public UserModel AuthenticateUser(UserModel user)
{
UserModel result = null;
using (SqlConnection con = new SqlConnection())
{
con.ConnectionString = _connString;
con.Open();
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = con;
cmd.CommandText = $"SELECT * FROM Users WHERE Username='******'";
SqlDataReader rd = cmd.ExecuteReader();
if (rd.Read())
{
result = new UserModel()
{
UserName = rd["Username"].ToString(),
EmailAddress = rd["Email"].ToString(),
Password = rd["Password"].ToString()
};
if (!PaasswordHashing.Verify(result.Password, user.Password))
{
result = null;
}
}
con.Close();
}
}
return(result);
}
public void AddUser(UserModel newUser)
{
using (SqlConnection con = new SqlConnection())
{
con.ConnectionString = _connString;
using (SqlCommand cmd = new SqlCommand())
{
con.Open();
cmd.Connection = con;
if (CheckIfUserExists(newUser.UserName, cmd))
{
throw new DuplicateNameException();
}
con.Close();
}
using (SqlCommand cmd = new SqlCommand())
{
con.Open();
cmd.Connection = con;
//TODO: add command lines for adding roles with new user
cmd.CommandText = "INSERT INTO Users (Username, Email, Password, FirstName, LastName)" +
$" VALUES ('{newUser.UserName}', '{newUser.EmailAddress}', '{PaasswordHashing.HashPassword(newUser.Password)}', '{newUser.FirstName}', '{newUser.LastName}')";
cmd.ExecuteNonQuery();
con.Close();
}
}
}
