public ASFUser GetUser(MembershipInfo user)
{
ASFUser singleUser = new ASFUser();
using (SqlConnection conn = new SqlConnection(connString))
{
// If user has correct password, then select user database
string sql = BuildASFUserSQL() + ", b.Password ";
string fromUser = @"FROM dbo.ASF_User AS a INNER JOIN dbo.aspnet_Membership as b ON a.Username = b.Username ";
string whereUser = @"WHERE a.Username = @Username";
sql = sql + fromUser + whereUser;
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.NVarChar).Value = user.Username;
try
{
conn.Open();
SqlDataReader read = cmd.ExecuteReader();
while (read.Read())
{
singleUser = new ASFUserCallback().ProcessRow(read);
singleUser.Member.Password = read["Password"].ToString() ;
}
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
return singleUser;
}
public ASFUser DoLogin(MembershipInfo user)
{
ASFUser singleUser = new ASFUser();
using (SqlConnection conn = new SqlConnection(connString))
{
// If user has correct password, then select user database
string sql = BuildASFUserSQL();
string sqlMember = @"SELECT a.UserId FROM dbo.aspnet_Membership as b WHERE b.Username = @Username AND b.Password = @Password";
string fromUser = @"FROM dbo.ASF_User AS a";
string whereUser = @" WHERE a.UserId = (" + sqlMember + ")";
sql = sql + fromUser + whereUser;
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@Username", SqlDbType.Int).Value = user.Username;
cmd.Parameters.Add("@Password", SqlDbType.Int).Value = user.Password;
try
{
conn.Open();
SqlDataReader read = cmd.ExecuteReader();
while (read.Read())
{
singleUser = new ASFUserCallback().ProcessRow(read);
}
}
catch (Exception e)
{
throw e;
}
finally
{
conn.Close();
}
}
return singleUser;
}