This repository has been archived on 2023-12-31. You can view files and clone it, but cannot push or open issues or pull requests.
EDA263/lab3/cs_lab3/myWebApplication/SQLaccess.cs
2022-02-23 14:05:00 +01:00

131 lines
4.6 KiB
C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
namespace myWebApplication
{
public class SQLaccess
{
//private static String connectionString = "Data Source=.;Initial Catalog=myVulnappDB;Integrated Security=True";
//private static String connectionString = "Data Source=.\\SQLEXPRESS;Initial Catalog=myVulnappDB;Integrated Security=True";
private static String connectionString = "Data Source=theoden.ce.chalmers.se;Initial Catalog=myVulnappDB;Integrated Security=False;UID=myvulnapp;PWD=myvulnapp";
public static String checkUserPass(String username, String password)
{
SqlConnection conn = new SqlConnection(connectionString);
conn.Open();
//SqlCommand sqlc = new SqlCommand("SELECT Record FROM Table_Users WHERE Username=@username AND Password=@password");
//sqlc.Parameters.AddWithValue("@username", username);
//sqlc.Parameters.AddWithValue("@password", password);
SqlCommand sqlc = new SqlCommand("SELECT Record FROM Table_Users WHERE Username='" + username + "' AND Password='" + password + "'");
sqlc.Connection = conn;
SqlDataReader sdr = sqlc.ExecuteReader();
if (sdr.HasRows == false)
{
return null; //no user
}
else
{
sdr.Read();
return sdr.GetValue(0).ToString();
}
}
public static String GetUserFromID(String ID)
{
SqlConnection conn = new SqlConnection(connectionString);
conn.Open();
SqlCommand sqlc = new SqlCommand("SELECT Username,Password FROM Table_Users WHERE SessionID=@sessionid");
sqlc.Parameters.AddWithValue("@sessionid", ID);
sqlc.Connection = conn;
SqlDataReader sdr = sqlc.ExecuteReader();
if (sdr.HasRows == false)
{
return null; //no user
}
else
{
//can only be one if mechanism works as intended, take the first one
sdr.Read();
return sdr.GetValue(0).ToString();
}
}
public static String GetRecordFromID(String ID)
{
SqlConnection conn = new SqlConnection(connectionString);
conn.Open();
SqlCommand sqlc = new SqlCommand("SELECT Record FROM Table_Users WHERE SessionID=@sessionid");
sqlc.Parameters.AddWithValue("@sessionid", ID);
sqlc.Connection = conn;
SqlDataReader sdr = sqlc.ExecuteReader();
if (sdr.HasRows == false)
{
return null; //no user
}
else
{
//can only be one if mechanism works as intended, take the first one
sdr.Read();
return sdr.GetValue(0).ToString();
}
}
public static Boolean InsertComment(String Name, String Comment)
{
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand sqlc = new SqlCommand("INSERT INTO Table_Comments Values(@name,@comment);");
sqlc.Parameters.AddWithValue("@name", Name);
sqlc.Parameters.AddWithValue("@comment", Comment);
try
{
conn.Open();
sqlc.Connection = conn;
sqlc.ExecuteNonQuery();
return true;
}
catch(Exception ex)
{
System.Diagnostics.Debug.Write(ex.StackTrace);
return false;
}
}
public static Boolean InsertSessionID(String record, String SessionID)
{
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand sqlc = new SqlCommand("UPDATE Table_Users SET SessionID=@sessionid WHERE Record=@record;");
sqlc.Parameters.AddWithValue("@sessionid", SessionID);
sqlc.Parameters.AddWithValue("@record", record);
try
{
conn.Open();
sqlc.Connection = conn;
sqlc.ExecuteNonQuery();
return true;
}
catch (Exception ex)
{
System.Diagnostics.Debug.Write(ex.StackTrace);
return false;
}
}
}
}