public int CheckValidUser(string username, string password)
{
int flag = -1;
try
{
SqlDataReader reader = null;
string userType = string.Empty;
int ID = 0;
DataSet ds = new DataSet();
using (DM dbManager = new DM())
{
// dbManager.Command.CommandText = @"SELECT * FROM AdminUsers
// WHERE username= @UserName COLLATE SQL_Latin1_General_CP1_CS_AS AND Password=(SELECT HASHBYTES('SHA1',@Password))";
dbManager.Command.CommandText = @"SELECT * FROM AdminUsers
WHERE username= @UserName COLLATE SQL_Latin1_General_CP1_CS_AS AND Password=@Password";
dbManager.Command.Parameters.AddWithValue("@userName", username);
dbManager.Command.Parameters.AddWithValue("@Password", password);
reader = dbManager.GetDataReader();
if (reader.Read() == true)
{
General.Session.UserName = reader.GetValue(1).ToString();
ID = Convert.ToInt32(reader.GetValue(0).ToString());
flag = 1;
}
}
}
catch (Exception exp)
{
throw;
}
return flag;
}
public int getTransactionTable_Amount_New(string transactionNumber)
{
int flag = -1;
try
{
SqlDataReader reader = null;
string userType = string.Empty;
DataSet ds = new DataSet();
using (DM dbManager = new DM())
{
dbManager.Command.CommandText = @"SELECT Amount from TransactionLog Where TransactionNumber=@trnumber;
delete from transactionLog where TransactionNumber=@trnumber ";
dbManager.Command.Parameters.AddWithValue("@trnumber", transactionNumber);
reader = dbManager.GetDataReader();
if (reader.Read() == true)
{
flag = Convert.ToInt32(reader.GetValue(0).ToString());
}
}
}
catch (Exception exp)
{
throw;
}
return flag;
}
public int getAttempts(string userID)
{
int attempts = 0;
try
{
SqlDataReader reader = null;
string userType = string.Empty;
DataSet ds = new DataSet();
using (DM dbManager = new DM())
{
dbManager.Command.CommandText = @"SELECT FailedPasswordAttemptCount from Memberships where [userID]=@userID";
dbManager.Command.Parameters.AddWithValue("@userID", userID);
reader = dbManager.GetDataReader();
if (reader.Read() == true)
{
attempts = Convert.ToInt16(reader.GetValue(0).ToString());
}
}
}
catch (Exception exp)
{
throw;
}
return attempts;
}
public string getStudent_CompleteName(string userID)
{
string fullName = string.Empty;
try
{
SqlDataReader reader = null;
string userType = string.Empty;
DataSet ds = new DataSet();
using (DM dbManager = new DM())
{
dbManager.Command.CommandText = @"SELECT Fullname from user_otherinfo where [userID]=@userID";
dbManager.Command.Parameters.AddWithValue("@userID", userID);
reader = dbManager.GetDataReader();
if (reader.Read() == true)
{
fullName = reader.GetValue(0).ToString();
}
}
}
catch (Exception exp)
{
throw;
}
return fullName;
}