//------------------------------------------------------------------------------------------------------------------------------------------------------------- /// <summary> /// This will also match on the email address /// (so the user can logon using either email or username) /// Username is tried first /// </summary> /// <param name="userName"></param> /// <returns></returns> public MGUser GetUser(SecureString emailHash, string ipAddress) { //string sqlQuery = "SELECT "+userFields+" FROM " + tnUsers + " WHERE MD5(Email)='" // + DatabaseInformation.SQL_INJECTION_CHECK_PARAMETER(true, emailHash) // + "' AND LastIP='" // +DatabaseInformation.SQL_INJECTION_CHECK_PARAMETER(true, ipAddress) // +"';"; string sqlQuery = "SELECT " + userFields + " FROM " + tnUsers + " WHERE LastIP='" + DatabaseHelper.SQL_INJECTION_CHECK_PARAMETER(true, ipAddress) + "';"; string[] row = null; List <string[]> data = dbInfo.GetDataList(sqlQuery); if (data != null) { foreach (string[] tempRow in data) { string tempEmailHash = MD5Hash.GetMd5Sum(tempRow[5]); if (emailHash.Equals(tempEmailHash)) { row = tempRow; break; } } } // row = dbInfo.ReadLine(sqlQuery); return(BuildUserInfo(row)); }