/// <summary>
/// Verifies Login Information
/// </summary>
/// <param name="UserName"></param>
/// <param name="Password"></param>
/// <returns></returns>
public static bool CheckLogin(string UserName, string Password)
{
using (SqlConnection conn = ConnectionFactory.DistributeConnection("DB"))
{
conn.Open();
string sql = "SELECT salt,password FROM WEBSITE_ADMIN WHERE username=@Username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add(new SqlParameter("@Username", UserName));
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
{
if (Global_Functions.GetHashString(Password, dr["salt"].ToString()) == dr["password"].ToString())
{
UpdateLastLogin(UserName);
dr.Close();
conn.Close();
conn.Dispose();
return(true);
}
}
dr.Close();
}
}
return(false);
}
/// <summary>
/// Used to Create a New Admin Account
/// </summary>
/// <param name="UserName"></param>
/// <param name="Password"></param>
public static void InsertAdmin(string UserName, string Password)
{
string salt = Global_Functions.SaltGenerator();
string hashPass = Global_Functions.GetHashString(Password, salt);
using (SqlConnection conn = ConnectionFactory.DistributeConnection("DB"))
{
conn.Open();
string sql = "INSERT INTO WEBSITE_ADMIN (username, password,last_login,active,salt) VALUES (@Username, @Password, @LastLogin, @Active, @Salt)";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add(new SqlParameter("@Username", UserName));
cmd.Parameters.Add(new SqlParameter("@Password", hashPass));
cmd.Parameters.Add(new SqlParameter("@Salt", salt));
cmd.Parameters.Add(new SqlParameter("@LastLogin", DateTime.Now));
cmd.Parameters.Add(new SqlParameter("@Active", 1));
cmd.ExecuteNonQuery();
}
}
