//method CheckExistingAccount checks if the email already exist in database
public string CheckExistingAccount(string email)
{
//stored procedure prc_check_existing_account and email parameter is used
//to check if the email exist in the database
string commandText = "prc_check_existing_account";
SqlParameter[] param =
{
new SqlParameter("@email", email),
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
//if the ProcessData method of DatabaseHandle class returns empty DataTable
//it means that email doesn't exist
if (dt.Rows.Count >= 1)
{
string dbEmail = dt.Rows[0][0].ToString();
return(dbEmail);
}
else
{
return(email + " not found in database");
}
}
//method ChangeMp, takes old password and changes into the database
//once master password is updated
//all the account password encrypted by old password will be decrypted
//and encrypted again with the new masterpassword
public void ChangeMp(string oPwd, string nPwd)
{
//gets all the accounts from the database
string commandText = "prc_get_account";
SqlParameter[] param =
{
new SqlParameter("user_ID", LoginInfo.UserId)
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
//update master password
int uid = LoginInfo.UserId;
string encMPwd = StringCipher.Encrypt(nPwd, nPwd);
string commandText1 = "prc_update_master_pwd";
SqlParameter[] param1 =
{
new SqlParameter("user_ID", uid),
new SqlParameter("master_pwd", encMPwd)
};
DatabaseHandle dbh1 = new DatabaseHandle();
DataTable dt1 = new DataTable();
dt1 = dbh1.ProcessData(commandText1, param1);
//update Login Info master password
LoginInfo.MasterPwd = nPwd;
//Update all the Account passwords
int rows = dt.Rows.Count;
int[] testArray = new int[rows];
string commandText2 = "prc_update_acccount_pwd";
foreach (DataRow dr in dt.Rows)
{
int id = int.Parse(dr["account_ID"].ToString());
string tempPassword = (dr["password"].ToString());
string plainPwd = StringCipher.Decrypt(tempPassword, oPwd);
string encPwd = StringCipher.Encrypt(plainPwd, nPwd);
SqlParameter[] param2 =
{
new SqlParameter("account_ID", id),
new SqlParameter("password", encPwd)
};
DatabaseHandle dbh2 = new DatabaseHandle();
DataTable dt2 = new DataTable();
dt2 = dbh2.ProcessData(commandText2, param2);
}
}
//passes the accountID that is being deleted to the DatabaseHandle class
//Deletes the password from the database
//Stored Procedure to delete password is passed to the DatabaseHandle class
public void DeletePassword(int accountID)
{
string commandText = "prc_del_accountpwd";
SqlParameter[] param =
{
new SqlParameter("account_ID", accountID)
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
}
//passes the accountID that is being Edited to the DatabaseHandle class
//Updates the password to the database
//Stored Procedure to Edit password is passed to the DatabaseHandle class
public void EditPassword(int accountID, string passCode)
{
string commandText = "prc_edit_accountpwd";
SqlParameter[] param =
{
new SqlParameter("account_ID", accountID),
new SqlParameter("password", passCode)
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
}
//method that saves the login account to the database using
//ProcessData method of class DatabaseHandle passing parameter
//prc_add_user stored procedure and encrypted master password.
public string SaveAccountToDB(string email, string masterPwd)
{
string commandText = "prc_add_user";
SqlParameter[] param =
{
new SqlParameter("@email", email),
new SqlParameter("@master_pwd", masterPwd),
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
return("Account Added to Database Successfully");
}
//Loads the Datagrid in home window after user sucessfully logs in
public void LoadDataDataGrid()
{
//passes parameter of stored procedure and user_ID to class DatabaseHandle
//executes the SQL command in stored proc
//If stored proc is to only write on database empty datatable is returned
int userID = LoginInfo.UserId;
string commandText = "prc_get_Account";
SqlParameter[] param =
{
new SqlParameter("user_ID", userID)
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
dtaGridAccount.ItemsSource = dt.DefaultView;
}
//Method TextSearch filters the data using SQL command through stored procedure
//the filtered result is passed to the datagrid display defaultview
//method ProcessData in DatabaseHandle class filters the result using SQL command using stored proc
public void TextSearch()
{
int userID = LoginInfo.UserId;
string commandText = "prc_get_account_search";
SqlParameter[] param =
{
new SqlParameter("user_ID", userID),
new SqlParameter("search_text", txtSearchBox.Text.ToString())
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
string dataTableAccounts = dt.Rows[0][0].ToString();
dtaGridAccount.ItemsSource = dt.DefaultView;
}
//GetDbPwd method gets the password stored in the database
//prc_get_accountpwd and sql parameter is passed to ProcessData method of class DatabaseHandle
//If database query returns the password, it is validated against user typed password
//If the database return empty datable meaning no password found for provied email
private string GetDbPwd(string email)
{
string commandText = "prc_get_accountpwd";
SqlParameter[] param =
{
new SqlParameter("email", email)
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
//If query returns at least one row
if (dt.Rows.Count >= 1)
{
try
{
string txt_mp = txtMasterPwd.Password.ToString();
string encrypted_mp = dt.Rows[0][1].ToString(); //encrypted master password
//stores masterpassword, userId and email to the parameters in LoginInfo class
LoginInfo.MasterPwd = StringCipher.Decrypt(encrypted_mp, txt_mp);
LoginInfo.UserId = int.Parse(dt.Rows[0][0].ToString());
LoginInfo.Email = txtEmail.Text.ToString();
return(LoginInfo.MasterPwd);
}
catch
{
return("Incorrect Password");
}
}
//if empty datatable is returned the provided email didn't have any password
else
{
return("No password found for provided email");
}
}
//Saves username and password to the database
//calls ProcessData method of class DatabaseHandle
//Procedure prc_add_pwd and sql parameter is passed to ProcessData of class DatabaseHandle
//password provided by the user is encrypted before saving to database
//using Encrypt method of StringCipher class
public void AddPasswordDb()
{
string accountName = txtAccountName.Text.ToString();
string userName = txtUsrName.Text.ToString();
string password = txtPwd.Password.ToString();
string encryptedPassword = StringCipher.Encrypt(password, LoginInfo.MasterPwd);
string notes = txtNote.Text.ToString();
var date = DateTime.Now.ToString("yyyy/MM/dd");
string commandText = "prc_add_pwd";
SqlParameter[] param =
{
new SqlParameter("@account_name", accountName),
new SqlParameter("@user_ID", LoginInfo.UserId),
new SqlParameter("@username", userName),
new SqlParameter("@password", encryptedPassword),
new SqlParameter("@notes", notes),
};
DatabaseHandle dbh = new DatabaseHandle();
DataTable dt = new DataTable();
dt = dbh.ProcessData(commandText, param);
}