API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 12th, 2017
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.82 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Threading.Tasks;
  6. using MySql.Data.MySqlClient;
  7.  
  8. namespace WcfServiceLibrary1
  9. {
  10. class DBConnect
  11. {
  12.  
  13. public static DBConnect DB_INSTANCE = new DBConnect("localhost", "webwinkel", "root", "");
  14.  
  15. private MySqlConnection connection;
  16. private string server;
  17. private string database;
  18. private string uid;
  19. private string password;
  20.  
  21. //Constructor
  22. public DBConnect(string server, string database, string uid, string password)
  23. {
  24. this.server = server;
  25. this.database = database;
  26. this.uid = uid;
  27. this.password = password;
  28. connection = new MySqlConnection("SERVER=" + server + ";" + "DATABASE=" +
  29. database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";");
  30. }
  31.  
  32.  
  33. //Obsolete
  34. /*//Initialize values
  35. private void Initialize()
  36. {
  37. server = "localhost";
  38. database = "webwinkel";
  39. uid = "root";
  40. password = "";
  41. string connectionString;
  42. connectionString = "SERVER=" + server + ";" + "DATABASE=" +
  43. database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
  44.  
  45. connection = new MySqlConnection(connectionString);
  46. }*/
  47.  
  48. //open connection to database
  49. private bool OpenConnection()
  50. {
  51. try
  52. {
  53. connection.Open();
  54. return true;
  55. }
  56. catch (MySqlException)
  57. {
  58. return false;
  59. }
  60. }
  61.  
  62. //Close connection
  63. private bool CloseConnection()
  64. {
  65. try
  66. {
  67. connection.Close();
  68. return true;
  69. }
  70. catch (MySqlException)
  71. {
  72. return false;
  73. }
  74. }
  75.  
  76.  
  77. /*
  78. TO DO
  79. BuyService(username, user_money, item) -> Get user_id by name(possible), Check store amount, check balance of user by user_id(possible), check price of product, add to inventory if balance high enough, refresh.
  80. */
  81.  
  82. //if this one is called, also call the refresh and GetUserInventoryServices to reset both fields
  83. public bool BuyItem(string username, string item_name)//need testing
  84. {
  85. int item_id = GetItemId(item_name);
  86. float user_balance = UserBalance(username);
  87. float item_price = GetItemPrice(item_name);
  88. int item_amount = GetItemAmountInStore(item_id);
  89. int user_id = GetUserID(username);
  90. int inventory_id = GetInventoryID(user_id);
  91. bool itemInInventory = IsItemInInventory(item_id, inventory_id);
  92. int item_amountInventory = ItemAmountInInventory(item_id, inventory_id);
  93. //check if inventory item is already existant. If true amount +1, If false new Row with item.
  94.  
  95. if (item_amount > 0)//Is the item sold out?
  96. {
  97. Console.WriteLine(item_price <= user_balance);
  98. if (item_price <= user_balance)//Can the user pay for the item?
  99. {
  100. int new_item_amount = item_amount - 1;
  101. float new_user_balance = user_balance - item_price;
  102. SetNewStoreAmount(item_id, new_item_amount);//Sets new item amount in store
  103. SetNewUserBalance(user_id, new_user_balance);//Sets new userbalance
  104.  
  105. if (OpenConnection())
  106. {
  107. if (itemInInventory)//Item is already in the inventory, amount + 1
  108. {
  109. int new_item_inventory_amount = item_amountInventory + 1;
  110. MySqlCommand cmd = connection.CreateCommand();
  111. cmd.CommandText = "UPDATE inventory_item SET amount = @amount WHERE item_id = @id AND inventory_id=@inv_id"; // Voorkomt SQL injectie!!!!
  112. cmd.Parameters.AddWithValue("@amount", new_item_inventory_amount);
  113. cmd.Parameters.AddWithValue("@id", item_id);
  114. cmd.Parameters.AddWithValue("@inv_id", inventory_id);
  115. cmd.ExecuteNonQuery();//Execute query
  116. CloseConnection();
  117. }
  118.  
  119. else//Item is not in the inventory
  120. {
  121. MySqlCommand cmd = connection.CreateCommand();
  122. cmd.CommandText = "INSERT INTO inventory_item(amount,inventory_id,item_id) VALUES(1,@inv_id,@item_id)"; // Voorkomt SQL injectie!!!!
  123. cmd.Parameters.AddWithValue("@inv_id", inventory_id);
  124. cmd.Parameters.AddWithValue("@item_id", item_id);
  125. cmd.ExecuteNonQuery();//Execute query
  126. CloseConnection();
  127. }
  128. }
  129. return true;
  130. }
  131. else
  132. {
  133. return false;
  134. }
  135. }
  136. else
  137. {
  138. return false;
  139. }
  140.  
  141. }
  142.  
  143.  
  144. public int GetInventoryID(int user_id)//tested
  145. {
  146. int inventory_id = 0;
  147. if (OpenConnection())
  148. {
  149. MySqlCommand cmd = connection.CreateCommand();
  150. cmd.CommandText = "SELECT id FROM inventory WHERE user_id = @id "; // Voorkomt SQL injectie!!!!
  151. cmd.Parameters.AddWithValue("@id", user_id);
  152. MySqlDataReader reader = cmd.ExecuteReader();
  153. while (reader.Read())
  154. {
  155. inventory_id = (int)reader["id"];
  156. }
  157. CloseConnection();
  158. }
  159. return inventory_id;
  160. }
  161.  
  162. public bool IsItemInInventory(int item_id, int inventory_id)//tested
  163. {
  164. bool inInventory = false;
  165. if (OpenConnection())
  166. {
  167. MySqlCommand cmd = connection.CreateCommand();
  168. cmd.CommandText = "SELECT * FROM inventory_item WHERE inventory_id = @inv_id AND item_id = @it_id";
  169. cmd.Parameters.AddWithValue("@inv_id", inventory_id);
  170. cmd.Parameters.AddWithValue("@it_id", item_id);
  171. MySqlDataReader reader = cmd.ExecuteReader();
  172. while (reader.Read())
  173. {
  174. inInventory = true;
  175. }
  176. CloseConnection();
  177. }
  178. return inInventory;
  179.  
  180. }
  181.  
  182.  
  183. public int ItemAmountInInventory(int item_id, int inventory_id)//Tested
  184. {
  185. int inInventory = 0;
  186. if (OpenConnection())
  187. {
  188. MySqlCommand cmd = connection.CreateCommand();
  189. cmd.CommandText = "SELECT amount FROM inventory_item WHERE inventory_id = @inv_id AND item_id = @it_id";
  190. cmd.Parameters.AddWithValue("@inv_id", inventory_id);
  191. cmd.Parameters.AddWithValue("@it_id", item_id);
  192. MySqlDataReader reader = cmd.ExecuteReader();
  193. while (reader.Read())
  194. {
  195. inInventory = (int)reader["amount"];
  196. }
  197. CloseConnection();
  198. }
  199. return inInventory;
  200.  
  201. }
  202.  
  203. public void SetNewStoreAmount(int item_id, int amount)//tested
  204. {
  205. if (OpenConnection())
  206. {
  207. //Creates user
  208. MySqlCommand cmd = connection.CreateCommand();
  209. cmd.CommandText = "UPDATE shop SET item_amount = @amount WHERE item_id = @id "; // Voorkomt SQL injectie!!!!
  210. cmd.Parameters.AddWithValue("@amount", amount);
  211. cmd.Parameters.AddWithValue("@id", item_id);
  212. cmd.ExecuteNonQuery();//Execute query
  213. CloseConnection();
  214. }
  215.  
  216. }
  217.  
  218.  
  219. public void SetNewUserBalance(int user_id, float balance)//tested
  220. {
  221. if (OpenConnection())
  222. {
  223. //Creates user
  224. MySqlCommand cmd = connection.CreateCommand();
  225. cmd.CommandText = "UPDATE user SET balance = @amount WHERE id = @id "; // Voorkomt SQL injectie!!!!
  226. cmd.Parameters.AddWithValue("@amount", balance);
  227. cmd.Parameters.AddWithValue("@id", user_id);
  228. cmd.ExecuteNonQuery();//Execute query
  229. CloseConnection();
  230. }
  231.  
  232. }
  233.  
  234.  
  235. public float GetItemPrice(string item_name)//tested
  236. {
  237. float itemPrice = 0;
  238. if (OpenConnection())
  239. {
  240. MySqlCommand cmd = connection.CreateCommand();
  241. cmd.CommandText = "SELECT price FROM item WHERE item_name = @name";
  242. cmd.Parameters.AddWithValue("@name", item_name);
  243. MySqlDataReader reader = cmd.ExecuteReader();
  244. while (reader.Read())
  245. {
  246. itemPrice = (float)reader["price"];
  247. }
  248. CloseConnection();
  249. }
  250. return itemPrice;
  251. }
  252.  
  253.  
  254. public int GetItemAmountInStore(int item_id)//tested
  255. {
  256. int itemAmount = 0;
  257. if (OpenConnection())
  258. {
  259. MySqlCommand cmd = connection.CreateCommand();
  260. cmd.CommandText = "SELECT item_amount FROM shop WHERE item_id = @id";
  261. cmd.Parameters.AddWithValue("@id", item_id);
  262. MySqlDataReader reader = cmd.ExecuteReader();
  263. while (reader.Read())
  264. {
  265. itemAmount = (int)reader["item_amount"];
  266. }
  267. CloseConnection();
  268. }
  269. return itemAmount;
  270. }
  271.  
  272. public int GetItemId(string item_name)//tested
  273. {
  274. int itemId = 0;
  275. if (OpenConnection())
  276. {
  277. MySqlCommand cmd = connection.CreateCommand();
  278. cmd.CommandText = "SELECT id FROM item WHERE item_name = @name";
  279. cmd.Parameters.AddWithValue("@name", item_name);
  280. MySqlDataReader reader = cmd.ExecuteReader();
  281. while (reader.Read())
  282. {
  283. itemId = (int)reader["id"];
  284. }
  285. CloseConnection();
  286. }
  287. return itemId;
  288. }
  289.  
  290. public int GetUserID(string username)//Returns ID from certain username -- tested
  291. {
  292. int user_id = 0;
  293.  
  294. if (OpenConnection())
  295. {
  296. MySqlCommand cmd = connection.CreateCommand();
  297. cmd.CommandText = "SELECT id FROM user WHERE username = @name"; // Voorkomt SQL injectie!!!!
  298. cmd.Parameters.AddWithValue("@name", username);
  299. MySqlDataReader reader = cmd.ExecuteReader();
  300. while (reader.Read())
  301. {
  302. user_id = (int)reader["id"];
  303. }
  304. CloseConnection();
  305.  
  306. }
  307.  
  308. return user_id;//filled up or empty if none found
  309.  
  310.  
  311. }
  312.  
  313. public void InsertNewUser(string username, string password)//Insert new user -- tested
  314. {
  315. if (OpenConnection())
  316. {
  317. //Creates user
  318. MySqlCommand cmd = connection.CreateCommand();
  319. cmd.CommandText = "INSERT INTO user(username, password, balance) VALUES(@name,@password,10) "; // Voorkomt SQL injectie!!!!
  320. cmd.Parameters.AddWithValue("@name", username);
  321. cmd.Parameters.AddWithValue("@password", password);
  322. cmd.ExecuteNonQuery();//Execute query
  323. CloseConnection();
  324.  
  325. InsertNewInventory(username);
  326.  
  327. }
  328. }
  329.  
  330. public void InsertNewInventory(string username)//tested
  331. {
  332. int user_id = GetUserID(username);
  333. if (OpenConnection())
  334. {
  335. //Makes inventory for user
  336. MySqlCommand inv = connection.CreateCommand();
  337. inv.CommandText = "INSERT INTO inventory(user_id) VALUES(@user_id) ";
  338. inv.Parameters.AddWithValue("@user_id", user_id);
  339. inv.ExecuteNonQuery();
  340. CloseConnection();
  341. }
  342. }
  343.  
  344.  
  345.  
  346. public List<Item> getStoreItems()//tested
  347. {
  348. List<Item> storeStock = new List<Item>();
  349. MySqlCommand cmd = connection.CreateCommand();
  350. cmd.CommandText = "SELECT shop.item_amount, item.item_name, item.price FROM shop INNER JOIN item ON shop.item_id=item.id WHERE shop.item_amount > 0 ";
  351. if (OpenConnection())
  352. {
  353. MySqlDataReader reader = cmd.ExecuteReader();
  354. while (reader.Read())
  355. {
  356. string itemname = reader["item_name"].ToString();
  357. int amount = (int)reader["item_amount"];
  358. float price = (float)reader["price"];
  359. storeStock.Add(new Item(itemname, amount, price));
  360. }
  361. CloseConnection();
  362.  
  363. }
  364.  
  365.  
  366. return storeStock;//filled up or empty if none found
  367.  
  368. }
  369.  
  370. public List<Item> getInventoryItems(int user_id)//Tested
  371. {
  372. List<Item> userInventory = new List<Item>();
  373. MySqlCommand cmd = connection.CreateCommand();
  374. cmd.CommandText = "SELECT item.item_name, inventory_item.amount from item, inventory_item " +
  375. "LEFT JOIN inventory ON inventory.id = inventory_item.inventory_id " +
  376. "LEFT JOIN user ON user.id = inventory.user_id " +
  377. "WHERE inventory.user_id = @user_id " +
  378. "AND item.id = inventory_item.item_id";
  379. cmd.Parameters.AddWithValue("@user_id", user_id);
  380. if (OpenConnection())
  381. {
  382. MySqlDataReader reader = cmd.ExecuteReader();
  383. while (reader.Read())
  384. {
  385. string itemname = reader["item_name"].ToString();
  386. int amount = (int)reader["amount"];
  387. userInventory.Add(new Item(itemname, amount));
  388. }
  389. CloseConnection();
  390.  
  391. }
  392.  
  393. return userInventory;//filled up or empty if none found
  394.  
  395. }
  396.  
  397. //UserExist statement
  398. public bool DoesUserExist(string username)//tested
  399. {
  400. MySqlCommand cmd = connection.CreateCommand();
  401. string user = null;
  402. cmd.CommandText = "SELECT username from user WHERE username = @name ";
  403. cmd.Parameters.AddWithValue("@name", username);
  404. if (OpenConnection())
  405. {
  406. MySqlDataReader reader = cmd.ExecuteReader();
  407. while (reader.Read())
  408. {
  409. user = reader["username"].ToString();
  410.  
  411. }
  412. CloseConnection();
  413.  
  414.  
  415. }
  416. return (user == null);
  417.  
  418. }
  419.  
  420. public bool PasswordCorrect(string username, string password)//tested
  421. {
  422. MySqlCommand cmd = connection.CreateCommand();
  423. cmd.CommandText = "SELECT password FROM user WHERE username = @name "; // Voorkomt SQL injectie!!!!
  424. cmd.Parameters.AddWithValue("@name", username);
  425. string db_password = null;
  426.  
  427. if (OpenConnection())
  428. {
  429. MySqlDataReader reader = cmd.ExecuteReader();
  430. while (reader.Read())
  431. {
  432. db_password = reader["password"].ToString();
  433. }
  434. CloseConnection();
  435.  
  436.  
  437.  
  438.  
  439. }
  440.  
  441. return (db_password.Equals(password));
  442. }
  443.  
  444. public float UserBalance(string username)//tested
  445. {
  446. MySqlCommand cmd = connection.CreateCommand();
  447. cmd.CommandText = "SELECT balance FROM user WHERE username = @name";
  448. cmd.Parameters.AddWithValue("@name", username);
  449. float balance = 0;
  450.  
  451. if (OpenConnection())
  452. {
  453. MySqlDataReader reader = cmd.ExecuteReader();
  454. while (reader.Read())
  455. {
  456. balance = (float)reader["balance"];
  457. }
  458. CloseConnection();
  459.  
  460.  
  461. }
  462.  
  463.  
  464. return balance;
  465.  
  466. }
  467. }
  468.  
  469. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!