Exemple #1
0
        public static string Add(Client client)
        {
            string errorMessage = "OK";

            SqlConnection connection = Connect.MakeNewConnect;

            try
            {
                connection.Open();
                SqlCommand command = new SqlCommand
                {
                    Connection  = connection,
                    CommandText = $@"INSERT INTO {Constants.BASENAME} VALUES (@id, @surname, 
                        @name, @secondname, @email, @password)"
                };

                command.Parameters.Add("@id", CurrentId() + 1);
                command.Parameters.Add("@surname", client.Surname);
                command.Parameters.Add("@name", client.Name);
                command.Parameters.Add("@secondname", client.Secondname);
                command.Parameters.Add("@email", client.Email);
                command.Parameters.Add("@password", MyOwnSecurity.Hash(client.Password));

                command.ExecuteNonQuery();
            }
            catch (SqlException ex)
            {
                errorMessage = ex.Message;
            }
            finally
            {
                connection.Close();
            }
            return(errorMessage);
        }
Exemple #2
0
        public static string CheckLogin(string email, string password, out Client client)
        {
            Client newClient    = null;
            string errorMessage = "OK";

            SqlConnection connection = Connect.MakeNewConnect;

            try
            {
                connection.Open();
                SqlCommand command = new SqlCommand
                {
                    Connection  = connection,
                    CommandText = $@"SELECT * FROM Users WHERE EMAIL='{email}'"
                };

                SqlDataReader reader = command.ExecuteReader();

                if (reader.HasRows)
                {
                    while (reader.Read())
                    {
                        if (reader.GetValue(5).ToString() != MyOwnSecurity.Hash(password))
                        {
                            errorMessage = "Неверный пароль";
                        }
                        else
                        {
                            newClient = new Client(int.Parse(reader.GetValue(0).ToString()),
                                                   reader.GetValue(1).ToString(),
                                                   reader.GetValue(2).ToString(),
                                                   reader.GetValue(3).ToString(),
                                                   reader.GetValue(4).ToString(),
                                                   reader.GetValue(5).ToString());
                        }
                    }
                    reader.Close();
                }
                else
                {
                    client       = null;
                    errorMessage = "Данная почта не зарегистрирована";
                }
            }
            catch (SqlException ex)
            {
                errorMessage = ex.Message;
            }
            finally
            {
                connection.Close();
            }

            client = null;
            if (newClient != null)
            {
                client = newClient;
            }

            return(errorMessage);
        }