/// <summary> /// Регистрация нового клиента /// </summary> /// <param name="client">Данные клиента</param> /// <returns>Строка ошибки</returns> public static string Add(Client client) { string errorMessage = "OK"; SqlConnection connection = Connect.MakeNewConnect; try { connection.Open(); SqlCommand command = new SqlCommand { Connection = connection, CommandText = $@"INSERT INTO {Constants.BASENAME} VALUES (@type, @surname, @name, @secondname, @email, @phone, @password)" }; command.Parameters.AddWithValue("@type", client.Type); command.Parameters.AddWithValue("@surname", client.Surname); command.Parameters.AddWithValue("@name", client.Name); command.Parameters.AddWithValue("@secondname", client.SecondName); command.Parameters.AddWithValue("@email", client.Email); command.Parameters.AddWithValue("@phone", client.Phone); command.Parameters.AddWithValue("@password", MyOwnSecurity.Hash(client.Password)); command.ExecuteNonQuery(); } catch (SqlException ex) { errorMessage = ex.Message; } catch (System.Exception ex) { errorMessage = ex.Message; } finally { connection.Close(); } return(errorMessage); }
/// <summary> /// Изменение данных клиента /// </summary> /// <param name="client">Данные клиента</param> /// <returns>Строка ошибки</returns> public static string Change(Client client) { string errorMessage = "OK"; SqlConnection connection = Connect.MakeNewConnect; try { Photo.Push(client.Id, client.Photo); connection.Open(); SqlCommand command = new SqlCommand { Connection = connection, CommandText = $@"UPDATE {Constants.BASENAME} SET surname = N'{client.Surname}', name = N'{client.Name}', secondname = N'{client.SecondName}', email = N'{client.Email}', phone = N'{client.Phone}', password = N'{MyOwnSecurity.Hash(client.Password).ToString()}' WHERE Id = {client.Id}" }; command.ExecuteNonQuery(); } catch (SqlException ex) { errorMessage = ex.Message; } catch (System.Exception ex) { errorMessage = ex.Message; } finally { connection.Close(); } return(errorMessage); }
/// <summary> /// Вход клиента в приложение /// </summary> /// <param name="emailOrPhone">Адрес электронной почты или мобильного телефона клиента</param> /// <param name="password">Пароль клиента</param> /// <param name="client">Класс клиента со всеми его данными</param> /// <returns>Строка ошибки</returns> public static ResultObj CheckLogin(string emailOrPhone, string password) { Client client; Client newClient = null; string errorMessage = "OK"; SqlConnection connection = Connect.MakeNewConnect; try { connection.Open(); SqlCommand command = new SqlCommand { Connection = connection, CommandText = $@"SELECT * FROM {Constants.BASENAME} WHERE EMAIL='{emailOrPhone}' OR PHONE='{emailOrPhone}'" }; SqlDataReader reader = command.ExecuteReader(); if (reader.HasRows) { while (reader.Read()) { if (reader.GetValue(7).ToString() != MyOwnSecurity.Hash(password)) { errorMessage = "Неверный пароль"; } else { newClient = new Client(reader.GetInt32(0), reader.GetValue(2).ToString(), reader.GetValue(3).ToString(), reader.GetValue(4).ToString(), reader.GetValue(5).ToString(), reader.GetValue(6).ToString(), reader.GetValue(7).ToString()); newClient.ChangeType(reader.GetInt32(1)); } } reader.Close(); } else { client = null; errorMessage = "Данная почта не зарегистрирована"; } } catch (SqlException ex) { newClient = null; errorMessage = ex.Message; } catch (System.Exception ex) { newClient = null; errorMessage = ex.Message; } finally { connection.Close(); } client = newClient; return(new ResultObj { ErrorMessage = errorMessage, User = client }); }