public person Login()
{
string sql = "select * from CustomersTable where Email = '" + this.Email + "' and Password = '******'";
DataBase db = new DataBase();
DataTable dt = db.ExecuteReader(sql);
person per = null;
if (dt.Rows.Count > 0)
{
sql = "select numberIncorrects from CustomersTable where Email = '" + this.Email + "'";
string ret = db.ExecuteScalar(sql);
if (int.Parse(ret) > 3)
{
per = new person()
{
CustomId = -4
};
return(per);
}
per = new person((int)dt.Rows[0]["CustomId"],
dt.Rows[0]["FullName"].ToString(),
dt.Rows[0]["Email"].ToString());
per.CustomId = (int)dt.Rows[0]["CustomId"];
per.IdNumber = dt.Rows[0]["id"].ToString();
per.FullName = dt.Rows[0]["FullName"].ToString();
per.LiccensNumber = dt.Rows[0]["LicenseNumber"].ToString();
per.TelNumber = dt.Rows[0]["Phone"].ToString();
per.PhoneNumber = dt.Rows[0]["Phone"].ToString();
per.role = int.Parse(dt.Rows[0]["role"].ToString());
}
else
{
sql = "select Email from CustomersTable where Email = '" + this.Email + "'";
string ret = db.ExecuteScalar(sql);
if (ret != null && ret != "a")
{
sql = "select numberIncorrects from CustomersTable where Email = '" + this.Email + "'";
ret = db.ExecuteScalar(sql);
if (int.Parse(ret) < 4)
{
sql = "update CustomersTable set numberIncorrects = numberIncorrects + 1 where Email = '" + this.Email + "'";
db.ExecuteNonQuery(sql);
per = new person()
{
CustomId = -2
};
}
else
{
per = new person()
{
CustomId = -4
};
}
}
else
{
per = new person()
{
CustomId = -3
};
}
}
return(per);
}
