public int addSupplier(string supplierName, string supplierAddress, string supplierPhone, string supplierNotes)
{
if (supplierNameExists(supplierName))
{
return(-2); // supplier exist with the same name
}
SqlParameter[] param = new SqlParameter[4];
param[0] = new SqlParameter("@supp_name", SqlDbType.VarChar, 100);
param[0].Value = supplierName;
param[1] = new SqlParameter("@supp_address", SqlDbType.VarChar, 200);
param[1].Value = supplierAddress;
param[2] = new SqlParameter("@supp_phone", SqlDbType.VarChar, 15);
param[2].Value = supplierPhone;
param[3] = new SqlParameter("@supp_description", SqlDbType.VarChar, 200);
param[3].Value = supplierNotes;
int result = dal.excuteCommand("sp_add_supplier", param);
if (result == 1)
{
return(0);
}
return(-1);
}
// TODO :: use this function just if the logged in user == admin (based on permissions)
public int addNewUser(string username, string passwd, string fullName, string phoneNO)
{
if (userNameExists(username))
{
return(-2); // user already exists with the same username
}
passwd = GetHashString(passwd); // encrypt the password SHA1
SqlParameter[] param = new SqlParameter[4];
param[0] = new SqlParameter("@username", SqlDbType.VarChar, 30);
param[0].Value = username;
param[1] = new SqlParameter("@passwd", SqlDbType.VarChar, 40);
param[1].Value = passwd;
param[2] = new SqlParameter("@fullname", SqlDbType.VarChar, 100);
param[2].Value = fullName;
param[3] = new SqlParameter("@phone_no", SqlDbType.VarChar, 15);
param[3].Value = phoneNO;
int result = dal.excuteCommand("sp_create_new_user", param);
if (result == 1)
{
return(0);
}
return(-1);
}
// add new category with stored procedure
public int addNewCat(string catName, string catDescription)
{
SqlParameter[] param = new SqlParameter[2];
param[0] = new SqlParameter("@cat_name", SqlDbType.VarChar, 200);
param[0].Value = catName;
param[1] = new SqlParameter("@notes", SqlDbType.VarChar, 200);
param[1].Value = catDescription;
return(dal.excuteCommand("add_new_category", param));
}
public int backUpDB(string backUpPath)
{
string fileName = backUpPath + "\\emad_01112137376_" + DateTime.Now.ToShortDateString().Replace('/', '-') + "_" + DateTime.Now.ToLongTimeString().Replace(':', '-');
// TODO: edit this string
string strQuery = "Backup Database [C:\\USERS\\BOLLI\\DOCUMENTS\\VISUAL STUDIO 2015\\PROJECTS\\EMAD STORE\\EMAD STORE\\KFS_HOSPITAL.MDF] to Disk='" + fileName + ".bak'";
/*
* SqlCommand cmd;
* cmd = new SqlCommand(strQuery, con);
* con.Open();
* cmd.ExecuteNonQuery();
* con.Close();
*/
// ALTER Database [KFS_hospital] SET OFFLINE WITH ROLLBACK IMMEDIATE; Restore Database [KFS_hospital] from Disk=path
int operationResult;
try
{
operationResult = dal.excuteCommand(strQuery);
}
catch (UnauthorizedAccessException)
{
// unified return value that tells the user that he has no permission to write in this path
return(-1);
}
return(operationResult);
}
//change user password
public int changeUserPassword(string oldPassword, string newPassword)
{
bool validUser = false;
int result = login(Controllers.CLS_RuntimeInfo.getInstance.username, oldPassword);
if (result == 1)
{
validUser = true;
}
if (!validUser)
{
return(-2);
}
newPassword = GetHashString(newPassword);
SqlParameter[] param = new SqlParameter[2];
param[0] = new SqlParameter("@user_id", SqlDbType.Int);
param[0].Value = Controllers.CLS_RuntimeInfo.getInstance.userID;
param[1] = new SqlParameter("@new_passwd", SqlDbType.VarChar, 40);
param[1].Value = newPassword;
if (dal.excuteCommand("sp_change_password", param) == 1)
{
return(0);
}
return(-3); // will never be reached
}
/// <summary>
/// receive the params (add product form) and insert them into the DB
/// </summary>
/// <param name="productName"> name of the product, string max:200 charracter</param>
/// <param name="alertQnt"> alert when the quantity goes uner xxx , type : int</param>
/// <param name="notes">notes or short description, max 200 characters. string</param>
/// <param name="suppId"></param>
/// <param name="catId"></param>
/// <param name="msrUntId"></param>
/// <param name="unitImg"></param>
/// <returns>
/// returns the the number of rows affected. to check whether it did what it has to to do or not
/// </returns>
public int addProduct(string productName, int alertQnt, string notes, int suppId, int catId, int msrUntId, byte[] unitImg)
{
SqlParameter[] param = new SqlParameter[7];
param[0] = new SqlParameter("@prod_name", SqlDbType.VarChar, 200);
param[0].Value = productName;
param[1] = new SqlParameter("@alert_quantity", SqlDbType.Int);
param[1].Value = alertQnt;
param[2] = new SqlParameter("@notes", SqlDbType.VarChar, 200);
param[2].Value = notes;
param[3] = new SqlParameter("@supplier_id", SqlDbType.Int);
param[3].Value = suppId;
param[4] = new SqlParameter("@cat_id", SqlDbType.Int);
param[4].Value = catId;
param[5] = new SqlParameter("@msr_unt_id", SqlDbType.Int);
param[5].Value = msrUntId;
param[6] = new SqlParameter("@prod_img", SqlDbType.Image);
param[6].Value = unitImg;
// returns the the number of rows affected.
return(dal.excuteCommand("add_product", param));
}