private void bt_signup_Click(object sender, EventArgs e)
{
if (tb_username.Text.Equals("") || tb_password.Text.Equals("") || tb_confirmpassword.Text.Equals(""))
{
MessageBox.Show("One or more of the fields is empty!");
return;
}
if (tb_username.Text.Length < 5)
{
MessageBox.Show("username is shorter than 6 chars");
return;
}
if (tb_password.Text.Length < 6)
{
MessageBox.Show("Password is shorter than 6 chars");
return;
}
if (!tb_confirmpassword.Text.Equals(tb_password.Text))
{
MessageBox.Show("Passwords don't match");
return;
}
string cn_string = Properties.Settings.Default.DatabaseConnectionString;
SqlConnection cn_connection = new SqlConnection(cn_string);
if (cn_connection.State != ConnectionState.Open)
{
cn_connection.Open();
}
string sql_Text = "Select * from users where username= @username";
SqlCommand cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.Parameters.AddWithValue("@username", this.tb_username.Text);
SqlDataReader dr = cmd_Command.ExecuteReader();
if (dr.HasRows == true)
{
MessageBox.Show("username already exists", "Error");
return;
}
else
{
dr.Close();
String pw = DataEncrypt.Create_Salt(tb_username.Text, tb_password.Text);
String pwmd5 = DataEncrypt.Create_MD5(pw);
sql_Text = "INSERT INTO users(username, password, blocked) " +
"Values('" + tb_username.Text + "', '" + pwmd5 + "', '" + 0 + "')";
cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.ExecuteNonQuery();
MessageBox.Show("Successfully completed!");
}
}
private void bt_signin_Click(object sender, EventArgs e)
{
if (tb_username.Text.Equals("") || tb_password.Text.Equals("") || tb_mathproblem.Text.Equals(""))
{
MessageBox.Show("One or more of the fields is empty!");
return;
}
if (tb_username.Text.Length < 5)
{
MessageBox.Show("username is shorter than 6 chars");
return;
}
if (tb_password.Text.Length < 6)
{
MessageBox.Show("Password is shorter than 6 chars");
return;
}
if (!tb_mathproblem.Text.Equals(answer.ToString()))
{
MessageBox.Show("Wrong Captcha Answer");
GenerateCaptcha();
return;
}
int blocked = 0;
string cn_string = Properties.Settings.Default.DatabaseConnectionString;
SqlConnection cn_connection = new SqlConnection(cn_string);
if (cn_connection.State != ConnectionState.Open)
{
cn_connection.Open();
}
String sql_Text = "Select * from users where username= @username";
SqlCommand cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.Parameters.AddWithValue("@username", this.tb_username.Text);
SqlDataReader dr = cmd_Command.ExecuteReader();
if (dr.Read())
{
blocked = Int32.Parse(dr["blocked"].ToString());
cn_connection.Close();
}
// Check if numoftries > 5, and block the account
if (blocked >= 5)
{
MessageBox.Show("This account is disabled due to multiple requests to sign in! please contact the administrator \n or just edit the database :)");
return;
}
// Encryt data and Grant Access
dr.Close();
if (cn_connection.State != ConnectionState.Open)
{
cn_connection.Open();
}
String aftersalt = DataEncrypt.Create_Salt(tb_username.Text, tb_password.Text);
aftersalt = DataEncrypt.Create_MD5(aftersalt);
sql_Text = "SELECT count (*) from users where username=@user and password=@pwd";
cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.Parameters.AddWithValue("@user", tb_username.Text);
cmd_Command.Parameters.AddWithValue("@pwd", aftersalt);
if (cmd_Command.ExecuteScalar().ToString() == "1")
{
MessageBox.Show("GRANTED ACCESS", "Access");
sql_Text = "update users set blocked='" + 0 + "' where username='******';";
cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.ExecuteNonQuery();
}
else
{
MessageBox.Show("username or password are invalid", "Error");
if (cn_connection.State != ConnectionState.Open)
{
cn_connection.Open();
}
sql_Text = "Select * from users where username= @username";
cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.Parameters.AddWithValue("@username", this.tb_username.Text);
dr = cmd_Command.ExecuteReader();
if (dr.Read())
{
blocked = Int32.Parse(dr["blocked"].ToString());
}
dr.Close();
// "Update info set id='"+txtId.Text+"', name='"+txtName.Text+"' where id='"+listBox1.SelectedItem.ToString()+"' and name= '"+listBox2.SelectedItem.ToString()+"'";
sql_Text = "update users set blocked='" + (blocked + 1) + "' where username='******';";
//"UPDATE users SET blocked='" + blocked++ + "' where username='******'";
cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.ExecuteNonQuery();
sql_Text = "Select * from users where username= @username";
cmd_Command = new SqlCommand(sql_Text, cn_connection);
cmd_Command.Parameters.AddWithValue("@username", this.tb_username.Text);
dr = cmd_Command.ExecuteReader();
if (dr.Read())
{
blocked = Int32.Parse(dr["blocked"].ToString());
dr.Close();
}
}
}
