public person Login() { string sql = "select * from CustomersTable where Email = '" + this.Email + "' and Password = '******'"; DataBase db = new DataBase(); DataTable dt = db.ExecuteReader(sql); person per = null; if (dt.Rows.Count > 0) { sql = "select numberIncorrects from CustomersTable where Email = '" + this.Email + "'"; string ret = db.ExecuteScalar(sql); if (int.Parse(ret) > 3) { per = new person() { CustomId = -4 }; return(per); } per = new person((int)dt.Rows[0]["CustomId"], dt.Rows[0]["FullName"].ToString(), dt.Rows[0]["Email"].ToString()); per.CustomId = (int)dt.Rows[0]["CustomId"]; per.IdNumber = dt.Rows[0]["id"].ToString(); per.FullName = dt.Rows[0]["FullName"].ToString(); per.LiccensNumber = dt.Rows[0]["LicenseNumber"].ToString(); per.TelNumber = dt.Rows[0]["Phone"].ToString(); per.PhoneNumber = dt.Rows[0]["Phone"].ToString(); per.role = int.Parse(dt.Rows[0]["role"].ToString()); } else { sql = "select Email from CustomersTable where Email = '" + this.Email + "'"; string ret = db.ExecuteScalar(sql); if (ret != null && ret != "a") { sql = "select numberIncorrects from CustomersTable where Email = '" + this.Email + "'"; ret = db.ExecuteScalar(sql); if (int.Parse(ret) < 4) { sql = "update CustomersTable set numberIncorrects = numberIncorrects + 1 where Email = '" + this.Email + "'"; db.ExecuteNonQuery(sql); per = new person() { CustomId = -2 }; } else { per = new person() { CustomId = -4 }; } } else { per = new person() { CustomId = -3 }; } } return(per); }