public UserModel AuthenticateUser(UserModel user) { UserModel result = null; using (SqlConnection con = new SqlConnection()) { con.ConnectionString = _connString; con.Open(); using (SqlCommand cmd = new SqlCommand()) { cmd.Connection = con; cmd.CommandText = $"SELECT * FROM Users WHERE Username='******'"; SqlDataReader rd = cmd.ExecuteReader(); if (rd.Read()) { result = new UserModel() { UserName = rd["Username"].ToString(), EmailAddress = rd["Email"].ToString(), Password = rd["Password"].ToString() }; if (!PaasswordHashing.Verify(result.Password, user.Password)) { result = null; } } con.Close(); } } return(result); }
public void AddUser(UserModel newUser) { using (SqlConnection con = new SqlConnection()) { con.ConnectionString = _connString; using (SqlCommand cmd = new SqlCommand()) { con.Open(); cmd.Connection = con; if (CheckIfUserExists(newUser.UserName, cmd)) { throw new DuplicateNameException(); } con.Close(); } using (SqlCommand cmd = new SqlCommand()) { con.Open(); cmd.Connection = con; //TODO: add command lines for adding roles with new user cmd.CommandText = "INSERT INTO Users (Username, Email, Password, FirstName, LastName)" + $" VALUES ('{newUser.UserName}', '{newUser.EmailAddress}', '{PaasswordHashing.HashPassword(newUser.Password)}', '{newUser.FirstName}', '{newUser.LastName}')"; cmd.ExecuteNonQuery(); con.Close(); } } }