Beispiel #1
0
        public bool Get(Account account)
        {
            account.Password = EmployeeDAL.GetMD5(account.Password);
            Account data = null;

            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                connection.Open();

                SqlCommand cmd = new SqlCommand();
                cmd.CommandText = @"SELECT * FROM Employees WHERE Email=@Email and Password=@Password";
                cmd.CommandType = CommandType.Text;
                cmd.Connection  = connection;
                cmd.Parameters.AddWithValue("@Email", account.Email);
                cmd.Parameters.AddWithValue("@Password", account.Password);

                using (SqlDataReader dbReader = cmd.ExecuteReader(CommandBehavior.CloseConnection))
                {
                    if (dbReader.Read())
                    {
                        data = new Account()
                        {
                            Email    = Convert.ToString(dbReader["Email"]),
                            Password = Convert.ToString(dbReader["Password"]),
                        };
                    }
                }

                connection.Close();
            }
            if (data != null)
            {
                return(true);
            }
            else
            {
                return(false);
            }
        }
Beispiel #2
0
        public UserAccount Authorize(string userName, string password)
        {
            UserAccount data = new UserAccount();

            password = EmployeeDAL.GetMD5(password);
            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                connection.Open();
                SqlCommand cmd = new SqlCommand();
                cmd.CommandText = @"SELECT * FROM Employees WHERE Email=@Email and Password=@Password";
                cmd.CommandType = CommandType.Text;
                cmd.Connection  = connection;
                cmd.Parameters.AddWithValue("@Email", userName);
                cmd.Parameters.AddWithValue("@Password", password);

                using (SqlDataReader dbReader = cmd.ExecuteReader(CommandBehavior.CloseConnection))
                {
                    if (dbReader.Read())
                    {
                        data = new UserAccount()
                        {
                            UserID    = userName,
                            FullName  = Convert.ToString(dbReader["FirstName"]) + " " + Convert.ToString(dbReader["LastName"]),
                            Photo     = Convert.ToString(dbReader["PhotoPath"]),
                            GroupName = Convert.ToString(dbReader["GroupName"])
                        };
                    }
                }

                connection.Close();
            }
            return(data);
            //return new UserAccount()
            //{
            //    UserID = userName,
            //    FullName = "Lê Quý Đôn",
            //    Photo = "don.png"
            //};
        }
Beispiel #3
0
        public bool Update(Account account)
        {
            account.Password = EmployeeDAL.GetMD5(account.Password);
            //Account data = null;
            int rowsAffected = 0;

            using (SqlConnection connection = new SqlConnection(this.connectionString))
            {
                connection.Open();
                SqlCommand cmd = new SqlCommand();
                cmd.CommandText = @"UPDATE Employees SET
	                                                      Password=@Password                                        
                                                    WHERE Email=@Email SELECT @@IDENTITY;";
                cmd.CommandType = CommandType.Text;
                cmd.Connection  = connection;
                cmd.Parameters.AddWithValue("@Password", account.Password);
                cmd.Parameters.AddWithValue("@Email", account.Email);

                rowsAffected = Convert.ToInt32(cmd.ExecuteNonQuery());
                connection.Close();
            }
            return(rowsAffected > 0);
        }