1 |
|
/* |
2 |
|
* Primary developers: Hedin & Kevin |
3 |
|
*/ |
4 |
|
|
5 |
#include "StdAfx.h" |
#include "StdAfx.h" |
6 |
#include ".\databaselayer.h" |
#include ".\databaselayer.h" |
7 |
|
|
8 |
|
|
9 |
DatabaseLayer::DatabaseLayer(void) |
DatabaseLayer::DatabaseLayer(void) |
10 |
{ |
{ |
11 |
db.OpenEx("ODBC; Description=; DRIVER=SQL Server; SERVER=TK-Teacher; UID=GroupTwo; PWD=toog30"); |
db.OpenEx("ODBC; Description=; DRIVER=SQL Server; SERVER=TK-Teacher; UID=GroupTwo; PWD=toog30", CDatabase::noOdbcDialog); |
12 |
db.ExecuteSQL("USE GroupTwo"); |
db.ExecuteSQL("USE GroupTwo"); |
13 |
} |
} |
14 |
|
|
54 |
CString SQL; |
CString SQL; |
55 |
|
|
56 |
Person p; |
Person p; |
57 |
//FIX SQL INJECTION |
|
58 |
|
wantInits.Replace("'","\""); |
59 |
|
|
60 |
SQL = "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person WHERE (Initialer = '" + wantInits + "')"; |
SQL = "SELECT PersonID, Initialer, Navn, Admin, Pass FROM Person WHERE (Initialer = '" + wantInits + "')"; |
61 |
CRecordset rs(&db); |
CRecordset rs(&db); |
62 |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL); |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL); |
63 |
|
|
64 |
if(!rs.IsEOF() ) |
if(!rs.IsEOF() ) |
65 |
{ |
{ |
66 |
rs.GetFieldValue((short)0,id); |
rs.GetFieldValue((short)0,id); |
75 |
p.isadmin = (isadmin == "1"); |
p.isadmin = (isadmin == "1"); |
76 |
p.pass = pass; |
p.pass = pass; |
77 |
} |
} |
78 |
|
|
79 |
return p; |
return p; |
80 |
} |
} |
81 |
|
|
82 |
bool DatabaseLayer::AddPerson(Person NewPerson) |
bool DatabaseLayer::AddPerson(Person NewPerson) |
83 |
{ |
{ |
84 |
CString SQL; |
CString SQL; |
85 |
|
NewPerson.inits.Replace("'","\""); |
86 |
|
NewPerson.name.Replace("'","\""); |
87 |
|
NewPerson.pass.Replace("'","\""); |
88 |
SQL.Format("INSERT into Person(Initialer, Navn, Admin, Pass) VALUES('%s', '%s', '%d', '%s')",NewPerson.inits, NewPerson.name, NewPerson.isadmin, NewPerson.pass); |
SQL.Format("INSERT into Person(Initialer, Navn, Admin, Pass) VALUES('%s', '%s', '%d', '%s')",NewPerson.inits, NewPerson.name, NewPerson.isadmin, NewPerson.pass); |
89 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
90 |
return true; |
return true; |
93 |
bool DatabaseLayer::UpdatePerson(Person ChangePerson) |
bool DatabaseLayer::UpdatePerson(Person ChangePerson) |
94 |
{ |
{ |
95 |
CString SQL; |
CString SQL; |
96 |
|
ChangePerson.inits.Replace("'","\""); |
97 |
|
ChangePerson.name.Replace("'","\""); |
98 |
|
ChangePerson.pass.Replace("'","\""); |
99 |
|
ChangePerson.id.Replace("'","\""); |
100 |
SQL.Format("UPDATE Person SET Initialer = '%s', Navn = '%s', Pass = '%s', Admin = '%d' WHERE PersonID = '%s'", ChangePerson.inits, ChangePerson.name, ChangePerson.pass, ChangePerson.isadmin, ChangePerson.id); |
SQL.Format("UPDATE Person SET Initialer = '%s', Navn = '%s', Pass = '%s', Admin = '%d' WHERE PersonID = '%s'", ChangePerson.inits, ChangePerson.name, ChangePerson.pass, ChangePerson.isadmin, ChangePerson.id); |
101 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
102 |
return true; |
return true; |
105 |
bool DatabaseLayer::DeletePerson(Person RemovePerson) |
bool DatabaseLayer::DeletePerson(Person RemovePerson) |
106 |
{ |
{ |
107 |
CString SQL; |
CString SQL; |
108 |
|
RemovePerson.id.Replace("'","\""); |
109 |
SQL.Format("DELETE FROM Person WHERE PersonID = '%s'", RemovePerson.id); |
SQL.Format("DELETE FROM Person WHERE PersonID = '%s'", RemovePerson.id); |
110 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
111 |
return true; |
return true; |
114 |
bool DatabaseLayer::ReturnEquipment(CString barcode) |
bool DatabaseLayer::ReturnEquipment(CString barcode) |
115 |
{ |
{ |
116 |
CString SQL; |
CString SQL; |
117 |
|
barcode.Replace("'","\""); |
118 |
SQL.Format("UPDATE Udstyr SET Status = '3' WHERE Stregkode= '%s'", barcode); |
SQL.Format("UPDATE Udstyr SET Status = '3' WHERE Stregkode= '%s'", barcode); |
119 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
120 |
|
|
121 |
SQL.Format("UPDATE Udlån SET Afleveringsdato = Getdate() WHERE Stregkode= '%s' AND Afleveringsdato IS NULL ", barcode); |
SQL.Format("UPDATE Udlån SET Afleveringsdato = Getdate() WHERE Stregkode= '%s' AND Afleveringsdato IS NULL ", barcode); |
122 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
123 |
|
|
124 |
|
checkReservations(barcode); |
125 |
return true; |
return true; |
126 |
} |
} |
127 |
|
|
128 |
bool DatabaseLayer::CheckoutEquipment(Person CheckPersID, Equipment CheckEquip, int Numdays) |
bool DatabaseLayer::CheckoutEquipment(Person CheckPersID, Equipment CheckEquip, int Numdays) |
129 |
{ |
{ |
130 |
CString SQL; |
CString SQL; |
131 |
|
CheckEquip.barcode.Replace("'","\""); |
132 |
|
CheckPersID.id.Replace("'","\""); |
133 |
SQL.Format("UPDATE Udstyr SET Status = '1' WHERE Stregkode = '%s' ", CheckEquip.barcode); |
SQL.Format("UPDATE Udstyr SET Status = '1' WHERE Stregkode = '%s' ", CheckEquip.barcode); |
134 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
135 |
SQL.Format("INSERT INTO Udlån (PersonID, Stregkode, Startdato, Antaldage) VALUES( '%s','%s', GetDate(),'%d')", CheckPersID.id, CheckEquip.barcode, Numdays); |
SQL.Format("INSERT INTO Udlån (PersonID, Stregkode, Startdato, Antaldage) VALUES( '%s','%s', GetDate(),'%d')", CheckPersID.id, CheckEquip.barcode, Numdays); |
137 |
return true; |
return true; |
138 |
} |
} |
139 |
|
|
140 |
bool DatabaseLayer::EquipmentReservation(Person CheckPersID, Equipment CheckEquip, int Numdays) |
bool DatabaseLayer::EquipmentReservation(CString barcode, Person CheckPerson) |
141 |
{ |
{ |
142 |
CString SQL; |
CString SQL; |
143 |
SQL.Format("UPDATE Udstyr SET Status = '2' WHERE Stregkode = '%s' ", CheckEquip.barcode); |
CheckPerson.id.Replace("'","\""); |
144 |
db.ExecuteSQL(SQL); |
barcode.Replace("'","\""); |
145 |
SQL.Format("INSERT INTO Resevation (PersonID, Stregkode, Startdato, Antaldage) VALUES( '%s','%s', GetDate(),'%d')", CheckPersID.id, CheckEquip.barcode, Numdays); |
SQL.Format("INSERT INTO Resevation (PersonID, Stregkode, Startdato) VALUES( '%s','%s', GetDate())", CheckPerson.id, barcode); |
146 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
147 |
|
checkReservations(barcode); |
148 |
return true; |
return true; |
149 |
} |
} |
150 |
|
|
151 |
bool DatabaseLayer::UpdateEquipment(Equipment CheckEquip) |
bool DatabaseLayer::UpdateEquipment(Equipment CheckEquip) |
152 |
{ |
{ |
153 |
CString SQL; |
CString SQL; |
154 |
|
CheckEquip.name.Replace("'","\""); |
155 |
|
CheckEquip.description.Replace("'","\""); |
156 |
|
CheckEquip.placement.Replace("'","\""); |
157 |
|
CheckEquip.status.Replace("'","\""); |
158 |
|
CheckEquip.barcode.Replace("'","\""); |
159 |
SQL.Format("UPDATE Udstyr SET Navn = '%s', Beskrivelse = '%s', Placering = '%s', Status = '%s' WHERE Stregkode = '%s'", CheckEquip.name, CheckEquip.description, CheckEquip.placement, CheckEquip.status, CheckEquip.barcode); |
SQL.Format("UPDATE Udstyr SET Navn = '%s', Beskrivelse = '%s', Placering = '%s', Status = '%s' WHERE Stregkode = '%s'", CheckEquip.name, CheckEquip.description, CheckEquip.placement, CheckEquip.status, CheckEquip.barcode); |
160 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
161 |
return true; |
return true; |
164 |
bool DatabaseLayer::AddEquipment(Equipment AddEquip) |
bool DatabaseLayer::AddEquipment(Equipment AddEquip) |
165 |
{ |
{ |
166 |
CString SQL; |
CString SQL; |
167 |
|
AddEquip.barcode.Replace("'","\""); |
168 |
|
AddEquip.name.Replace("'","\""); |
169 |
|
AddEquip.description.Replace("'","\""); |
170 |
|
AddEquip.placement.Replace("'","\""); |
171 |
SQL.Format("INSERT into Udstyr(Stregkode, Navn, Beskrivelse, Placering, Status) VALUES('%s', '%s', '%s', '%s', '%s')",AddEquip.barcode, AddEquip.name, AddEquip.description, AddEquip.placement, "3"); |
SQL.Format("INSERT into Udstyr(Stregkode, Navn, Beskrivelse, Placering, Status) VALUES('%s', '%s', '%s', '%s', '%s')",AddEquip.barcode, AddEquip.name, AddEquip.description, AddEquip.placement, "3"); |
172 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
173 |
return true; |
return true; |
209 |
|
|
210 |
CString SQL; |
CString SQL; |
211 |
|
|
212 |
|
wantBarcode.Replace("'","\""); |
213 |
|
|
214 |
Equipment e; |
Equipment e; |
215 |
|
|
216 |
SQL.Format("SELECT Stregkode,Navn,Udstyr.Beskrivelse,Placering,Status.Beskrivelse FROM Udstyr INNER JOIN Status ON Udstyr.Status = Status.StatusID Where (Stregkode = '%s')", wantBarcode); |
SQL.Format("SELECT Stregkode,Navn,Udstyr.Beskrivelse,Placering,Status.Beskrivelse FROM Udstyr INNER JOIN Status ON Udstyr.Status = Status.StatusID Where (Stregkode = '%s')", wantBarcode); |
237 |
bool DatabaseLayer::DeleteEquipment(Equipment DelEquip) |
bool DatabaseLayer::DeleteEquipment(Equipment DelEquip) |
238 |
{ |
{ |
239 |
CString SQL; |
CString SQL; |
240 |
|
DelEquip.barcode.Replace("'","\""); |
241 |
SQL.Format("DELETE FROM Udstyr WHERE Stregkode = '%s'", DelEquip.barcode); |
SQL.Format("DELETE FROM Udstyr WHERE Stregkode = '%s'", DelEquip.barcode); |
242 |
db.ExecuteSQL(SQL); |
db.ExecuteSQL(SQL); |
243 |
return true; |
return true; |
249 |
{ |
{ |
250 |
vector<Equipment> buffer; |
vector<Equipment> buffer; |
251 |
|
|
252 |
|
barcode.Replace("'","\""); |
253 |
|
name.Replace("'","\""); |
254 |
|
inits.Replace("'","\""); |
255 |
|
|
256 |
|
//here are the wanted equipments found through 3 seperate queries - I could also |
257 |
|
//find them all in one query where I joined the 3 selects via a UNION |
258 |
CString SQL; |
CString SQL; |
259 |
if (available == true) { |
if (available == true) { |
260 |
SQL = "SELECT DISTINCT Udstyr.stregkode,Udstyr.Navn,Udstyr.Beskrivelse,Udstyr.Placering,Status.Beskrivelse \ |
SQL = "SELECT DISTINCT Udstyr.stregkode,Udstyr.Navn,Udstyr.Beskrivelse,Udstyr.Placering,Status.Beskrivelse \ |
277 |
INNER JOIN Status ON Udstyr.status = Status.StatusID \r\n\ |
INNER JOIN Status ON Udstyr.status = Status.StatusID \r\n\ |
278 |
INNER JOIN Resevation ON Udstyr.Stregkode = Resevation.stregkode \r\n\ |
INNER JOIN Resevation ON Udstyr.Stregkode = Resevation.stregkode \r\n\ |
279 |
INNER JOIN Person ON Resevation.PersonID = Person.PersonID\r\n\ |
INNER JOIN Person ON Resevation.PersonID = Person.PersonID\r\n\ |
280 |
WHERE Udstyr.Status = 2 "; |
WHERE ( Udstyr.Status = 2 OR Person.Initialer = '" + inits + "') "; |
281 |
if (barcode != "") |
if (barcode != "") |
282 |
SQL += " AND Udstyr.stregkode = '" + barcode + "' "; |
SQL += " AND Udstyr.stregkode = '" + barcode + "' "; |
283 |
if (name != "") |
if (name != "") |
284 |
SQL += " AND Udstyr.Navn LIKE '%" + name + "%' "; |
SQL += " AND Udstyr.Navn LIKE '%" + name + "%' "; |
285 |
if (inits != "") |
//if (inits != "") |
286 |
SQL += " AND Person.Initialer = '" + inits + "' "; |
// SQL += " AND Person.Initialer = '" + inits + "' "; |
287 |
|
|
288 |
CRecordset rs(&db); |
CRecordset rs(&db); |
289 |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL); |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL); |
313 |
rs.Close(); |
rs.Close(); |
314 |
} |
} |
315 |
|
|
316 |
|
// now I have the equipment rows the user asked for, now I need some more checkout and |
317 |
|
// reservation data for each piece of equipment |
318 |
|
|
319 |
for (int i=0; i<buffer.size(); i++) { |
for (int i=0; i<buffer.size(); i++) { |
320 |
//fill Equipment::checkouts |
//fill Equipment::checkouts |
321 |
|
|
322 |
SQL = "SELECT Udlån.StartDato, Udlån.Afleveringsdato,Udlån.Antaldage, Person.Initialer\ |
SQL = "SELECT TOP 10 Udlån.StartDato, Udlån.Afleveringsdato,Udlån.Antaldage, Person.Initialer\ |
323 |
FROM Udlån\ |
FROM Udlån\ |
324 |
INNER JOIN Person ON Udlån.PersonID = Person.PersonID "; |
INNER JOIN Person ON Udlån.PersonID = Person.PersonID "; |
325 |
SQL += "WHERE Udlån.Stregkode = " + buffer[i].barcode + " ORDER BY STARTDATO ASC"; |
SQL += "WHERE Udlån.Stregkode = " + buffer[i].barcode + " ORDER BY STARTDATO DESC"; |
326 |
CRecordset rs(&db); |
CRecordset rs(&db); |
327 |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL); |
rs.Open(AFX_DB_USE_DEFAULT_TYPE, SQL); |
328 |
if (rs.GetRecordCount()>0) { |
if (rs.GetRecordCount()>0) { |
341 |
rs.Close(); |
rs.Close(); |
342 |
|
|
343 |
// fill Equipment::reservations |
// fill Equipment::reservations |
344 |
SQL = "SELECT Resevation.StartDato, Resevation.Antaldage, Person.Initialer\ |
SQL = "SELECT Resevation.ResevationID, Resevation.StartDato, Person.Initialer\ |
345 |
FROM Resevation\ |
FROM Resevation\ |
346 |
INNER JOIN Person ON Resevation.PersonID = Person.PersonID "; |
INNER JOIN Person ON Resevation.PersonID = Person.PersonID "; |
347 |
SQL += "WHERE Resevation.Stregkode = " + buffer[i].barcode + " ORDER BY STARTDATO ASC"; |
SQL += "WHERE Resevation.Stregkode = " + buffer[i].barcode + " ORDER BY STARTDATO ASC"; |
351 |
rs.MoveFirst(); |
rs.MoveFirst(); |
352 |
while ( !rs.IsEOF() ) { |
while ( !rs.IsEOF() ) { |
353 |
Reservation res; |
Reservation res; |
354 |
rs.GetFieldValue((short)0, res.startdate); |
rs.GetFieldValue((short)0, res.reservationID); |
355 |
rs.GetFieldValue(1, res.numdays); |
rs.GetFieldValue(1, res.startdate); |
356 |
rs.GetFieldValue(2, res.inits); |
rs.GetFieldValue(2, res.inits); |
357 |
|
|
358 |
buffer[i].reservations.push_back(res); |
buffer[i].reservations.push_back(res); |
385 |
} |
} |
386 |
} |
} |
387 |
} |
} |
388 |
|
//Developed by Torben H. Nielsen |
389 |
|
void DatabaseLayer::checkReservations(CString barcode) |
390 |
|
{ |
391 |
|
CString scount,status; |
392 |
|
barcode.Replace("'","\""); |
393 |
|
CString SQL = "SELECT count(*) FROM Resevation WHERE Resevation.Stregkode = '" + barcode + "'"; |
394 |
|
CRecordset rs(&db); |
395 |
|
rs.Open(AFX_DB_USE_DEFAULT_TYPE,SQL); |
396 |
|
rs.MoveFirst(); |
397 |
|
rs.GetFieldValue((short)0,scount); |
398 |
|
int reservationCount = atoi(scount); |
399 |
|
rs.Close(); |
400 |
|
|
401 |
|
SQL = "SELECT status FROM Udstyr WHERE Udstyr.Stregkode = '" + barcode + "'"; |
402 |
|
rs.Open(AFX_DB_USE_DEFAULT_TYPE,SQL); |
403 |
|
if (rs.GetRecordCount() >0) { |
404 |
|
rs.MoveFirst(); |
405 |
|
rs.GetFieldValue((short)0,status); |
406 |
|
} |
407 |
|
rs.Close(); |
408 |
|
|
409 |
|
if (reservationCount > 0 && status == "3") {//equipment is available and has at lease one reservation |
410 |
|
SQL = "UPDATE Udstyr SET Status = 2 WHERE Stregkode = '" + barcode + "'"; |
411 |
|
db.ExecuteSQL(SQL); |
412 |
|
} |
413 |
|
} |
414 |
|
|
415 |
|
//Developed by Torben H. Nielsen |
416 |
|
bool DatabaseLayer::DeleteReservation(CString barcode, CString resid) |
417 |
|
{ |
418 |
|
barcode.Replace("'","\""); |
419 |
|
resid.Replace("'","\""); |
420 |
|
CString SQL = "DELETE FROM Resevation WHERE resevationid = " + resid; |
421 |
|
db.ExecuteSQL(SQL); |
422 |
|
checkReservations(barcode); |
423 |
|
return true; |
424 |
|
} |
425 |
|
|