public static UserAccount Attempt(string username, string password) { if (username.Length > 16 || string.IsNullOrEmpty(password)) { return null; } MySqlConnection connection = MySQLConnector.GetConnection(); if (connection != null) { MySqlCommand command = new MySqlCommand("SELECT `id`,`username`,`created_at`,`last_login`,`role` FROM `users` WHERE `username`=@username AND `password`=@password ORDER BY `id` ASC LIMIT 1", connection); command.Prepare(); command.Parameters.AddWithValue("@username", username); command.Parameters.AddWithValue("@password", Hash(password)); MySqlDataReader reader = command.ExecuteReader(); while (reader.Read()) { int id = reader.GetInt32("id"); UserAccount account = new UserAccount(id, reader.GetString("username"), reader.GetString("created_at"), reader.GetString("last_login"), reader.GetString("role")); connection.Close(); connection = MySQLConnector.GetConnection(); MySqlCommand updateCommand = new MySqlCommand("UPDATE `users` SET `last_login`=NOW() WHERE `id`=@id ORDER BY `id` ASC LIMIT 1", connection); updateCommand.Prepare(); updateCommand.Parameters.AddWithValue("@id", id); updateCommand.ExecuteReader(); connection.Close(); return account; } } connection.Close(); return null; }
public static UserAccount Find(string username) { MySqlConnection connection = MySQLConnector.GetConnection(); if (connection != null) { MySqlCommand command = new MySqlCommand("SELECT `id`,`username`,`created_at`,`last_login`,`role` FROM `users` WHERE `username`=@username ORDER BY `id` ASC LIMIT 1", connection); command.Prepare(); command.Parameters.AddWithValue("@username", username); MySqlDataReader reader = command.ExecuteReader(); while (reader.Read()) { UserAccount account = new UserAccount(reader.GetInt32("id"), reader.GetString("username"), reader.GetString("created_at"), reader.GetString("last_login"), reader.GetString("role")); connection.Close(); return account; } } return null; }