public DataTable getDataTable(UserDangNhap user, string sqlDangNhap)
{
SqlConnection conn = getConnection();
conn.Open();
SqlCommand cmd = new SqlCommand(sqlDangNhap, conn);
cmd.Parameters.AddWithValue("username", user.Username);
cmd.Parameters.AddWithValue("pass", user.Password);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
conn.Close();
return(dt);
}
public string dangNhap(string username, string password)
{
string quyen = null;
string sqlDangNhap = "SELECT * FROM tbuser WHERE Username = @username COLLATE SQL_Latin1_General_CP1_CS_AS AND Pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS ";
UserDangNhap user = new UserDangNhap();
user.Password = password;
user.Username = username;
DataProvider dp = new DataProvider();
DataTable dt = dp.getDataTable(user, sqlDangNhap);
if (dt.Rows.Count > 0)
{
foreach (DataRow row in dt.Rows)
{
quyen = row["Quyen"].ToString();
}
}
return(quyen);
}
public Boolean update(UserDangNhap user)
{
SqlConnection conn = getConnection();
conn.Open();
try
{
string sqlDangnhap = "UPDATE tbuser Set Pass = @pass Where Username = @username";
SqlCommand cmd = new SqlCommand(sqlDangnhap, conn);
cmd.Parameters.AddWithValue("username", user.Username);
cmd.Parameters.AddWithValue("pass", user.Password);
cmd.ExecuteNonQuery();
}
catch (Exception)
{
return(false);
}
finally {
conn.Close();
}
return(true);
}
