/// <summary> /// Checks if a username password combination exists /// Still needs to record login times to database /// Need to make a session/login class to record session data /// </summary> /// <param name="userName">username to find in database</param> /// <param name="password">password to check</param> /// <returns>True for match found, false for no match found</returns> public static bool LogUserIn(string userName, string password) { // commented out so code is still present //string connStr = Properties.Settings.Default.DBconnection; //// It allows comunication between the Database's source and the application //System.Data.SqlClient.SqlConnection dbConnection = new SqlConnection(connStr); // @"Data Source = (LocalDB)\MSSQLLocalDB; AttachDbFilename = C:\EAHT - Monitor - App\Application\EAHT - Application\EAHT - Engine\EAHT - Database.mdf; Integrated Security = True; Connect Timeout = 30"); ////SQL query. //SqlDataAdapter dataAdapter = new SqlDataAdapter("SELECT * FROM Staff WHERE First_Name = ' " + userName + " 'AND Password_Hash = ' " + password + "'", dbConnection); //DataTable data = new DataTable(); //dataAdapter.Fill(data); // Fixed and refactored to simplify // Checks input for conditions that would cause errors // not null and 1 character or more if (!(userName is null) && userName.Length > 1) { // Get password hash from database where first name matches DataSet dataset = SqlQueryExecutor.SelectColumnsFromTable(new string[1] { "Password_Hash" }, "Staff", "First_Name=\'" + userName + "\'"); DataTableReader reader = dataset.CreateDataReader(); // If there is a result if (reader.Read()) { // If the hashed password entered matches the stored hash if (reader.GetString(0) == PasswordCryptography.ComputeSha256Hash(password)) { // Password matches user = userName; return(true); } // Password doesn't match return(false); } // Username not found or } // Input is invalid return(false); }
private int[] GetMonitorConfigurationFromDatabase() { string AND = ") AND "; DataSet monitorData = SqlQueryExecutor.SelectColumnsFromTable(new string[2] { "Monitor_Number", "Monitor_Type" }, "Monitors_In_Beds", "(Ward=" + wardRef.Id + AND + "(Bay=" + BayID + AND + "(Bed=" + bedNumber + AND + "(Monitor_Number<" + monitors.Length + ")"); DataTableReader reader = monitorData.CreateDataReader(); int[] types = new int[monitors.Length]; for (int monitor = 0; monitor < types.Length; monitor++) { types[monitor] = -1; } while (reader.Read()) { types[reader.GetInt32(0)] = reader.GetInt32(1); } return(types); }