public bool Authenticate(string userID, Password password) { bool authenticated = false; if (userID != null && password != null) { string sql = "select * from tb_UserAccountInfo where UserID=@userid"; SqlCommand sc = new SqlCommand(sql); sc.Parameters.AddWithValue("@userid", userID); DataTable dtuser = da.GetDataTable(sql, sc); if (dtuser != null && dtuser.Rows != null && dtuser.Rows.Count > 0) { try { DataRowWrapper rowWrapper = new DataRowWrapper(dtuser.Rows[0]); Password pwd = rowWrapper.GetTypedColumnValue("Password", typeof(Password)) as Password; if (pwd != null) { if (password.Content == pwd.Content) { authenticated = true; } else { authenticated = false; } // authenticated = password.Equals(pwd); } if (!authenticated) { Password changedPassword = rowWrapper.GetTypedColumnValue("ChangedPassword", typeof(Password)) as Password; if (changedPassword != null) { authenticated = password.Equals(changedPassword); if (authenticated) { AccountInfoProvider.Instance.ChangePassword(userID, changedPassword); } } } } catch (Exception ex) { } } } return authenticated; }
public StatusCode ChangePassword(string userID, Password newPassword) { StatusCode statusCode = StatusCode.Success; try { string sql = "update tb_UserAccountInfo set [ChangedPassword] = [Password], [Password] = @pwd" + " where [UserId] =@userid"; SqlCommand sc = new SqlCommand(sql); sc.Parameters.AddWithValue("@pwd", XMLToString(newPassword)); sc.Parameters.AddWithValue("@userid", userID); da.ExecuteNonQuery(sql, sc); } catch (Exception ex) { statusCode = StatusCode.Fail; } return statusCode; }