/// <summary>
/// Ändert das Passwort des Users.
/// </summary>
/// <param name="newPassword"></param>
public void SetPassword(string newPassword)
{
using (MySqlCommand command = MySqlConnection.CreateCommand())
{
command.CommandText = "UPDATE user SET password=@password WHERE id=@userID";
command.Parameters.AddWithValue("@userID", UserId);
command.Parameters.AddWithValue("@password", PasswordUtils.GetHash(newPassword));
command.ExecuteNonQuery();
}
}
/// <summary>
/// Löscht den Benutzer
/// </summary>
/// <param name="username">Username des zu löschenden Users.</param>
/// <param name="password">Passwort des zu löschenden Users.</param>
/// <returns>True, wenn das Löschen erfolgreich war.</returns>
public bool DeleteUser(string username, string password)
{
if (!CheckLogin(username, password))
{
return(false);
}
using (MySqlCommand command = MySqlConnection.CreateCommand())
{
command.CommandText = "DELETE FROM user WHERE name=@username AND password=@password";
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", PasswordUtils.GetHash(password));
command.ExecuteNonQuery();
return(true);
}
}
/// <summary>
/// Erstellt einen neuen User.
/// </summary>
/// <param name="username">Username des neuen Users.</param>
/// <param name="password">Password des neuen Users.</param>
/// <returns>True, wenn die Registrierung erfolgreich war.</returns>
public bool Register(string username, string password)
{
if (Exists(username))
{
return(false);
}
using (MySqlCommand command = MySqlConnection.CreateCommand())
{
command.CommandText = "INSERT INTO user (name, password) VALUES (@username, @password)";
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@password", PasswordUtils.GetHash(password));
command.ExecuteNonQuery();
return(true);
}
}
/// <summary>
/// Überprüft die Anmeldedaten eines Users.
/// </summary>
/// <param name="username">Der Name des Users.</param>
/// <param name="password">Das Passwort des Users.</param>
/// <returns>True, wenn der Login erfolgreich war.</returns>
private bool CheckLogin(string username, string password)
{
if (!Exists(username))
{
return(false);
}
using (MySqlCommand command = MySqlConnection.CreateCommand())
{
command.CommandText = "SELECT password FROM user WHERE name=@username";
command.Parameters.AddWithValue("@username", username);
using (MySqlDataReader reader = command.ExecuteReader())
{
return(reader.Read() && (PasswordUtils.GetHash(password) == reader[0] as string));
}
}
}
