public IActionResult CreateUser(MesahUser usr)
{
if (!ModelState.IsValid)
{
ViewData["Message"] = "Invalid Input";
ViewData["MsgType"] = "warning";
return(View("CreateUser"));
}
else
{
string insert =
@"INSERT INTO MesahUser(UserId, UserPw, FullName, Email, Address, PostalCode, Phone, UserRole)
VALUES('{0}',HASHBYTES('SHA1','{1}'),'{2}','{3}','{4}','{5}','{6}','{7}')";
if (DBUtl.ExecSQL(insert, usr.UserId, usr.UserPw, usr.FullName, usr.Email, usr.Address, usr.PostalCode, usr.Phone, usr.UserRole) == 1)
{
ViewData["Message"] = "User Created";
ViewData["MsgType"] = "success";
}
else
{
ViewData["Message"] = DBUtl.DB_Message;
ViewData["MsgType"] = "danger";
}
return(RedirectToAction("ShowUsers"));
}
}
public JsonResult VerifyEmail(string Email)
{
DbSet <MesahUser> dbs = _dbContext.MesahUser;
MesahUser user = dbs.FromSqlInterpolated($"SELECT * FROM MesahUser WHERE Email= {Email}").FirstOrDefault();
if (user != null)
{
return(Json(true));
}
else
{
return(Json(false));
}
}
public IActionResult EditUser(string id)
{
string userid = User.FindFirst(ClaimTypes.NameIdentifier).Value;
string select = @"SELECT * FROM MesahUser WHERE UserId = '{0}'";
List <MesahUser> list = DBUtl.GetList <MesahUser>(select, id);
if (list.Count == 1)
{
MesahUser user = list[0];
return(View("EditUser", user));
}
else
{
TempData["Message"] = "Data not found";
TempData["MsgType"] = "warning";
return(RedirectToAction("Index"));
}
}
public IActionResult EditUser(string id, MesahUser mesah)
{
string userid = User.FindFirst(ClaimTypes.NameIdentifier).Value;
string sql = @"UPDATE MesahUser
SET FullName ='{1}', UserRole ='{2}',
Email = '{3}', Phone ='{4}'
WHERE UserId = '{0}'";
if (DBUtl.ExecSQL(sql, id, mesah.FullName, mesah.UserRole, mesah.Email, mesah.Phone) == 1)
{
ViewData["Message"] = "Profile Updated";
ViewData["MsgType"] = "success";
}
else
{
ViewData["Message"] = DBUtl.DB_Message;
ViewData["MsgType"] = "danger";
}
return(RedirectToAction("ShowUsers"));
}
public IActionResult EditProfile(MesahUser mesah)
{
string userid = User.FindFirst(ClaimTypes.NameIdentifier).Value;
string sql = @"UPDATE MesahUser
SET FullName ='{1}', Email ='{2}',
Address = '{3}', PostalCode = '{4}', Phone ='{5}'
WHERE UserId = '{0}'";
if (DBUtl.ExecSQL(sql, userid, mesah.FullName, mesah.Email, mesah.Address, mesah.PostalCode, mesah.Phone) == 1)
{
ViewData["Message"] = "Profile Updated";
ViewData["MsgType"] = "success";
}
else
{
ViewData["Message"] = DBUtl.DB_Message;
ViewData["MsgType"] = "danger";
}
return(View("EditProfile"));
}
