public static UserAccount Attempt(string username, string password)
{
if (username.Length > 16 || string.IsNullOrEmpty(password))
{
return null;
}
MySqlConnection connection = MySQLConnector.GetConnection();
if (connection != null)
{
MySqlCommand command = new MySqlCommand("SELECT `id`,`username`,`created_at`,`last_login`,`role` FROM `users` WHERE `username`=@username AND `password`=@password ORDER BY `id` ASC LIMIT 1", connection);
command.Prepare();
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", Hash(password));
MySqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
int id = reader.GetInt32("id");
UserAccount account = new UserAccount(id, reader.GetString("username"), reader.GetString("created_at"), reader.GetString("last_login"), reader.GetString("role"));
connection.Close();
connection = MySQLConnector.GetConnection();
MySqlCommand updateCommand = new MySqlCommand("UPDATE `users` SET `last_login`=NOW() WHERE `id`=@id ORDER BY `id` ASC LIMIT 1", connection);
updateCommand.Prepare();
updateCommand.Parameters.AddWithValue("@id", id);
updateCommand.ExecuteReader();
connection.Close();
return account;
}
}
connection.Close();
return null;
}
public static UserAccount Find(string username)
{
MySqlConnection connection = MySQLConnector.GetConnection();
if (connection != null)
{
MySqlCommand command = new MySqlCommand("SELECT `id`,`username`,`created_at`,`last_login`,`role` FROM `users` WHERE `username`=@username ORDER BY `id` ASC LIMIT 1", connection);
command.Prepare();
command.Parameters.AddWithValue("@username", username);
MySqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
UserAccount account = new UserAccount(reader.GetInt32("id"), reader.GetString("username"), reader.GetString("created_at"), reader.GetString("last_login"), reader.GetString("role"));
connection.Close();
return account;
}
}
return null;
}
