public static User logIn(string userName, string password)
{
SqlCommand commangLogIn = connection.CreateCommand();
commangLogIn.CommandText = "SELECT firstName, lastName, photoURL FROM Users WHERE userName = '******' AND password = '******'";
SqlDataReader reader = commangLogIn.ExecuteReader();
if (!reader.HasRows)
{
reader.Close();
return null;
}
User currentUser = null;
while (reader.Read())
{
currentUser =
new User(userName,
password,
(string)reader["firstName"],
(string)reader["lastName"],
(string)reader["photoURL"]);
}
reader.Close();
return currentUser;
}
public static void insertUser(User newUser)
{
SqlCommand commandInsert = connection.CreateCommand();
commandInsert.CommandText = @"Insert Into Users(id, userName, password, firstName, lastName, photoURL)" +
@"Values ('" + usersCount++ + "', '" + newUser.UserName + "', '" + newUser.Password + "' , '" +
newUser.FirstName + "', '" + newUser.LastName + "' , '" +
newUser.PhotoURL + "')";
commandInsert.ExecuteNonQuery();
}
public UserInfoForm(User user)
: this()
{
currentUser = user;
}