/// <summary>
/// Регистрация нового клиента
/// </summary>
/// <param name="client">Данные клиента</param>
/// <returns>Строка ошибки</returns>
public static string Add(Client client)
{
string errorMessage = "OK";
SqlConnection connection = Connect.MakeNewConnect;
try
{
connection.Open();
SqlCommand command = new SqlCommand
{
Connection = connection,
CommandText = $@"INSERT INTO {Constants.BASENAME} VALUES (@type, @surname,
@name, @secondname, @email, @phone, @password)"
};
command.Parameters.AddWithValue("@type", client.Type);
command.Parameters.AddWithValue("@surname", client.Surname);
command.Parameters.AddWithValue("@name", client.Name);
command.Parameters.AddWithValue("@secondname", client.SecondName);
command.Parameters.AddWithValue("@email", client.Email);
command.Parameters.AddWithValue("@phone", client.Phone);
command.Parameters.AddWithValue("@password", MyOwnSecurity.Hash(client.Password));
command.ExecuteNonQuery();
}
catch (SqlException ex)
{
errorMessage = ex.Message;
}
catch (System.Exception ex)
{
errorMessage = ex.Message;
}
finally
{
connection.Close();
}
return(errorMessage);
}
/// <summary>
/// Изменение данных клиента
/// </summary>
/// <param name="client">Данные клиента</param>
/// <returns>Строка ошибки</returns>
public static string Change(Client client)
{
string errorMessage = "OK";
SqlConnection connection = Connect.MakeNewConnect;
try
{
Photo.Push(client.Id, client.Photo);
connection.Open();
SqlCommand command = new SqlCommand
{
Connection = connection,
CommandText = $@"UPDATE {Constants.BASENAME} SET surname = N'{client.Surname}',
name = N'{client.Name}', secondname = N'{client.SecondName}',
email = N'{client.Email}', phone = N'{client.Phone}', password = N'{MyOwnSecurity.Hash(client.Password).ToString()}'
WHERE Id = {client.Id}"
};
command.ExecuteNonQuery();
}
catch (SqlException ex)
{
errorMessage = ex.Message;
}
catch (System.Exception ex)
{
errorMessage = ex.Message;
}
finally
{
connection.Close();
}
return(errorMessage);
}
/// <summary>
/// Вход клиента в приложение
/// </summary>
/// <param name="emailOrPhone">Адрес электронной почты или мобильного телефона клиента</param>
/// <param name="password">Пароль клиента</param>
/// <param name="client">Класс клиента со всеми его данными</param>
/// <returns>Строка ошибки</returns>
public static ResultObj CheckLogin(string emailOrPhone, string password)
{
Client client;
Client newClient = null;
string errorMessage = "OK";
SqlConnection connection = Connect.MakeNewConnect;
try
{
connection.Open();
SqlCommand command = new SqlCommand
{
Connection = connection,
CommandText = $@"SELECT * FROM {Constants.BASENAME} WHERE EMAIL='{emailOrPhone}' OR PHONE='{emailOrPhone}'"
};
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
if (reader.GetValue(7).ToString() != MyOwnSecurity.Hash(password))
{
errorMessage = "Неверный пароль";
}
else
{
newClient = new Client(reader.GetInt32(0),
reader.GetValue(2).ToString(),
reader.GetValue(3).ToString(),
reader.GetValue(4).ToString(),
reader.GetValue(5).ToString(),
reader.GetValue(6).ToString(),
reader.GetValue(7).ToString());
newClient.ChangeType(reader.GetInt32(1));
}
}
reader.Close();
}
else
{
client = null;
errorMessage = "Данная почта не зарегистрирована";
}
}
catch (SqlException ex)
{
newClient = null;
errorMessage = ex.Message;
}
catch (System.Exception ex)
{
newClient = null;
errorMessage = ex.Message;
}
finally
{
connection.Close();
}
client = newClient;
return(new ResultObj {
ErrorMessage = errorMessage, User = client
});
}
