public LoginResp Login(LoginRequestDto loginRequest) { using (var client = new SqlConnection(connString)) using (var com = new SqlCommand()) { com.CommandText = "select * from Salt where saltID=@id"; com.Parameters.AddWithValue("id", 1); client.Open(); com.Connection = client; var dr = com.ExecuteReader(); dr.Read(); var saltc = dr["salt"].ToString(); loginRequest.password = PasswordGenerator.Create(loginRequest.password, saltc); com.CommandText = "select * from student where Indexnumber=@index and password=@pass"; com.Parameters.AddWithValue("pass", loginRequest.password); com.Parameters.AddWithValue("index", loginRequest.login); dr.Close(); var dr2 = com.ExecuteReader(); if (!dr2.Read()) { return(null); } var response = new LoginResp(); response.login = dr2["IndexNumber"].ToString(); response.name = dr2["LastName"].ToString(); return(response); } }
public LoginResponse Login(LoginRequest loginRequest) { using (var client = new SqlConnection("Data Source=db-mssql.pjwstk.edu.pl;Initial Catalog=2019SBD;Integrated Security=True")) using (var com = new SqlCommand()) { com.CommandText = "select * from Salt where saltID=@id"; com.Parameters.AddWithValue("id", 1); client.Open(); com.Connection = client; var dr = com.ExecuteReader(); dr.Read(); var saltc = dr["salt"].ToString(); loginRequest.password = PasswordGenerator.Create(loginRequest.password, saltc); com.CommandText = "select * from student where Indexnumber=@index and password=@pass"; com.Parameters.AddWithValue("pass", loginRequest.password); com.Parameters.AddWithValue("index", loginRequest.login); dr.Close(); var dr2 = com.ExecuteReader(); if (!dr2.Read()) { return(null); } var response = new LoginResponse(); response.login = dr2["IndexNumber"].ToString(); response.name = dr2["LastName"].ToString(); return(response); } }