private void btn_submit_Click(object sender, EventArgs e)
{
string layer1 = db.getMD5(txt_pass.Text);
string layer2 = db.getMD5(layer1);
string layer3 = db.getMD5(layer2);
string layer4 = db.getMD5(layer3);
string layer5 = db.getMD5(layer4);
string command = "select * from clinic.users where user_id =@id and password = @pass and active ='Y'";
MySqlConnection con = new MySqlConnection(conString());
MySqlCommand cmd = new MySqlCommand(command, con);
con.Open();
cmd.Parameters.AddWithValue("@id", this.dsp_myid.Text); //Admin ID
cmd.Parameters.AddWithValue("@pass", layer5.ToString());
MySqlDataReader dr = cmd.ExecuteReader();;
if (dr.HasRows)
{
//con.Open();
update();
this.Close();
}
else
{
MessageBox.Show("Wrong Password!");
}
con.Close();
con.Dispose();
}
private void btn_save_Click(object sender, EventArgs e)
{
if (new_pass.Text != re_pass.Text)
{
MessageBox.Show("Password did not match!");
new_pass.Text = "";
re_pass.Text = "";
new_pass.Focus();
pass_check.Visible = false;
rpass_check.Visible = false;
}
else if (new_pass.Text == re_pass.Text)
{
string pass = re_pass.Text;
//encrypt
string layer1 = db.getMD5(pass);
string layer2 = db.getMD5(layer1);
string layer3 = db.getMD5(layer2);
string layer4 = db.getMD5(layer3);
string layer5 = db.getMD5(layer4);
MySqlConnection con = new MySqlConnection("Server=localhost;user id = dbconnection; password = 09353276080; Database = clinic");
string command = "UPDATE clinic.users SET password =@pass where user_id ='" + this.dsp_id.Text + "'";
MySqlCommand cmd = new MySqlCommand(command, con);
cmd.Parameters.AddWithValue("@pass", layer5.ToString());
MySqlDataReader reader;
try
{
con.Open();
reader = cmd.ExecuteReader();
MessageBox.Show("Succesfully Updated!");
while (reader.Read())
{
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
//public string conString()
//{
// return ""; ;
//}
private void btnCreate_Click(object sender, EventArgs e)
{
MySqlConnection con = new MySqlConnection("Server=localhost;user id = dbconnection; password = 09353276080; Database = clinic");
con.Open();
MySqlCommand cmd = new MySqlCommand("select * from users where username=@Name", con);
cmd.Parameters.AddWithValue("@Name", txt_uname.Text);
MySqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
MessageBox.Show("Username already taken!");
txt_uname.Text = "";
}
else
{
dbProvider db = new dbProvider();
int a = 0;
int idemp = a;
string fname = txt_fname.Text;
string lname = txt_lname.Text;
string uname = txt_uname.Text;
string pass = txt_repass.Text;
string gender = txt_gender.Text.ToString();
string acctype = txt_AccountType.Text.ToString();
string pos = txt_position.Text.ToString();
string stat = txt_stat.Text.ToString();
string active = "Y";
string number = contact_number.Text;
//encrypt
string layer1 = db.getMD5(pass);
string layer2 = db.getMD5(layer1);
string layer3 = db.getMD5(layer2);
string layer4 = db.getMD5(layer3);
string layer5 = db.getMD5(layer4);
if (fname == "" || lname == "" || uname == "" || pass == "" || gender == "" || stat == "" || number == "" || acctype == "" || pos == "")
{
MessageBox.Show("Please complete the form!");
}
else if (fname != "" || lname != "" || uname != "" || pass != "" || gender != "" || stat != "" || number != "" || acctype != "" || pos != "")
{
if (txt_pass.Text != txt_repass.Text)
{
MessageBox.Show("Password did not match!");
txt_pass.Text = "";
txt_repass.Text = "";
}
else
{
db.add(idemp, fname, lname, uname, layer5, number, gender, acctype, pos, stat, active);
MessageBox.Show("Account sucessfuly registered!");
this.Close();
}
}
}
}
private void btnLogin_Click(object sender, EventArgs e)
{
string layer1 = db.getMD5(txtPass.Text);
string layer2 = db.getMD5(layer1);
string layer3 = db.getMD5(layer2);
string layer4 = db.getMD5(layer3);
string layer5 = db.getMD5(layer4);
string connect = "Server=localhost;user id = dbconnection; password = 09353276080; Database = clinic";
string command = "select * from clinic.users where username = '******' and password = '******' and active ='Y'";
MySqlConnection con = new MySqlConnection(connect);
MySqlCommand cmd = new MySqlCommand(command, con);
MySqlDataReader dr;
int counter = 0;
try
{
con.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{
counter += 1;
name = dr.GetValue(1).ToString();
acct = dr.GetValue(7).ToString();
aID = dr.GetValue(0).ToString();
SystemSounds.Hand.Play();
MessageBox.Show("Welcome " + name + "!");
}
con.Close();
con.Dispose();
{
if (counter == 1)
{
con.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{
acct = dr.GetValue(7).ToString();
if (acct == "Admin")
{
Home home = new Home();
home.dsp_name.Text = name;
home.dsp_id.Text = aID;
this.Hide();
home.ShowDialog();
this.Show();
}
else if (acct == "Employee")
{
My_Patients mp = new My_Patients();
this.Hide();
mp.ShowDialog();
this.Show();
}
}
con.Close();
con.Dispose();
}
else
{
SystemSounds.Exclamation.Play();
MessageBox.Show("Wrong username/password");
}
}
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
}
txtPass.Text = String.Empty;
txtUser.SelectAll();
txtUser.Focus();
}