Ejemplo n.º 1
0
        /// <summary>
        /// Given the user name and the password, fetch the user information if it is valid.
        /// </summary>
        /// <param name="userName"></param>
        /// <param name="pwd"></param>
        /// <returns>A user entity that contains the user information; or <see langword="null"/> if the user fails validation.</returns>
        public UserEntity CheckUserInfo(string userName, string pwd)
        {
            // check whether the user exists and validate the password
            using var conn = new MySqlConnection(connStr);
            conn.Open();
            var sql = $"SELECT * FROM users WHERE user_name = \"{userName}\"";

            using var cmd = new MySqlCommand(sql, conn);
            using MySqlDataReader reader = cmd.ExecuteReader();
            Debug.WriteLine("SQL: " + sql);
            if (reader.HasRows)  // user exists
            {
                Debug.WriteLine($"User {userName} exists.");
                var pwdMD5 = Encrytor.ComputeMD5(userName + pwd);
                reader.Read(); // advance to the first record
                var truePwdMD5 = reader.GetString("password");
                Debug.WriteLine($"Computed MD5: {pwdMD5}");
                if (pwdMD5 == truePwdMD5)  // correct password
                {
                    Debug.WriteLine($"Password '{pwd}' is correct!");
                    var userEntity = new UserEntity()
                    {
                        UserName = userName,
                        RealName = reader.GetString("real_name"),
                        Avatar   = reader.GetString("avatar"),
                        Gender   = reader.GetInt32("gender")
                    };
                    Debug.WriteLine(userEntity);
                    return(userEntity);
                }
            }
            return(null);
        }