using System; using System.Collections.Generic; using System.Data.SqlClient; using Tanshu.Accounts.Contracts; using Tanshu.Data.DAO; using Tanshu.Accounts.DAOFactory; namespace Tanshu.Accounts.SqlDAO { public class UserDAO : BaseDAO, IUserDAO { public UserDAO(IConnectionDAO connection) : base(connection) { } public UserBO GetUser(Guid userID) { SqlCommand cmd = new SqlCommand("SELECT * FROM Auth_Users WHERE UserID = @UserID"); cmd.Parameters.AddWithValue("@UserID", userID); return BusinessObjectDAO.GetBusinessObject(connection.ExecuteReader(cmd)); } public List GetUsers() { return BusinessObjectDAO.GetBusinessObjects(connection.ExecuteReader("SELECT * FROM Auth_Users")); } public List GetFilteredUsers(Dictionary filter) { string name = string.Format("%{0}%", filter["Name"]); using (SqlCommand cmd = new SqlCommand("SELECT * FROM Auth_Users WHERE Name LIKE @Name ORDER BY Name")) { cmd.Parameters.AddWithValue("@Name", name); return BusinessObjectDAO.GetBusinessObjects(connection.ExecuteReader(cmd)); } } public bool UserExists(string userName) { using (SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM Auth_Users WHERE Name = @Name")) { cmd.Parameters.AddWithValue("@Name", userName); return (int)connection.ExecuteScalar(cmd) == 1; } } public bool Insert(UserBO user) { using (SqlCommand cmd = new SqlCommand(@" SELECT @UserID = NEWID() INSERT INTO Auth_Users (UserID, Name, Password, LockedOut) VALUES (@UserID, @Name, @Password, @LockedOut) SELECT @timestamp = timestamp FROM Auth_Users WHERE UserID = @UserID ")) { cmd.Parameters.Add("@UserID", System.Data.SqlDbType.UniqueIdentifier); cmd.Parameters["@UserID"].Direction = System.Data.ParameterDirection.Output; cmd.Parameters.AddWithValue("@Name", user.Name); cmd.Parameters.AddWithValue("@Password", user.Password); cmd.Parameters.AddWithValue("@LockedOut", user.LockedOut); cmd.Parameters.Add("@timestamp", System.Data.SqlDbType.Timestamp); cmd.Parameters["@timestamp"].Direction = System.Data.ParameterDirection.Output; connection.ExecuteNonQuery(cmd); user.UserID = (Guid)cmd.Parameters["@UserID"].Value; user.timestamp = (byte[])cmd.Parameters["@timestamp"].Value; return true; } } //public bool CheckPassword(string userName, string password) //{ // using (SqlCommand cmd = new SqlCommand("SELECT Count(*) FROM Auth_Users WHERE Name = @Name AND Password = @Password")) // { // cmd.Parameters.AddWithValue("@Name", userName); // cmd.Parameters.AddWithValue("@Password", password); // return (int)connection.ExecuteScalar(cmd) == 1; // } //} public bool ChangePassword(UserBO userData, string newPassword) { using (SqlCommand cmd = new SqlCommand("UPDATE Auth_Users SET Password = @NewPassword WHERE Name = @Name AND Password = @Password; SELECT @@rowcount")) { cmd.Parameters.AddWithValue("@Name", userData.Name); cmd.Parameters.AddWithValue("@Password", userData.Password); cmd.Parameters.AddWithValue("@NewPassword", newPassword); return (int)connection.ExecuteScalar(cmd) == 1; } } public bool Update(UserBO user) { using (SqlCommand cmd = new SqlCommand(@" UPDATE Auth_Users SET Name = @Name, Password = @Password, LockedOut = @LockedOut WHERE UserID = @UserID; SELECT @timestamp = timestamp FROM Auth_Users WHERE UserID = @UserID ")) { cmd.Parameters.AddWithValue("@UserID", user.UserID); cmd.Parameters.AddWithValue("@Name", user.Name); cmd.Parameters.AddWithValue("@Password", user.Password); cmd.Parameters.AddWithValue("@LockedOut", user.LockedOut); cmd.Parameters.Add("@timestamp", System.Data.SqlDbType.Timestamp); cmd.Parameters["@timestamp"].Direction = System.Data.ParameterDirection.Output; connection.ExecuteNonQuery(cmd); user.timestamp = (byte[])cmd.Parameters["@timestamp"].Value; return true; } } public bool Delete(Guid userID) { using (SqlCommand cmd = new SqlCommand("DELETE FROM Auth_Users WHERE UserID = @UserID")) { cmd.Parameters.AddWithValue("@UserID", userID); connection.ExecuteNonQuery(cmd); return true; } } } } //private static log4net.ILog log //= log4net.LogManager.GetLogger( // System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);