public bool Get(Account account) { account.Password = EmployeeDAL.GetMD5(account.Password); Account data = null; using (SqlConnection connection = new SqlConnection(connectionString)) { connection.Open(); SqlCommand cmd = new SqlCommand(); cmd.CommandText = @"SELECT * FROM Employees WHERE Email=@Email and Password=@Password"; cmd.CommandType = CommandType.Text; cmd.Connection = connection; cmd.Parameters.AddWithValue("@Email", account.Email); cmd.Parameters.AddWithValue("@Password", account.Password); using (SqlDataReader dbReader = cmd.ExecuteReader(CommandBehavior.CloseConnection)) { if (dbReader.Read()) { data = new Account() { Email = Convert.ToString(dbReader["Email"]), Password = Convert.ToString(dbReader["Password"]), }; } } connection.Close(); } if (data != null) { return(true); } else { return(false); } }
public UserAccount Authorize(string userName, string password) { UserAccount data = new UserAccount(); password = EmployeeDAL.GetMD5(password); using (SqlConnection connection = new SqlConnection(connectionString)) { connection.Open(); SqlCommand cmd = new SqlCommand(); cmd.CommandText = @"SELECT * FROM Employees WHERE Email=@Email and Password=@Password"; cmd.CommandType = CommandType.Text; cmd.Connection = connection; cmd.Parameters.AddWithValue("@Email", userName); cmd.Parameters.AddWithValue("@Password", password); using (SqlDataReader dbReader = cmd.ExecuteReader(CommandBehavior.CloseConnection)) { if (dbReader.Read()) { data = new UserAccount() { UserID = userName, FullName = Convert.ToString(dbReader["FirstName"]) + " " + Convert.ToString(dbReader["LastName"]), Photo = Convert.ToString(dbReader["PhotoPath"]), GroupName = Convert.ToString(dbReader["GroupName"]) }; } } connection.Close(); } return(data); //return new UserAccount() //{ // UserID = userName, // FullName = "Lê Quý Đôn", // Photo = "don.png" //}; }
public bool Update(Account account) { account.Password = EmployeeDAL.GetMD5(account.Password); //Account data = null; int rowsAffected = 0; using (SqlConnection connection = new SqlConnection(this.connectionString)) { connection.Open(); SqlCommand cmd = new SqlCommand(); cmd.CommandText = @"UPDATE Employees SET Password=@Password WHERE Email=@Email SELECT @@IDENTITY;"; cmd.CommandType = CommandType.Text; cmd.Connection = connection; cmd.Parameters.AddWithValue("@Password", account.Password); cmd.Parameters.AddWithValue("@Email", account.Email); rowsAffected = Convert.ToInt32(cmd.ExecuteNonQuery()); connection.Close(); } return(rowsAffected > 0); }