public bool ExistingAccount_Quote(int sessionID)
{
//method variable
bool exist = false;
//establishes a connection and includes sql statement to pull from account_quotes
string sqlConnectString = System.Configuration.ConfigurationManager.ConnectionStrings["myDB"].ConnectionString;
string sqlSelect = "SELECT * FROM account_quotes WHERE accountID=" + sessionID;
MySqlConnection sqlConnection = new MySqlConnection(sqlConnectString);
MySqlCommand sqlCommand = new MySqlCommand(sqlSelect, sqlConnection);
MySqlDataAdapter sqlDa = new MySqlDataAdapter(sqlCommand);
DataTable sqlDt = new DataTable();
sqlDa.Fill(sqlDt);
//checks to see if the account is here
LogonInfo toReturn = new LogonInfo();
toReturn.successfulLogon = false;
if (sqlDt.Rows.Count > 0)
{
exist = true;
}
else
{
exist = false;
}
return(exist);
}
[WebMethod(EnableSession = true)] //NOTICE: gotta enable session on each individual method
public LogonInfo LogOn(string email, string password)
{
//we return this flag to tell them if they logged in or not
bool success = false;
//our connection string comes from our web.config file like we talked about earlier
string sqlConnectString = System.Configuration.ConfigurationManager.ConnectionStrings["myDB"].ConnectionString;
//here's our query. A basic select with nothing fancy. Note the parameters that begin with @
//NOTICE: we added admin to what we pull, so that we can store it along with the id in the session
string sqlSelect = "SELECT * FROM account WHERE email=@emailValue and password=@passValue";
//set up our connection object to be ready to use our connection string
MySqlConnection sqlConnection = new MySqlConnection(sqlConnectString);
//set up our command object to use our connection, and our query
MySqlCommand sqlCommand = new MySqlCommand(sqlSelect, sqlConnection);
//tell our command to replace the @parameters with real values
//we decode them because they came to us via the web so they were encoded
//for transmission (funky characters escaped, mostly)
sqlCommand.Parameters.AddWithValue("@emailValue", HttpUtility.UrlDecode(email));
sqlCommand.Parameters.AddWithValue("@passValue", HttpUtility.UrlDecode(password));
//a data adapter acts like a bridge between our command object and
//the data we are trying to get back and put in a table object
MySqlDataAdapter sqlDa = new MySqlDataAdapter(sqlCommand);
//here's the table we want to fill with the results from our query
DataTable sqlDt = new DataTable();
//here we go filling it!
sqlDa.Fill(sqlDt);
//check to see if any rows were returned. If they were, it means it's
//a legit account
LogonInfo toReturn = new LogonInfo();
toReturn.successfulLogon = false;
if (sqlDt.Rows.Count > 0)
{
//if we found an account, store the id and admin status in the session
//so we can check those values later on other method calls to see if they
//are 1) logged in at all, and 2) and admin or not
Session["accountID"] = sqlDt.Rows[0]["accountID"];
//Session["AdminAbility"] = sqlDt.Rows[0]["AdminAbility"];
//Session["activeAccount"] = sqlDt.Rows[0]["activeAccount"];
//Session["adminAbility"] = sqlDt.Rows[0]["adminAbility"];
success = true;
toReturn.successfulLogon = true;
if (sqlDt.Rows[0]["AdminAbility"].ToString() == "True")
{
toReturn.admin = true;
}
else
{
toReturn.admin = false;
}
if (sqlDt.Rows[0]["activeAccount"].ToString() == "True")
{
toReturn.active = true;
}
else
{
toReturn.active = false;
}
toReturn.accountID = sqlDt.Rows[0]["accountID"].ToString();
}
//return the result!
return(toReturn);
} // end of LogOn
