public ASFUser GetUser(MembershipInfo user) { ASFUser singleUser = new ASFUser(); using (SqlConnection conn = new SqlConnection(connString)) { // If user has correct password, then select user database string sql = BuildASFUserSQL() + ", b.Password "; string fromUser = @"FROM dbo.ASF_User AS a INNER JOIN dbo.aspnet_Membership as b ON a.Username = b.Username "; string whereUser = @"WHERE a.Username = @Username"; sql = sql + fromUser + whereUser; SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.Add("@Username", SqlDbType.NVarChar).Value = user.Username; try { conn.Open(); SqlDataReader read = cmd.ExecuteReader(); while (read.Read()) { singleUser = new ASFUserCallback().ProcessRow(read); singleUser.Member.Password = read["Password"].ToString() ; } } catch (Exception e) { throw e; } finally { conn.Close(); } } return singleUser; }
public ASFUser DoLogin(MembershipInfo user) { ASFUser singleUser = new ASFUser(); using (SqlConnection conn = new SqlConnection(connString)) { // If user has correct password, then select user database string sql = BuildASFUserSQL(); string sqlMember = @"SELECT a.UserId FROM dbo.aspnet_Membership as b WHERE b.Username = @Username AND b.Password = @Password"; string fromUser = @"FROM dbo.ASF_User AS a"; string whereUser = @" WHERE a.UserId = (" + sqlMember + ")"; sql = sql + fromUser + whereUser; SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.Add("@Username", SqlDbType.Int).Value = user.Username; cmd.Parameters.Add("@Password", SqlDbType.Int).Value = user.Password; try { conn.Open(); SqlDataReader read = cmd.ExecuteReader(); while (read.Read()) { singleUser = new ASFUserCallback().ProcessRow(read); } } catch (Exception e) { throw e; } finally { conn.Close(); } } return singleUser; }