public static bool verifyUser(string username, string password, string loginType)
        {
            DataTable result = null;

            try
            {
                using (SqlConnection conPrintDB = new SqlConnection(ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString))
                {
                    string strSelect = null;
                    if (loginType.Equals(ROLE_STAFF))
                    {
                        strSelect = "select StaffPassword As Password, StaffSalt As Salt from CompanyStaff where StaffEmail = @uname";
                    }
                    else
                    {
                        strSelect = "select CustomerPassword As Password, CustomerSalt As Salt from Customer where CustomerEmail = @uname";
                    }


                    using (SqlCommand cmdSelect = new SqlCommand(strSelect, conPrintDB))
                    {
                        cmdSelect.Parameters.AddWithValue("@uname", username);

                        using (SqlDataAdapter da = new SqlDataAdapter(cmdSelect))
                        {
                            result = new DataTable();
                            da.Fill(result);
                        }

                        //retrieve password info
                        byte[] storedPassword = (byte[])result.Rows[0]["Password"];
                        byte[] storedSalt     = (byte[])result.Rows[0]["Salt"];

                        //hash password from textbox
                        byte[] hashedPassword = ClassHashing.generateSaltedHash(password, storedSalt);

                        //compare the password and return the result
                        return(ClassHashing.CompareByteArrays(storedPassword, hashedPassword));
                    }
                }
            }
            catch (Exception ex)
            {
                throw new Exception(ex.ToString());
            }
        }
        public static string activateStaff(string verificationCode)
        {
            DataTable result = null;

            byte[] emptyByte = { 0, 0 };
            try
            {
                using (SqlConnection conPrintDB = new SqlConnection(ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString))
                {
                    string strSelect = null;

                    strSelect = "select StaffID, StaffNRIC, StaffSalt from CompanyStaff where StaffPassword = @password";


                    using (SqlCommand cmdSelect = new SqlCommand(strSelect, conPrintDB))
                    {
                        cmdSelect.Parameters.AddWithValue("@password", emptyByte);

                        using (SqlDataAdapter da = new SqlDataAdapter(cmdSelect))
                        {
                            result = new DataTable();
                            da.Fill(result);
                        }

                        //convert verification code to byte array
                        byte[] codeByte = Convert.FromBase64String(verificationCode);

                        for (int i = 0; i < result.Rows.Count; i++)
                        {
                            string staffID   = (string)result.Rows[i]["StaffID"];
                            string staffNRIC = (string)result.Rows[i]["StaffNRIC"];
                            byte[] staffSalt = (byte[])result.Rows[i]["StaffSalt"];
                            if (ClassHashing.CompareByteArrays(ClassHashing.generateSaltedHash(staffID + staffNRIC, staffSalt), codeByte))
                            {
                                return(staffID);
                            }
                        }
                        return(null);
                    }
                }
            }
            catch (Exception ex)
            {
                throw new Exception(ex.ToString());
            }
        }