public static int changePass(string oldPass, string newPass)
{
int ret = -1;
authen x = new authen();
if (x.validUser())
{
string uid = (string)HttpContext.Current.Session["uid"];
SqlConnection myConnection = new SqlConnection(connString);
try {
myConnection.Open();
try {
string strSql = "UPDATE [dbo].[user]" +
"SET password = '******'" +
"WHERE userID = " + uid + " AND password='******'";
SqlCommand myCommand = new SqlCommand(strSql, myConnection);
ret = myCommand.ExecuteNonQuery();
myConnection.Close();
} catch (Exception ex1) {
}
} catch (Exception ex2) {
}
}
return(ret); /*-1: failed, 0: old pass mismatch, >1: success*/
}
public static void logoutIfNotValid()
{
authen x = new authen();
if (!x.validUser())
{
HttpContext.Current.Response.Redirect("./login.aspx");
}
}
// end of 3rd copy
public static bool getuserpass(int userid, out string email, out string pass)
{
bool ret = false;
email = "";
pass = "";
authen x = new authen();
if (x.validUser())
{
SqlConnection myConnection = new SqlConnection(x.getConnectionString());
try {
myConnection.Open();
try {
string strSql = @"SELECT [email], [password] FROM [user]
WHERE userID = '" + userid + "'";
SqlCommand myCommand = new SqlCommand(strSql, myConnection);
SqlDataReader myReader = null;
myReader = myCommand.ExecuteReader();
if (myReader.Read())
{
email = myReader["email"].ToString();
pass = myReader["password"].ToString();
ret = true;
}
myReader.Close();
myConnection.Close();
} catch (Exception ex1) {
}
} catch (Exception ex2) {
}
}
return(ret);
}