public static string Add(Client client)
{
string errorMessage = "OK";
SqlConnection connection = Connect.MakeNewConnect;
try
{
connection.Open();
SqlCommand command = new SqlCommand
{
Connection = connection,
CommandText = $@"INSERT INTO {Constants.BASENAME} VALUES (@id, @surname,
@name, @secondname, @email, @password)"
};
command.Parameters.Add("@id", CurrentId() + 1);
command.Parameters.Add("@surname", client.Surname);
command.Parameters.Add("@name", client.Name);
command.Parameters.Add("@secondname", client.Secondname);
command.Parameters.Add("@email", client.Email);
command.Parameters.Add("@password", MyOwnSecurity.Hash(client.Password));
command.ExecuteNonQuery();
}
catch (SqlException ex)
{
errorMessage = ex.Message;
}
finally
{
connection.Close();
}
return(errorMessage);
}
public static string CheckLogin(string email, string password, out Client client)
{
Client newClient = null;
string errorMessage = "OK";
SqlConnection connection = Connect.MakeNewConnect;
try
{
connection.Open();
SqlCommand command = new SqlCommand
{
Connection = connection,
CommandText = $@"SELECT * FROM Users WHERE EMAIL='{email}'"
};
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
if (reader.GetValue(5).ToString() != MyOwnSecurity.Hash(password))
{
errorMessage = "Неверный пароль";
}
else
{
newClient = new Client(int.Parse(reader.GetValue(0).ToString()),
reader.GetValue(1).ToString(),
reader.GetValue(2).ToString(),
reader.GetValue(3).ToString(),
reader.GetValue(4).ToString(),
reader.GetValue(5).ToString());
}
}
reader.Close();
}
else
{
client = null;
errorMessage = "Данная почта не зарегистрирована";
}
}
catch (SqlException ex)
{
errorMessage = ex.Message;
}
finally
{
connection.Close();
}
client = null;
if (newClient != null)
{
client = newClient;
}
return(errorMessage);
}