/// <summary>
/// Given the user name and the password, fetch the user information if it is valid.
/// </summary>
/// <param name="userName"></param>
/// <param name="pwd"></param>
/// <returns>A user entity that contains the user information; or <see langword="null"/> if the user fails validation.</returns>
public UserEntity CheckUserInfo(string userName, string pwd)
{
// check whether the user exists and validate the password
using var conn = new MySqlConnection(connStr);
conn.Open();
var sql = $"SELECT * FROM users WHERE user_name = \"{userName}\"";
using var cmd = new MySqlCommand(sql, conn);
using MySqlDataReader reader = cmd.ExecuteReader();
Debug.WriteLine("SQL: " + sql);
if (reader.HasRows) // user exists
{
Debug.WriteLine($"User {userName} exists.");
var pwdMD5 = Encrytor.ComputeMD5(userName + pwd);
reader.Read(); // advance to the first record
var truePwdMD5 = reader.GetString("password");
Debug.WriteLine($"Computed MD5: {pwdMD5}");
if (pwdMD5 == truePwdMD5) // correct password
{
Debug.WriteLine($"Password '{pwd}' is correct!");
var userEntity = new UserEntity()
{
UserName = userName,
RealName = reader.GetString("real_name"),
Avatar = reader.GetString("avatar"),
Gender = reader.GetInt32("gender")
};
Debug.WriteLine(userEntity);
return(userEntity);
}
}
return(null);
}
