public void Insert(User entity)
{
try
{
_command = new SqlCommand("INSERT INTO dbo.[Users](Name, Firstname, Roles, Email, Password) " +
"VALUES(@Name, @Firstname, @Roles, @Email, @Password)", _connection as SqlConnection);
_command.Parameters.Add(new SqlParameter("@Name", entity.Name));
_command.Parameters.Add(new SqlParameter("@Firstname", entity.Firstname));
_command.Parameters.Add(new SqlParameter("@Roles", entity.Roles));
_command.Parameters.Add(new SqlParameter("@Email", entity.Email));
_command.Parameters.Add(new SqlParameter("@Password", CommonHelpers.ComputeHash(entity.Password)));
_connection.Open();
_command.ExecuteNonQuery();
}
catch (Exception ex)
{
//TODO
}
finally
{
_command?.Dispose();
_connection?.Close();
}
}
public User UserLoggin(string email, string password)
{
User loggingInUser = new User();
try
{
_command = new SqlCommand("SELECT * FROM dbo.Users WHERE Email = @email AND Password = @password", _connection as SqlConnection);
_command.Parameters.Add(new SqlParameter("@email", email));
_command.Parameters.Add(new SqlParameter("@password", CommonHelpers.ComputeHash(password)));
_connection.Open();
SqlDataReader results = _command.ExecuteReader() as SqlDataReader;
if (!results.HasRows)
{
return(null);
}
while (results.Read())
{
loggingInUser = ReaderToObject(results);
}
results?.Close();
}
catch (Exception ex)
{
}
finally
{
_command?.Dispose();
_connection?.Close();
}
return(loggingInUser);
}