protected void EmailPassword_Click(object sender, EventArgs e)
{
LoginCredentials findPassword = new LoginCredentials(txtNameEmail.Text);
if (findPassword.Username == "dne")
Response.Write("<script>alert('No account match was found from input.');</script>");
else
{
findPassword.EmailLostPassword();
Response.Redirect(@"~/Account/Login.aspx");
}
}
protected void LoginButton_Click(object sender, EventArgs e)
{
LoginCredentials currentCredentials = new LoginCredentials(UserName.Text, Password.Text);
bool login = currentCredentials.Authenticate();
if (login == true)
{
Session["ID"] = currentCredentials.ID;
Response.Redirect(@"~/Member/Member.aspx");
}
else
Response.Write("<script>alert('Account name and password did not match.');</script>");
}
protected void RegisterButton_Click(object sender, EventArgs e)
{
if (AccountName.Text == "" || Password.Text == "" || Email.Text == "")
Response.Write("<script>alert('A field was left blank. Please try again.');</script>");
else
{
LoginCredentials registeringAccount = new LoginCredentials(AccountName.Text, Password.Text, Email.Text);
if (registeringAccount.Register())
{
//good for you
Response.Redirect(@"~/Default.aspx");
}
else
Response.Write("<script>alert('Account name or e-mail already in use.');</script>");
}
}
public bool Authenticate(LoginCredentials creds)
{
int userId = -1;
SqlCommand cmd = MyConnection.CreateCommand();
cmd.CommandText = "SELECT [ID] FROM [User] WHERE ([UserName] = @Name OR [Email] = @Name) AND [Password] = @Password";
cmd.Parameters.Add(new SqlParameter("@Name", (string)creds.Username));
cmd.Parameters.Add(new SqlParameter("@Password", (string)creds.Password));
MyConnection.Open();
object returnVal = cmd.ExecuteScalar();
MyConnection.Close();
if (returnVal != null)
userId = (int)returnVal;
if (userId >= 0)
{
creds.ID = userId;
return true;
}
return false;
}
