BookLink/DatabaseHelper.cs at master · Xiang511/BookLink · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
using System;
using System.Data;
using System.Data.SqlClient;
using System.Windows.Forms;
using System.IO;
using System.Xml.Linq;
using System.Linq;

namespace Online_Ordering_System
{
    public class DatabaseHelper
    {


        private static string connectionString;

        static DatabaseHelper()
        {
            SqlConnectionStringBuilder scsb = new SqlConnectionStringBuilder();

            scsb.DataSource = @".";                 // 伺服器地址 ( . 代表本機)
            scsb.InitialCatalog = "OnlineOrderingSystem";           // 資料庫名稱
            scsb.IntegratedSecurity = true;         // 使用 Windows 驗證

            // 若要使用 SQL Server 驗證，則設為 false 並提供帳密：
            // scsb.IntegratedSecurity = false;
            // scsb.UserID = "your_id";
            // scsb.Password = "your_password";

            connectionString = scsb.ConnectionString;
        }

        // 提供一個公開方法來獲取連線對象
        public static SqlConnection GetConnection()
        {
            return new SqlConnection(connectionString);
        }

        //------------------------------------------------Login start----------------------------------------------

        /// <summary>
        /// 驗證使用者登入
        /// </summary>
        public static bool ValidateUser(string username, string password)
        {
            try
            {
                using (SqlConnection conn = GetConnection())
                {
                    conn.Open();
                    string query = "SELECT * FROM [User] WHERE username = @Username AND password = @Password";

                    using (SqlCommand cmd = new SqlCommand(query, conn))
                    {
                        cmd.Parameters.AddWithValue("@Username", username);
                        cmd.Parameters.AddWithValue("@Password", password);

                        SqlDataReader reader = cmd.ExecuteReader();

                        if (reader.Read())
                        {
                            // 驗證成功，設定全域變數
                            UserProfile.Username = username;
                            UserProfile.Role = (int)reader["Role"];
                            if(UserProfile.Role == 3)
                            {
                                MessageBox.Show("此帳號已被停用，請聯絡管理員。", "帳號停用",
                                    MessageBoxButtons.OK, MessageBoxIcon.Warning);
                                reader.Close();
                                return false;
                            }
                            if (UserProfile.Role == 4)
                            {
                                MessageBox.Show("帳號審核中，請耐心等待。", "審核中",
                                    MessageBoxButtons.OK, MessageBoxIcon.Warning);
                                reader.Close();
                                return false;
                            }
                            return true;
                        }

                        return false;
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("登入驗證錯誤：" + ex.Message, "錯誤",
                    MessageBoxButtons.OK, MessageBoxIcon.Error);
                return false;
            }
        }


        /// <summary>
        /// 檢查使用者名稱是否已存在
        /// </summary>
        public static bool UserExists(string username)
        {
            try
            {
                using (SqlConnection conn = GetConnection())
                {
                    conn.Open();
                    string query = "SELECT COUNT(*) FROM [User] WHERE Username = @Username";

                    using (SqlCommand cmd = new SqlCommand(query, conn))
                    {
                        cmd.Parameters.AddWithValue("@Username", username);
                        int count = (int)cmd.ExecuteScalar();
                        return count > 0;
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("檢查使用者失敗：" + ex.Message, "錯誤",
                    MessageBoxButtons.OK, MessageBoxIcon.Error);
                return false;
            }
        }
        public static bool EmailExists(string email)
        {
            try
            {
                using (SqlConnection conn = GetConnection())
                {
                    conn.Open();
                    string query = "SELECT COUNT(*) FROM [User] WHERE Email = @Email";

                    using (SqlCommand cmd = new SqlCommand(query, conn))
                    {
                        cmd.Parameters.AddWithValue("@Email", email);
                        int count = (int)cmd.ExecuteScalar();
                        return count > 0;
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("檢查email失敗：" + ex.Message, "錯誤",
                    MessageBoxButtons.OK, MessageBoxIcon.Error);
                return false;
            }
        }

        /// <summary>
        /// 註冊新使用者
        /// </summary>
        public static bool RegisterUser(string username, string password, string email = "")
        {
            try
            {


                using (SqlConnection conn = GetConnection())
                {
                    conn.Open();
                    string query = "INSERT INTO [User] (username, password, email, createdate,role) VALUES (@Username, @Password, @Email, @CreatedDate,@role)";

                    using (SqlCommand cmd = new SqlCommand(query, conn))
                    {
                        cmd.Parameters.AddWithValue("@Username", username);
                        cmd.Parameters.AddWithValue("@Password", password);
                        cmd.Parameters.AddWithValue("@Email", email);
                        cmd.Parameters.AddWithValue("@CreatedDate", DateTime.Now);
                        cmd.Parameters.AddWithValue("@role", 2);

                        int rows = cmd.ExecuteNonQuery();
                        return rows > 0;
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("註冊失敗：" + ex.Message, "錯誤",
                    MessageBoxButtons.OK, MessageBoxIcon.Error);
                return false;
            }
        }
        //------------------------------------------------Login end----------------------------------------------

        //------------------------------------------------Profile start----------------------------------------------
        public static void clearUserProfile()
        {
            UserProfile.UserId = 0;
            UserProfile.Username = null;
            UserProfile.Email = null;
            UserProfile.Password = null;
            UserProfile.Phone = null;
            //UserProfile.Photo = null;
            UserProfile.Role = 0;
            UserProfile.CreatedDate = DateTime.MinValue;
        }

        public static void GetUserProfile()
        {
            try
            {
                using (SqlConnection conn = GetConnection())
                {
                    conn.Open();
                    string query = "SELECT * FROM [User] WHERE username = @Username";
                    using (SqlCommand cmd = new SqlCommand(query, conn))
                    {
                        cmd.Parameters.AddWithValue("@Username", UserProfile.Username);
                        using (SqlDataReader reader = cmd.ExecuteReader())
                        {
                            if (reader.Read())
                            {
                                UserProfile.UserId = (int)reader["userid"];
                                UserProfile.Email = (string)reader["email"];
                                UserProfile.Password = (string)reader["password"];
                                UserProfile.CreatedDate = (DateTime)reader["createdate"];
                                UserProfile.Role = (int)reader["role"];
                                UserProfile.Phone = reader["phone"] == DBNull.Value ? "" : (string)reader["phone"];
                                UserProfile.Photo = reader["photo"] == DBNull.Value ? "" : (string)reader["photo"];
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show("取得使用者資料失敗：" + ex.Message, "錯誤",
                    MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }
    }
}