public User GetUserNameAndPassword(string userName, object passWord)
{
SqlConnection connection = new SqlConnection(dbConnectionString);
string query = "SELECT * FROM tbl_users WHERE username = '******' AND password = '******'";
SqlCommand command = new SqlCommand(query, connection);
connection.Open();
SqlDataReader reader = command.ExecuteReader();
User aUser = new User();
if (reader.Read())
{
aUser.Id = int.Parse(reader["id"].ToString());
aUser.UserName = reader["username"].ToString();
aUser.PassWord = reader["password"].ToString();
aUser.Email = reader["email"].ToString();
aUser.FullName = reader["fullname"].ToString();
}
reader.Close();
connection.Close();
return aUser;
}
public string Save(User user)
{
if (userGateway.Save(user) > 0)
{
return "<span style='color:green'>Registration Success</span>";
}
else
{
return "<span style='color:red'>Registration Failed!</span>";
}
}
public int Save(User user)
{
SqlConnection connection = new SqlConnection(dbConnectionString);
string query = "INSERT INTO tbl_users(username,password,fullname,email,date)VALUES('" + user.UserName + "','" + user.PassWord + "','" +
user.FullName + "','" + user.Email + "','" + DateTime.Now + "')";
SqlCommand command = new SqlCommand(query, connection);
connection.Open();
int rowAf = command.ExecuteNonQuery();
connection.Close();
return rowAf;
}
protected void registrationButton_Click(object sender, EventArgs e)
{
User user = new User();
user.FullName = fullNameTextBox.Text;
user.Email = emailTextBox.Text;
user.UserName = userNameTextBox.Text;
user.PassWord = passwordTextBox.Text;
string sucMess = userManager.Save(user);
msg.InnerHtml = sucMess;
}