public int InsertCustomer(CustomerLogin customer) { int count = 0; string password; Connection(); SqlCommand cmd = new SqlCommand("uspInsertCustomer", conn); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@Username", customer.Username); cmd.Parameters.AddWithValue("@Firstname", customer.FirstName); cmd.Parameters.AddWithValue("@Lastname", customer.LastName); cmd.Parameters.AddWithValue("@Email", customer.Email); password = Crypto.HashPassword(customer.ConfirmPassword); cmd.Parameters.AddWithValue("@Pass", password); try { conn.Open(); count = cmd.ExecuteNonQuery(); } catch (Exception ex) { message = ex.Message; } finally { conn.Close(); } return(count); }
public string CheckLogin(CustomerLogin user) { string password, username = null; SqlDataReader reader; Connection(); SqlCommand cmd = new SqlCommand("uspLoginCustomer", conn); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@user", user.Username); try { conn.Open(); reader = cmd.ExecuteReader(); while (reader.Read()) { password = reader["Pass"].ToString(); if (password == null) { message = $"{user.Username} not found"; } else { if (Crypto.VerifyHashedPassword(password, user.Password)) { username = reader["Username"].ToString(); } else { message = "Incorrect password entered"; } } } } catch (SqlException ex) { message = ex.Message; } catch (FormatException ex) { message = ex.Message; } finally { conn.Close(); } return(username); }