/// <summary>
/// Update account in DB, if it does not exist create new
/// </summary>
/// <param name="account"></param>
/// <returns></returns>
public static bool Upsert(Account account)
{
try
{
using (SqlConnection connection = HelperFunctions.GetConnection())
{
connection.Open();
// Make a new hash for the user
var hash = makeHash(account.Password);
account.Password = hash[0];
account.Salt = hash[1];
using (SqlCommand command = new SqlCommand("EXEC UpsertAccount @Username, @Password, @Salt, @RoleId, @BorrowerId"))
{
command.Connection = connection;
command.Parameters.AddWithValue("@Username", account.Username);
command.Parameters.AddWithValue("@Password", account.Password);
command.Parameters.AddWithValue("@Salt", account.Salt);
command.Parameters.AddWithValue("@RoleId", account.RoleId);
command.Parameters.AddWithValue("@BorrowerId", HelperFunctions.ValueOrDBNull(account.BorrowerId));
if (command.ExecuteNonQuery() != 1)
{
return false;
}
}
}
}
catch (Exception)
{
return false;
}
return true;
}
/// <summary>
/// Delete an Account from repository
/// </summary>
/// <param name="account"></param>
/// <returns></returns>
public static bool Delete(Account account)
{
try
{
using (SqlConnection connection = HelperFunctions.GetConnection())
{
connection.Open();
using (SqlCommand command = new SqlCommand("DELETE FROM ACCOUNT WHERE Username = @Username"))
{
command.Connection = connection;
command.Parameters.AddWithValue("@Username", account.Username);
if (command.ExecuteNonQuery() != 1)
{
return false;
}
}
}
}
catch (Exception)
{
return false;
}
return true;
}
/// <summary>
/// Selects row with give username & checks if the password hash with the row salt matches
/// the password hash in the table
/// </summary>
/// <param name="account"></param>
/// <param name="username"></param>
/// <param name="password"></param>
/// <returns></returns>
public static bool GetAccount(out Account account, string username, string password)
{
var accounts = new List<Account>();
var command = new SqlCommand("SELECT * FROM ACCOUNT WHERE Username = @Username");
command.Parameters.AddWithValue("@Username", username);
var ret = getAccounts(out accounts, command);
account = null;
if (ret && accounts.Count > 0)
account = accounts[0];
else
return false;
// Check password
if (makeHash(password, account.Salt) == account.Password)
return true;
else
{
account = null;
return false;
}
}
