public void UpdateUser(int userid, string name, string password, UserAuthType typ) { using (NpgsqlConnection conn = PostgreSQLConn.CreateConnection(_ConnectionString)) { using (NpgsqlCommand cmd = conn.CreateCommand()) { string sCommand = "UPDATE \"UserProfiles\" "; sCommand = sCommand + " SET username='******',"; if (typ == UserAuthType.ListAuthentication) { sCommand = sCommand + " password='',"; } else { sCommand = sCommand + " password=md5('" + password + "'),"; } sCommand = sCommand + " user_type='" + typ.ToString() + "'"; sCommand = sCommand + " WHERE id=" + userid; cmd.CommandText = sCommand; cmd.ExecuteNonQuery(); } } Refresh(); }
public int AddUser(string account, string password, UserAuthType type) { using (NpgsqlConnection conn = PostgreSQLConn.CreateConnection(_ConnectionString)) { using (NpgsqlCommand cmd = conn.CreateCommand()) { //CFI: Do not use CommandType.StoredProcedure as this will convert \ -> \\ cmd.CommandText = "SELECT * FROM \"InsertUserProfile\"(:p_username, :p_password, :p_local_directory_id, :p_user_type)"; cmd.Parameters.Add("p_username", account); cmd.Parameters.Add("p_password", password); cmd.Parameters.Add("p_local_directory_id", string.Empty); cmd.Parameters.Add("p_user_type", type.ToString()); object result = cmd.ExecuteScalar(); if (result == null || result is System.DBNull) { return(-1); } Refresh(); return(Convert.ToInt32(result)); } } }