public bool Get(Account account)
{
account.Password = EmployeeDAL.GetMD5(account.Password);
Account data = null;
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
SqlCommand cmd = new SqlCommand();
cmd.CommandText = @"SELECT * FROM Employees WHERE Email=@Email and Password=@Password";
cmd.CommandType = CommandType.Text;
cmd.Connection = connection;
cmd.Parameters.AddWithValue("@Email", account.Email);
cmd.Parameters.AddWithValue("@Password", account.Password);
using (SqlDataReader dbReader = cmd.ExecuteReader(CommandBehavior.CloseConnection))
{
if (dbReader.Read())
{
data = new Account()
{
Email = Convert.ToString(dbReader["Email"]),
Password = Convert.ToString(dbReader["Password"]),
};
}
}
connection.Close();
}
if (data != null)
{
return(true);
}
else
{
return(false);
}
}
public UserAccount Authorize(string userName, string password)
{
UserAccount data = new UserAccount();
password = EmployeeDAL.GetMD5(password);
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
SqlCommand cmd = new SqlCommand();
cmd.CommandText = @"SELECT * FROM Employees WHERE Email=@Email and Password=@Password";
cmd.CommandType = CommandType.Text;
cmd.Connection = connection;
cmd.Parameters.AddWithValue("@Email", userName);
cmd.Parameters.AddWithValue("@Password", password);
using (SqlDataReader dbReader = cmd.ExecuteReader(CommandBehavior.CloseConnection))
{
if (dbReader.Read())
{
data = new UserAccount()
{
UserID = userName,
FullName = Convert.ToString(dbReader["FirstName"]) + " " + Convert.ToString(dbReader["LastName"]),
Photo = Convert.ToString(dbReader["PhotoPath"]),
GroupName = Convert.ToString(dbReader["GroupName"])
};
}
}
connection.Close();
}
return(data);
//return new UserAccount()
//{
// UserID = userName,
// FullName = "Lê Quý Đôn",
// Photo = "don.png"
//};
}
public bool Update(Account account)
{
account.Password = EmployeeDAL.GetMD5(account.Password);
//Account data = null;
int rowsAffected = 0;
using (SqlConnection connection = new SqlConnection(this.connectionString))
{
connection.Open();
SqlCommand cmd = new SqlCommand();
cmd.CommandText = @"UPDATE Employees SET
Password=@Password
WHERE Email=@Email SELECT @@IDENTITY;";
cmd.CommandType = CommandType.Text;
cmd.Connection = connection;
cmd.Parameters.AddWithValue("@Password", account.Password);
cmd.Parameters.AddWithValue("@Email", account.Email);
rowsAffected = Convert.ToInt32(cmd.ExecuteNonQuery());
connection.Close();
}
return(rowsAffected > 0);
}