/// <summary> /// Ändert das Passwort des Users. /// </summary> /// <param name="newPassword"></param> public void SetPassword(string newPassword) { using (MySqlCommand command = MySqlConnection.CreateCommand()) { command.CommandText = "UPDATE user SET password=@password WHERE id=@userID"; command.Parameters.AddWithValue("@userID", UserId); command.Parameters.AddWithValue("@password", PasswordUtils.GetHash(newPassword)); command.ExecuteNonQuery(); } }
/// <summary> /// Löscht den Benutzer /// </summary> /// <param name="username">Username des zu löschenden Users.</param> /// <param name="password">Passwort des zu löschenden Users.</param> /// <returns>True, wenn das Löschen erfolgreich war.</returns> public bool DeleteUser(string username, string password) { if (!CheckLogin(username, password)) { return(false); } using (MySqlCommand command = MySqlConnection.CreateCommand()) { command.CommandText = "DELETE FROM user WHERE name=@username AND password=@password"; command.Parameters.AddWithValue("@username", username); command.Parameters.AddWithValue("@password", PasswordUtils.GetHash(password)); command.ExecuteNonQuery(); return(true); } }
/// <summary> /// Erstellt einen neuen User. /// </summary> /// <param name="username">Username des neuen Users.</param> /// <param name="password">Password des neuen Users.</param> /// <returns>True, wenn die Registrierung erfolgreich war.</returns> public bool Register(string username, string password) { if (Exists(username)) { return(false); } using (MySqlCommand command = MySqlConnection.CreateCommand()) { command.CommandText = "INSERT INTO user (name, password) VALUES (@username, @password)"; command.Parameters.AddWithValue("@username", username); command.Parameters.AddWithValue("@password", PasswordUtils.GetHash(password)); command.ExecuteNonQuery(); return(true); } }
/// <summary> /// Überprüft die Anmeldedaten eines Users. /// </summary> /// <param name="username">Der Name des Users.</param> /// <param name="password">Das Passwort des Users.</param> /// <returns>True, wenn der Login erfolgreich war.</returns> private bool CheckLogin(string username, string password) { if (!Exists(username)) { return(false); } using (MySqlCommand command = MySqlConnection.CreateCommand()) { command.CommandText = "SELECT password FROM user WHERE name=@username"; command.Parameters.AddWithValue("@username", username); using (MySqlDataReader reader = command.ExecuteReader()) { return(reader.Read() && (PasswordUtils.GetHash(password) == reader[0] as string)); } } }