public int InsertCustomer(CustomerLogin customer)
{
int count = 0;
string password;
Connection();
SqlCommand cmd = new SqlCommand("uspInsertCustomer", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Username", customer.Username);
cmd.Parameters.AddWithValue("@Firstname", customer.FirstName);
cmd.Parameters.AddWithValue("@Lastname", customer.LastName);
cmd.Parameters.AddWithValue("@Email", customer.Email);
password = Crypto.HashPassword(customer.ConfirmPassword);
cmd.Parameters.AddWithValue("@Pass", password);
try
{
conn.Open();
count = cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
message = ex.Message;
}
finally
{
conn.Close();
}
return(count);
}
public string CheckLogin(CustomerLogin user)
{
string password, username = null;
SqlDataReader reader;
Connection();
SqlCommand cmd = new SqlCommand("uspLoginCustomer", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@user", user.Username);
try
{
conn.Open();
reader = cmd.ExecuteReader();
while (reader.Read())
{
password = reader["Pass"].ToString();
if (password == null)
{
message = $"{user.Username} not found";
}
else
{
if (Crypto.VerifyHashedPassword(password, user.Password))
{
username = reader["Username"].ToString();
}
else
{
message = "Incorrect password entered";
}
}
}
}
catch (SqlException ex)
{
message = ex.Message;
}
catch (FormatException ex)
{
message = ex.Message;
}
finally
{
conn.Close();
}
return(username);
}