public static bool AddUser(UserProfile u)
{
bool success = false;
using (SqlConnection conn = new SqlConnection(connectionstring))
{
//try
//{
Guid userGuid = System.Guid.NewGuid();
SqlCommand cmd = new SqlCommand("UserAdd", conn);
string hashedPW = Security.Hash(u.password + userGuid.ToString());
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@Name", u.name));
cmd.Parameters.Add(new SqlParameter("@UserName", u.username));
cmd.Parameters.Add(new SqlParameter("@Password", hashedPW));
cmd.Parameters.Add(new SqlParameter("@GUID", userGuid));
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
success = true;
//}
/*catch
{
success = false;
}*/
}
return success;
}
protected void Register(object sender, EventArgs e)
{
UserProfile newUser = new UserProfile();
newUser.name = name.Text;
newUser.username = inputLogin.Text;
newUser.password = inputPassword.Text;
if (Users.AddUser(newUser))
{
Response.Redirect("~/Default.aspx?Register=true");
}
Response.Redirect("~/Default.aspx?Register=false");
}
public static UserProfile GetUser(int id)
{
UserProfile user = new UserProfile();
using (SqlConnection conn = new SqlConnection(connectionstring))
{
SqlCommand cmd = new SqlCommand("UserGet", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@id", id));
conn.Open();
SqlDataReader dr = cmd.ExecuteReader();
dr.Read();
user.id = Convert.ToInt32(dr["id"]);
user.name = Convert.ToString(dr["Name"]);
user.username = Convert.ToString(dr["UserName"]);
conn.Close();
}
return user;
}
