/// <summary>
/// Creates a new user in the tokens database.
/// </summary>
/// <param name="user">The user's data to be used</param>
/// <param name="userID">The ID of the user</param>
private void makeNewUser(ValidUserContract user, int? userID)
{
openConnection();
makeCommand(string.Format("INSERT INTO {0} VALUES (@guid, GETDATE(), @type, @id)", Constants.TABLE_USER_TOKENS),
new PreparedData(SqlDbType.Char, user.GUID.ToString(), Constants.GUID_LENGTH),
new PreparedData(SqlDbType.Int, user.UserType),
new PreparedData(SqlDbType.Int, userID)
).ExecuteNonQuery();
}
/// <summary>
/// Checks if a user is valid based on their credentials
/// </summary>
/// <param name="username">The user's username</param>
/// <param name="password">The user's password</param>
/// <returns>A new ValidUserContract with a GUID to be used for further requests, or null if an invalid user.</returns>
public ValidUserContract ValidUser(string username, string password)
{
openConnection();
UserType userType;
int? userID = null;
SqlCommand checkUser = makeCommand(string.Format("SELECT * FROM {0} WHERE {1}=@user AND {2}=@pass",
Constants.TABLE_USERS,
Constants.USERNAME,
Constants.PASSWORD),
new PreparedData(SqlDbType.VarChar, username, 15),
new PreparedData(SqlDbType.VarChar, password, 50));
using (SqlDataReader reader = checkUser.ExecuteReader())
{
if (reader.Read())
{
userType = (UserType)reader[Constants.USER_TYPE];
userID = (int?)reader[Constants.ID];
}
else
{
userType = UserType.INVALID;
}
}
var user = new ValidUserContract(userID, userType);
if (userType != UserType.INVALID)
{
makeNewUser(user, userID);
}
closeConnection();
return user;
}
