//Checks the password is correct for given username and returns user object if correct
//Returns null if login details incorrect
public static User login(string username, string password)
{
int count;
string salt;
string email;
int userID, isArtist;
try{
//Check if username already registered
count = (int)SqlComm.SqlReturn("usernameCount @username='******'");
if (count > 0)
{
salt = (string)SqlComm.SqlReturn("getSalt @username='******'");
password = SqlComm.Enc(password + salt);
count = (int)SqlComm.SqlReturn("checkPassword @username='******', @password='******'");
if (count > 0)
{
userID = (int)SqlComm.SqlReturn("getUserID @username='******'");
email = (string)SqlComm.SqlReturn("getEmail @userID=" + userID);
isArtist = (int)SqlComm.SqlReturn("getIsArtist @userID=" + userID);
return(new User(username, userID, email, isArtist));
}
}
return(null);
}catch {
return(new User());
}
}
//Updates the password of the given user
private void updatePassword(int userID, string password)
{
string salt;
string sql;
salt = (string)SqlComm.SqlReturn("getSalt @username='******'");
password = SqlComm.Enc(password + salt);
sql = "updatePassword @userID =" + userID + ",@password ='******'";
SqlComm.SqlExecute(sql);
}
//Inserts the given details into the database if both email and username are not already registered
//Returns a string with message indicated whether insert was succesful or reason why it wasn't
public static string insert(string username, int isArtist, string email, string password)
{
string sql, salt;
int count;
int userID;
string dbMessage;
//Get salt and hash password
salt = SqlComm.CreateSalt();
password = SqlComm.Enc(password + salt);
//Check if email already registered
count = (int)SqlComm.SqlReturn("emailCount @email='" + email + "'");
if (count < 1)
{
//Check if username already registered
count = (int)SqlComm.SqlReturn("usernameCount @username='******'");
if (count < 1)
{
//If not already registered insert into database
sql = "insertNewUser @userName='******' , @email='" + email + "', @isArtist ='" + isArtist + "',@userPassword = '******',@salt='" + salt + "'";
SqlComm.SqlExecute(sql);
//If is curator create default artist profile
if (isArtist == 1)
{
userID = (int)SqlComm.SqlReturn("getUserID @username='******'");
Artist.insert(userID, username, "", "");
}
dbMessage = "";
}
else
{
dbMessage = "Username already registered";
}
}
else
{
dbMessage = "Email already registered";
}
return(dbMessage);
}