/// <summary> /// Checks if user with given password exists in the database /// </summary> /// <param name="_username">User name</param> /// <param name="_password">User password</param> /// <returns>True if user exist and password is correct</returns> public static string IsValid(string _username, string _password) { DbConnSingleton db = DbConnSingleton.getDbInstance(); using (var conn = db.GetDBConnection()) { string _sql = @"SELECT role FROM credentials " + @"WHERE username = @u AND password = @p"; var cmd = new MySqlCommand(_sql, conn); cmd.Parameters .Add(new MySqlParameter("@u", MySqlDbType.String)) .Value = _username; cmd.Parameters .Add(new MySqlParameter("@p", MySqlDbType.String)) .Value = Helpers.LoginEncryption.Encode(_password); string reader = cmd.ExecuteScalar().ToString(); if (!reader.Equals(null)) { cmd.Dispose(); return(reader.ToString()); } else { cmd.Dispose(); return(null); } } }
/// <summary> /// Registers the user into the system /// </summary> /// <param name="_username"></param> /// <param name="_password"></param> /// <param name="_email"></param> /// <param name="_role"></param> /// <param name="_uin"></param> /// <param name="_firstname"></param> /// <param name="_lastname"></param> /// <param name="_major"></param> /// <param name="_degree"></param> /// <param name="_address"></param> /// <param name="_phone"></param> /// <returns></returns> public static bool RegisterUser(string _username, string _password, string _email, string _role, double _uin, string _firstname, string _lastname, string _major, string _degree, string _address, double _phone) { DbConnSingleton db = DbConnSingleton.getDbInstance(); using (var conn = db.GetDBConnection()) { string _sql = "spRegisterUser"; var cmd = new MySqlCommand(_sql, conn); cmd.Parameters.AddWithValue("username", _username); cmd.Parameters.AddWithValue("password", Helpers.LoginEncryption.Encode(_password)); cmd.Parameters.AddWithValue("emailid", _email); cmd.Parameters.AddWithValue("role", _role); cmd.Parameters.AddWithValue("uid", _uin); cmd.Parameters.AddWithValue("fname", _firstname); cmd.Parameters.AddWithValue("lname", _lastname); cmd.Parameters.AddWithValue("major", _major); cmd.Parameters.AddWithValue("degree", _degree); cmd.Parameters.AddWithValue("address", _address); cmd.Parameters.AddWithValue("phone", _phone); cmd.CommandType = CommandType.StoredProcedure; int reader = cmd.ExecuteNonQuery(); if (reader != -1) { cmd.Dispose(); return(true); } else { cmd.Dispose(); return(false); } } }