public LoginResp Login(LoginRequestDto loginRequest)
{
using (var client = new SqlConnection(connString))
using (var com = new SqlCommand())
{
com.CommandText = "select * from Salt where saltID=@id";
com.Parameters.AddWithValue("id", 1);
client.Open();
com.Connection = client;
var dr = com.ExecuteReader();
dr.Read();
var saltc = dr["salt"].ToString();
loginRequest.password = PasswordGenerator.Create(loginRequest.password, saltc);
com.CommandText = "select * from student where Indexnumber=@index and password=@pass";
com.Parameters.AddWithValue("pass", loginRequest.password);
com.Parameters.AddWithValue("index", loginRequest.login);
dr.Close();
var dr2 = com.ExecuteReader();
if (!dr2.Read())
{
return(null);
}
var response = new LoginResp();
response.login = dr2["IndexNumber"].ToString();
response.name = dr2["LastName"].ToString();
return(response);
}
}
public LoginResponse Login(LoginRequest loginRequest)
{
using (var client = new SqlConnection("Data Source=db-mssql.pjwstk.edu.pl;Initial Catalog=2019SBD;Integrated Security=True"))
using (var com = new SqlCommand())
{
com.CommandText = "select * from Salt where saltID=@id";
com.Parameters.AddWithValue("id", 1);
client.Open();
com.Connection = client;
var dr = com.ExecuteReader();
dr.Read();
var saltc = dr["salt"].ToString();
loginRequest.password = PasswordGenerator.Create(loginRequest.password, saltc);
com.CommandText = "select * from student where Indexnumber=@index and password=@pass";
com.Parameters.AddWithValue("pass", loginRequest.password);
com.Parameters.AddWithValue("index", loginRequest.login);
dr.Close();
var dr2 = com.ExecuteReader();
if (!dr2.Read())
{
return(null);
}
var response = new LoginResponse();
response.login = dr2["IndexNumber"].ToString();
response.name = dr2["LastName"].ToString();
return(response);
}
}
