public void registerAccount(string email, string password, string fullName, DateTime birthday, string gender, string address, DateTime today) { int number = 0; string sql = "INSERT User_Account VALUES (@Email, @Password, @Full_Name, @Birthday, @Gender, @Address, @Cancel_Amount, @created_Date)"; SqlParameter emailParam = new SqlParameter("@Email", email); EncryptionSHA sha = new EncryptionSHA(); string hashPassword = sha.getHashedPassword(password); SqlParameter passwordParam = new SqlParameter("@Password", hashPassword); SqlParameter fullNameParam = new SqlParameter("@Full_Name", fullName); SqlParameter birthdayParam = new SqlParameter("@Birthday", birthday); SqlParameter genderParam = new SqlParameter("@Gender", gender); SqlParameter addressParam = new SqlParameter("@Address", address); SqlParameter cancelParam = new SqlParameter("@Cancel_Amount", number); SqlParameter todayParam = new SqlParameter("@created_Date", today); try { bool result = DataProvider.ExecuteNonQuery(sql, CommandType.Text, emailParam, passwordParam, fullNameParam, birthdayParam, genderParam, addressParam, cancelParam, todayParam); } catch (SqlException ex) { throw new Exception(ex.Message); } }
public User_Account checkLogin(string email, string password) { string sql = "SELECT * FROM User_Account WHERE Email= N'" + email + "'"; try { SqlDataReader reader = DataProvider.ExecuteQueryWithDataReader(sql, CommandType.Text); if (reader.Read()) { User_Account user = new User_Account { Email = reader.GetString(0), Password = reader.GetString(1), Full_Name = reader.GetString(2), Birthday = reader.GetDateTime(3), Gender = reader.GetString(4), Address = reader.GetString(5), Cancel_Amount = reader.GetInt32(6), created_Date = reader.GetDateTime(7) }; EncryptionSHA sha = new EncryptionSHA(); bool result = sha.doesPasswordMatch(password, user.Password); return(result ? user : null); } } catch (SqlException ex) { throw new Exception(ex.Message); } return(null); }