protected void EmailPassword_Click(object sender, EventArgs e) { LoginCredentials findPassword = new LoginCredentials(txtNameEmail.Text); if (findPassword.Username == "dne") Response.Write("<script>alert('No account match was found from input.');</script>"); else { findPassword.EmailLostPassword(); Response.Redirect(@"~/Account/Login.aspx"); } }
protected void LoginButton_Click(object sender, EventArgs e) { LoginCredentials currentCredentials = new LoginCredentials(UserName.Text, Password.Text); bool login = currentCredentials.Authenticate(); if (login == true) { Session["ID"] = currentCredentials.ID; Response.Redirect(@"~/Member/Member.aspx"); } else Response.Write("<script>alert('Account name and password did not match.');</script>"); }
protected void RegisterButton_Click(object sender, EventArgs e) { if (AccountName.Text == "" || Password.Text == "" || Email.Text == "") Response.Write("<script>alert('A field was left blank. Please try again.');</script>"); else { LoginCredentials registeringAccount = new LoginCredentials(AccountName.Text, Password.Text, Email.Text); if (registeringAccount.Register()) { //good for you Response.Redirect(@"~/Default.aspx"); } else Response.Write("<script>alert('Account name or e-mail already in use.');</script>"); } }
public bool Authenticate(LoginCredentials creds) { int userId = -1; SqlCommand cmd = MyConnection.CreateCommand(); cmd.CommandText = "SELECT [ID] FROM [User] WHERE ([UserName] = @Name OR [Email] = @Name) AND [Password] = @Password"; cmd.Parameters.Add(new SqlParameter("@Name", (string)creds.Username)); cmd.Parameters.Add(new SqlParameter("@Password", (string)creds.Password)); MyConnection.Open(); object returnVal = cmd.ExecuteScalar(); MyConnection.Close(); if (returnVal != null) userId = (int)returnVal; if (userId >= 0) { creds.ID = userId; return true; } return false; }