param>
/// <param name="ln">the last name</param>
/// <param name="em">the email address</param>
/// <param name="ph">the phone number</param>
/// <param name="ad">the address</param>
/// <param name="c">the city</param>
/// <param name="s">the state</param>
/// <param name="z">thezip code</param>
public User(string un, string pwd, string r, string fn, string ln,
string em, string ph, string ad, string c, string s, string z)
{
this.userName = un;
this.password = Encryption.encrypt(pwd);
//this.id = id;
this.role = r;
this.firstName=fn;
this.lastName=ln;
this.email=em;
this.phone=ph;
this.address=ad;
this.city=c;
this.state=s;
this.zip=z;
myDB=new DBDriver();
myDB.Query = "insert into person (firstName, lastName, address, city, state, zip, phoneNumber, email) " +
"values (@first,@last,@address,@city,@state,@zip,@phone,@email);";
myDB.addParam("@first", firstName);
myDB.addParam("@last", lastName);
myDB.addParam("@address", address);
myDB.addParam("@city", city);
myDB.addParam("@state", state);
myDB.addParam("@zip", zip);
myDB.addParam("@phone", phone);
myDB.addParam("@email", email);
myDB.nonQuery();
//get the user id from the person table to satisfy the user tables foreign constraint
myDB.Query="select id from person where email=@email;";
myDB.addParam("@email", email);
this.id=myDB.scalar().ToString();
// TODO: when administrator approves, this is transferred to the users table
// for now, this is stored in the newUsers table
myDB.Query = "insert into newUsers (ID, password, userName, security)\n" +
"values (@id, @pwd,@username,@sec);";
myDB.addParam("@id", id);
myDB.addParam("@pwd", this.password);
myDB.addParam("@username", this.userName);
myDB.addParam("@sec", this.role);
myDB.nonQuery();
}
/// <summary>
/// Create a new User
/// </summary>
/// <param name="un">The username</param>
/// <param name="pwd">the Password</param>
/// <param name="r">the security/role</param>
/// <param name="fn">the first name</param>
/// <param name="ln">the last name</param>
/// <param name="em">the email address</param>
/// <param name="ph">the phone number</param>
/// <param name="ad">the address</param>
/// <param name="c">the city</param>
/// <param name="s">the state</param>
/// <param name="z">thezip code</param>
public User(string un, string pwd, string r, string fn, string ln,
string em, string ph, string ad, string c, string s, string z)
{
this.userName = un;
this.password = Encryption.encrypt(pwd);
//this.id = id;
this.role = r;
this.firstName = fn;
this.lastName = ln;
this.email = em;
this.phone = ph;
this.address = ad;
this.city = c;
this.state = s;
this.zip = z;
myDB = new DBDriver();
myDB.Query = "insert into person (firstName, lastName, address, city, state, zip, phoneNumber, email) " +
"values (@first,@last,@address,@city,@state,@zip,@phone,@email);";
myDB.addParam("@first", firstName);
myDB.addParam("@last", lastName);
myDB.addParam("@address", address);
myDB.addParam("@city", city);
myDB.addParam("@state", state);
myDB.addParam("@zip", zip);
myDB.addParam("@phone", phone);
myDB.addParam("@email", email);
myDB.nonQuery();
//get the user id from the person table to satisfy the user tables foreign constraint
myDB.Query = "select id from person where email=@email;";
myDB.addParam("@email", email);
this.id = myDB.scalar().ToString();
// TODO: when administrator approves, this is transferred to the users table
// for now, this is stored in the newUsers table
myDB.Query = "insert into newUsers (ID, password, userName, security)\n" +
"values (@id, @pwd,@username,@sec);";
myDB.addParam("@id", id);
myDB.addParam("@pwd", this.password);
myDB.addParam("@username", this.userName);
myDB.addParam("@sec", this.role);
myDB.nonQuery();
}
/// <summary>
/// Verify that a username exists in the database
/// </summary>
/// <param name="userName">the username to verify</param>
/// <returns>true if it exists, false if it doesn't</returns>
public static bool verifyUserNameExists(string userName, bool isNew)
{
DBDriver myDB=new DBDriver();
myDB.Query="select count(*) from users where userName=@name;";
myDB.addParam("@name", userName);
int k=Convert.ToInt32(myDB.scalar());
if(k!=1)
if(isNew)
{
myDB.Query="select count(*) from newUsers where userName=@name;";
myDB.addParam("@name", userName);
k=Convert.ToInt32(myDB.scalar());
}
if(k==1)
return true;
return false;
}
/// <summary>
/// Verify that an email address exists in the database
/// </summary>
/// <param name="email">email address to verify</param>
/// <returns>true if it exists, false if it doesn't</returns>
public static bool verifyEmailExists(string email)
{
DBDriver myDB=new DBDriver();
myDB.Query="select count(*) from person where email=@email;";
myDB.addParam("@email", email);
int k=Convert.ToInt32(myDB.scalar());
if(k==1)
return true;
return false;
}
