/// <summary>
/// Allows you to retrieve all the user information from the database for a particular user
/// </summary>
/// <param name="table">tblUser</param>
/// <param name="inputData"></param>
/// <param name="user"></param>
/// <returns></returns>
public int SelectUser(String table, Dictionary<String, String> inputData, out User user)
{
SqlCommand selectData = null;
user = null;
SqlDataReader reader = null;
try
{
string sSql = CreateSqlQuery("SELECT *", table, inputData);
selectData = new SqlCommand(sSql, GetDBConnection());
selectData.Connection.Open();
reader = selectData.ExecuteReader(CommandBehavior.SingleRow);
if (reader.Read())
{
user = new User(reader.GetString(2), null, reader.GetString(4), reader.GetString(5));
return reader.GetInt32(0);
}
}
catch (SqlException e)
{ return e.ErrorCode; }
catch (Exception e)
{ return e.HResult; }
return -1;
}
/// <summary>
/// Verifies the users login.
/// </summary>
/// <param name="user"></param>
/// <param name="id"></param>
/// <param name="retUser"></param>
/// <param name="info"></param>
/// <returns></returns>
public bool LoginAuthentication(User user, out int id, out User retUser, out String info)
{
List<String> errors;
if (user.ValidateLogin(out errors))
{
info = "Welcome.aspx";
if ((id = SelectUser("tblUser", user.CreateDict(), out retUser)) < 0)
{
info = "Incorrect username and/or password";
return false;
}
return true;
}
else
{
info = "There are the following errors:";
foreach (String error in errors)
{
info += "\\n" + error;
}
retUser = null;
id = -1;
return false;
}
}
/// <summary>
/// Insert user information into the database to create a login for that user.
/// Displays an error if any fields are not filled in.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnSubmit_Click(object sender, EventArgs e)
{
newUser = new User(txtbxUsername.Text, txtbxPassword.Text, txtbxFirstName.Text, txtbxLastName.Text, txtbxSecurityQuestion.Text, txtSecurityAnswer.Text);
String info;
if (dbObject.InsertNewUser(newUser, out info))
{
Response.Redirect("Login.aspx?reg=1");
}
else
{
string script = "alert(\"" + info + "\");";
ScriptManager.RegisterStartupScript(this, GetType(),
"ServerControlScript", script, true);
}
}
/// <summary>
/// Insert a new user into the database.
/// Returns a string to let the user know the insert was successful
/// or outputs the database error message.
/// </summary>
/// <param name="first_name"></param>
/// <param name="last_name"></param>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="securityQuestion"></param>
/// <param name="securityAnswer"></param>
/// <returns></returns>
public bool InsertNewUser(User user, out String info)
{
List<String> errors = null;
if (user.ValidateRegister(out errors))
{
info = InsertData("tblUser", user.CreateDict());
return true;
}
else
{
info = "There are the following errors:";
foreach (String error in errors)
{
info += "\\n" + error;
}
return false;
}
}
/// <summary>
/// Allow authenticated user to access the site.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_OnClick(object sender, EventArgs e)
{
User user = new User(txtUserName.Text, txtPassword.Text);
User retUser;
int id;
String info;
if (dbObject.LoginAuthentication(user, out id, out retUser, out info))
{
userData._loginID = id;
userData._user = retUser;
Session["User_Data"] = userData;
Session["Control_Increment"] = 0;
Response.Redirect(info);
}
else
{
string script = "alert(\"" + info + "\");";
ScriptManager.RegisterStartupScript(this, GetType(),
"ServerControlScript", script, true);
}
}
