Beispiel #1
0
        /// <summary>
        /// Update account in DB, if it does not exist create new
        /// </summary>
        /// <param name="account"></param>
        /// <returns></returns>
        public static bool Upsert(Account account)
        {
            try
            {
                using (SqlConnection connection = HelperFunctions.GetConnection())
                {
                    connection.Open();
                    // Make a new hash for the user
                    var hash = makeHash(account.Password);
                    account.Password = hash[0];
                    account.Salt = hash[1];
                    using (SqlCommand command = new SqlCommand("EXEC UpsertAccount @Username, @Password, @Salt, @RoleId, @BorrowerId"))
                    {
                        command.Connection = connection;
                        command.Parameters.AddWithValue("@Username", account.Username);
                        command.Parameters.AddWithValue("@Password", account.Password);
                        command.Parameters.AddWithValue("@Salt", account.Salt);
                        command.Parameters.AddWithValue("@RoleId", account.RoleId);
                        command.Parameters.AddWithValue("@BorrowerId", HelperFunctions.ValueOrDBNull(account.BorrowerId));

                        if (command.ExecuteNonQuery() != 1)
                        {
                            return false;
                        }
                    }
                }
            }
            catch (Exception)
            {
                return false;
            }
            return true;
        }
Beispiel #2
0
 /// <summary>
 /// Delete an Account from repository
 /// </summary>
 /// <param name="account"></param>
 /// <returns></returns>
 public static bool Delete(Account account)
 {
     try
     {
         using (SqlConnection connection = HelperFunctions.GetConnection())
         {
             connection.Open();
             using (SqlCommand command = new SqlCommand("DELETE FROM ACCOUNT WHERE Username = @Username"))
             {
                 command.Connection = connection;
                 command.Parameters.AddWithValue("@Username", account.Username);
                 if (command.ExecuteNonQuery() != 1)
                 {
                     return false;
                 }
             }
         }
     }
     catch (Exception)
     {
         return false;
     }
     return true;
 }
Beispiel #3
0
        /// <summary>
        /// Selects row with give username & checks if the password hash with the row salt matches
        /// the password hash in the table
        /// </summary>
        /// <param name="account"></param>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static bool GetAccount(out Account account, string username, string password)
        { 
            var accounts = new List<Account>();
            var command = new SqlCommand("SELECT * FROM ACCOUNT WHERE Username = @Username");
            command.Parameters.AddWithValue("@Username", username);
            var ret = getAccounts(out accounts, command);

            account = null;
            if (ret && accounts.Count > 0)
                account = accounts[0];
            else
                return false;

            // Check password
            if (makeHash(password, account.Salt) == account.Password)
                return true;
            else
            {
                account = null;
                return false;
            }
        }