/// <summary> /// Verifies Login Information /// </summary> /// <param name="UserName"></param> /// <param name="Password"></param> /// <returns></returns> public static bool CheckLogin(string UserName, string Password) { using (SqlConnection conn = ConnectionFactory.DistributeConnection("DB")) { conn.Open(); string sql = "SELECT salt,password FROM WEBSITE_ADMIN WHERE username=@Username"; SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.Add(new SqlParameter("@Username", UserName)); SqlDataReader dr = cmd.ExecuteReader(); if (dr.HasRows) { while (dr.Read()) { if (Global_Functions.GetHashString(Password, dr["salt"].ToString()) == dr["password"].ToString()) { UpdateLastLogin(UserName); dr.Close(); conn.Close(); conn.Dispose(); return(true); } } dr.Close(); } } return(false); }
/// <summary> /// Used to Create a New Admin Account /// </summary> /// <param name="UserName"></param> /// <param name="Password"></param> public static void InsertAdmin(string UserName, string Password) { string salt = Global_Functions.SaltGenerator(); string hashPass = Global_Functions.GetHashString(Password, salt); using (SqlConnection conn = ConnectionFactory.DistributeConnection("DB")) { conn.Open(); string sql = "INSERT INTO WEBSITE_ADMIN (username, password,last_login,active,salt) VALUES (@Username, @Password, @LastLogin, @Active, @Salt)"; SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.Add(new SqlParameter("@Username", UserName)); cmd.Parameters.Add(new SqlParameter("@Password", hashPass)); cmd.Parameters.Add(new SqlParameter("@Salt", salt)); cmd.Parameters.Add(new SqlParameter("@LastLogin", DateTime.Now)); cmd.Parameters.Add(new SqlParameter("@Active", 1)); cmd.ExecuteNonQuery(); } }