public bool getUserFromCookie(string cookieNme) { bool rtn = false; DataTable dt = new DataTable(); string id = HttpContext.Current.Request.Cookies[cookieNme].Value; if (id != null) { try { using (MySqlConnection conn = new MySqlConnection(ConfigurationManager.ConnectionStrings["bbffl"].ToString())) { //do the select here based on the ID //reconstitute the user session and move on using (MySqlCommand comm = new MySqlCommand("Select * FROM users WHERE user_id = @uid", conn)) { conn.Open(); comm.Parameters.AddWithValue("@uid", id); using (MySqlDataReader sdr = comm.ExecuteReader()) { dt.Load(sdr); } } } } catch (Exception ex) { logError(ex); } if (dt.Rows.Count == 1) { foreach (DataRow dr in dt.Rows) { bool adm = false; if (dr["admin"].ToString() == "1" || dr["admin"].ToString().ToLower() == "true") { adm = true; } user u = new user(); u.set_uname(dr["uname"].ToString()); u.set_admin(adm); HttpContext.Current.Session["user"] = u; } rtn = true; } } return rtn; }
public bool authenticate(string n, string p, bool r) { bool rtn = false; DataTable dt = new DataTable(); try { using (MySqlConnection conn = new MySqlConnection(ConfigurationManager.ConnectionStrings["bbffl"].ToString())) { using (MySqlCommand comm = new MySqlCommand("SELECT * FROM users WHERE uname = @n AND psswd = @p", conn)) { conn.Open(); comm.Parameters.AddWithValue("@n", n); comm.Parameters.AddWithValue("@p", p); using (MySqlDataReader sdr = comm.ExecuteReader()) { dt.Load(sdr); } } } } catch (Exception ex) { logError(ex); } if (dt.Rows.Count == 1) { foreach (DataRow dr in dt.Rows) { try { bool adm = false; if (dr["admin"].ToString() == "1" || dr["admin"].ToString().ToLower() == "true") { adm = true; } int uid = int.Parse(dr["user_id"].ToString()); user u = new user(); u.set_uname(dr["uname"].ToString()); u.set_admin(adm); HttpContext.Current.Session["user"] = u; if (r) { writeCookie(uid); } rtn = true; } catch (Exception ex) { logError(ex); } } } return rtn; }