public bool AddUser(User user, string userId)
{
Boolean retVal = false;
MySqlConnection con = new MySqlConnection(DbCon.connectionString);
MySqlCommand cmd;
ServiceObjectSecurity sos = new ServiceObjectSecurity();
string pass = sos.EncodePasswordMD5(user.Password);
string query = string.Format("INSERT INTO user(userId,userName,passwd,dateCreated,lastModified,usertype)" +
"VALUES('{0}','{1}','{2}','{3}','{4}','{5}')",
user.UserId, user.UserName, pass, user.DateCreated.ToString("yyyy-MM-dd HH:mm:ss"), user.LastModify.ToString("yyyy-MM-dd HH:mm:ss"), user.UserType);
try
{
con.Open();
cmd = new MySqlCommand(query, con);
new AuditLogService().AddAuditLog("ADD USER", userId, new UserService().GetUserName(userId), query, DateTime.Now);
int affecRow = cmd.ExecuteNonQuery();
if (affecRow > 0)
{
retVal = true;
}
}
catch (MySqlException ex)
{
new AuditLogService().AddAuditLog("ERROR ADD USER", userId, new UserService().GetUserName(userId), ex.Message, DateTime.Now);
string errorString = ex.Message;
}
catch (Exception ex)
{
new AuditLogService().AddAuditLog("ERROR ADD USER", userId, new UserService().GetUserName(userId), ex.Message, DateTime.Now);
string errorString = ex.Message;
}
finally
{
con.Close();
}
return(retVal);
}
public bool ChangePassword(User user, string userId)
{
Boolean retVal = false;
MySqlConnection con = new MySqlConnection(DbCon.connectionString);
MySqlCommand cmd;
ServiceObjectSecurity sos = new ServiceObjectSecurity();
string pass = sos.EncodePasswordMD5(user.Password);
string query = string.Format("UPDATE user SET passwd='{1}',lastModified='{2}' " +
" WHERE (userId='{0}')",
user.UserId, pass, user.LastModify.ToString("yyyy-MM-dd HH:mm:ss"));
try
{
con.Open();
cmd = new MySqlCommand(query, con);
new AuditLogService().AddAuditLog("CHANGE PASSWORD", userId, new UserService().GetUserName(userId), " Changed user password", DateTime.Now);
int affecRow = cmd.ExecuteNonQuery();
if (affecRow > 0)
{
retVal = true;
}
}
catch (MySqlException ex)
{
//new AuditLogService().AddAuditLog("ERROR UPDATE USER", userId, new UserService().GetUserName(userId), ex.Message, DateTime.Now);
string errorString = ex.Message;
}
catch (Exception ex)
{
//new AuditLogService().AddAuditLog("ERROR UPDATE USER", userId, new UserService().GetUserName(userId), ex.Message, DateTime.Now);
string errorString = ex.Message;
}
finally
{
con.Close();
}
return(retVal);
}
public Boolean ValidateLogin(User user)
{
MySqlConnection con = new MySqlConnection(DbCon.connectionString);
MySqlCommand cmd;
MySqlDataReader dr = null;
Boolean returnVal = false;
ServiceObjectSecurity sos = new ServiceObjectSecurity();
string pass = sos.EncodePasswordMD5(user.Password);
string seletQuery = string.Format("SELECT userName FROM user WHERE userName='******' AND passwd='{1}' AND active = 1", user.UserName, pass);
try
{
con.Open();
cmd = new MySqlCommand(seletQuery, con);
dr = cmd.ExecuteReader();
if (dr.HasRows)
{
returnVal = true;
}
}
catch (MySqlException ex)
{
new AuditLogService().AddAuditLog("LOGIN ATTEMPT", "0", user.UserName, ex.Message, DateTime.Now);
string errorString = ex.Message;
}
catch (Exception ex)
{
new AuditLogService().AddAuditLog("LOGIN ATTEMPT", "0", user.UserName, ex.Message, DateTime.Now);
string errorString = ex.Message;
}
finally
{
dr.Close();
con.Close();
}
return(returnVal);
}