/// <summary>
/// 注册
/// </summary>
/// <param name="userName">User name.</param>
/// <param name="pwd">Pwd.</param>
public static bool Register(string userName, string pwd)
{
bool success = false;
//检查sql语句是否合法,防止sql注入
if (StringHelper.CheckSqlString(userName) || StringHelper.CheckSqlString(pwd))
{
success = false;
}
else
{
using (SqlConnection conn = SqlClientHelper.CreateConn()) {
SqlClientHelper.Open(conn);
string sql = "SELECT [UserName] FROM [User] WHERE [UserName] = '" + userName + "'";
ArrayList list = SqlClientHelper.ExecuteReader(conn, sql);
//若存在帐号
if (list != null)
{
success = false;
}
else
{
sql = "INSERT INTO [User] ([Username], [Password], [Coin]) VALUES ('" + userName + "', '" + pwd + "', 0)";
int exe = SqlClientHelper.ExecuteNoQuery(conn, sql);
success = (exe == -1) ? false : true;
}
}
}
return(success);
}
/// <summary>
/// 增加积分,由友商服务器回调时调用,不可用于客户端交互
/// </summary>
/// <returns>The coin.</returns>
/// <param name="userID">User I.</param>
/// <param name="coin">Coin.</param>
public static Dictionary <string, string> AddCoin(int userID, int coin)
{
if (coin <= 0)
{
return(null);
}
SqlConnection conn = SqlClientHelper.CurrentConn();
string sql = "SELECT [Coin] FROM [User] WHERE [UserID] = " + userID;
ArrayList list = SqlClientHelper.ExecuteReader(conn, sql);
if (list == null || list.Count != 1)
{
return(null);
}
else
{
Dictionary <string, string> dic = (Dictionary <string, string>)list [0];
string sqlCoin = "";
dic.TryGetValue("0", out sqlCoin);
int newCoin = Convert.ToInt16(sqlCoin) + coin;
sql = "UPDATE [User] SET [Coin] = '" + newCoin.ToString() + "' WHERE [UserID] = " + userID;
int success = SqlClientHelper.ExecuteNoQuery(conn, sql);
if (success == -1)
{
return(null);
}
else
{
return(LoadData(userID));
}
}
}
/// <summary>
/// 帐号登陆
/// </summary>
/// <param name="userName">User name.</param>
/// <param name="pwd">Pwd.</param>
public static bool Login(string userName, string pwd)
{
bool success = false;
//检查sql语句是否合法,防止sql注入
if (StringHelper.CheckSqlString(userName) || StringHelper.CheckSqlString(pwd))
{
success = false;
}
else
{
SqlConnection conn = SqlClientHelper.CurrentConn();
string sql = "SELECT [UserName], [Password] FROM User WHERE [UserName] = '" + userName + "'";
ArrayList list = SqlClientHelper.ExecuteReader(conn, sql);
if (list == null || list.Count != 1)
{
success = false;
}
else
{
Dictionary <string, string> dic = (Dictionary <string, string>)list [0];
string sqlName = "";
string sqlPwd = "";
dic.TryGetValue("0", out sqlName);
dic.TryGetValue("1", out sqlPwd);
if (!sqlName.Equals(userName) || !sqlPwd.Equals(pwd))
{
success = false;
}
else
{
sql = "UPDATE [User] SET [LoginTime] = (datetime('now','localtime')) WHERE [UserName] = '" + userName + "'";
SqlClientHelper.ExecuteNoQuery(conn, sql);
success = true;
}
}
}
return(success);
}
