//-------------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// This will also match on the email address
/// (so the user can logon using either email or username)
/// Username is tried first
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
public MGUser GetUser(SecureString emailHash, string ipAddress)
{
//string sqlQuery = "SELECT "+userFields+" FROM " + tnUsers + " WHERE MD5(Email)='"
// + DatabaseInformation.SQL_INJECTION_CHECK_PARAMETER(true, emailHash)
// + "' AND LastIP='"
// +DatabaseInformation.SQL_INJECTION_CHECK_PARAMETER(true, ipAddress)
// +"';";
string sqlQuery = "SELECT " + userFields + " FROM " + tnUsers + " WHERE LastIP='"
+ DatabaseHelper.SQL_INJECTION_CHECK_PARAMETER(true, ipAddress)
+ "';";
string[] row = null;
List <string[]> data = dbInfo.GetDataList(sqlQuery);
if (data != null)
{
foreach (string[] tempRow in data)
{
string tempEmailHash = MD5Hash.GetMd5Sum(tempRow[5]);
if (emailHash.Equals(tempEmailHash))
{
row = tempRow;
break;
}
}
}
// row = dbInfo.ReadLine(sqlQuery);
return(BuildUserInfo(row));
}
