dbaccess.cs

提供服务端登陆验证程序（验证码随机改变

using System;
using System.Data;
using System.Data.SqlClient;

namespace MDIServer
{
	/// <summary>
	/// Summary description for DBAccess.
	/// </summary>
	public class DBAccess : IDisposable
	{
		private SqlConnection myConnection;
		public DBAccess()
		{
			myConnection = new SqlConnection(AppConfiguration.ConnectString);
		}

		public bool CheckUser(string userName, ref string password, string encryptedSaltValue, ref string currentSaltValue)
		{
			try
			{
				string commandText = "Select " + AppConfiguration.SaltColoumn + " , " + AppConfiguration.PasswordColumn + " From " 
					+ AppConfiguration.UserTable + " Where " + AppConfiguration.LoginNameColumn 
					+ "=@UserName";
				myConnection.Open();
				SqlCommand myCommand = new SqlCommand(commandText);
				myCommand.Parameters.Add("@UserName",SqlDbType.VarChar);
				myCommand.Parameters["@UserName"].Value = userName;
				SqlDataReader myReader = myCommand.ExecuteReader(CommandBehavior.CloseConnection);
				if(myReader.Read())
				{
					currentSaltValue = myReader.GetString(0);
					password = myReader.GetString(1);
					Encryption myEncryption = new Encryption();
					string eSaltValue = myEncryption.HashString(currentSaltValue);
					if(eSaltValue == encryptedSaltValue)
					{
						return true;
					}
				}
				return false;
			}
			catch(Exception ex)
			{
				return false;
			}
			finally
			{
				myConnection.Close();
			}			
		}

		public bool UpdateUserSalt(string userName, string newSaltValue)
		{
			try
			{
				string commandText = "Update " + AppConfiguration.UserTable + " Set " +  AppConfiguration.SaltColoumn + " = " + "@newSaltValue "
					+ " Where " + AppConfiguration.LoginNameColumn + "=@UserName";
				myConnection.Open();
				SqlCommand myCommand = new SqlCommand(commandText);
				myCommand.Parameters.Add("@UserName",SqlDbType.VarChar);
				myCommand.Parameters["@UserName"].Value = userName;
				myCommand.Parameters.Add("@newSaltValue",SqlDbType.VarChar);
				myCommand.Parameters["@newSaltValue"].Value = newSaltValue;
				int row = myCommand.ExecuteNonQuery();
				if(row == 1)
				{
					return true;
				}
				else
				{
					return false;
				}
			}
			catch
			{
				return false;
			}
			finally
			{
				myConnection.Close();
			}			
		}
		#region IDisposable Members

		public void Dispose()
		{
			myConnection.Dispose();
		}

		#endregion
	}
}