private void Login_Request(object sender, RoutedEventArgs e)
{
String username = UsernameBox.Text;
String password = passwordBox.Password;
if (Validate_Credentials(username, password))
{
String inputOTP = "";
InputDialogBox inputDialog = new InputDialogBox("Enter Your OTP Code:");
if (inputDialog.ShowDialog() == true)
{
inputOTP = inputDialog.Answer;
}
if (Validate_OTP(inputOTP, username))
{
Messenger.Default.Send <string>("GrantedView");
}
}
}
private void getTOTP(string fullname)
{
SQLiteConnection connection = OpenConnection();
string cmdString = ""; string middlename = ""; string lastname = "";
fullname = fullname.Remove(0, fullname.IndexOf(" ") + 1);
var names = fullname.Split(' ');
string firstname = names[0];
if (names.Length == 2)
{
lastname = names[1];
cmdString = @"SELECT COUNT(*) FROM Accounts WHERE Firstname = @fname AND Lastname = @lname";
}
else
{
middlename = names[1];
lastname = names[2];
cmdString = @"SELECT COUNT(*) FROM Accounts WHERE Firstname = @fname AND Middlename = @mname AND Lastname = @lname";
}
SQLiteCommand cmd = new SQLiteCommand(cmdString, connection);
cmd.Prepare();
cmd.Parameters.Add("@fname", DbType.String).Value = firstname;
if (names.Length == 3)
{
cmd.Parameters.Add("@mname", DbType.String).Value = middlename;
}
cmd.Parameters.Add("@lname", DbType.String).Value = lastname;
int userRecords = Convert.ToInt32(cmd.ExecuteScalar());
if (userRecords > 1)
{
string username = "";
MessageBox.Show("More than 1 Account was found with these credentials. Please type in the username of the account to confirm.", "Caution! Attention Required!");
bool foundAccount = false;
while (!foundAccount)
{
InputDialogBox inputDialog = new InputDialogBox("Enter The Account Username:"******"SELECT COUNT(*) FROM Accounts WHERE Username = @user AND Firstname = @fname" +
((!string.IsNullOrEmpty(middlename) ? " AND Middlename = @mname" : "")) + " AND Lastname = @lname", connection);
cmd.Prepare();
cmd.Parameters.Add("@user", DbType.String).Value = username;
cmd.Parameters.Add("@fname", DbType.String).Value = firstname;
if (!string.IsNullOrEmpty(middlename))
{
cmd.Parameters.Add("@mname", DbType.String).Value = middlename;
}
cmd.Parameters.Add("@lname", DbType.String).Value = lastname;
int userExists = Convert.ToInt32(cmd.ExecuteScalar());
if (userExists == 1)
{
foundAccount = true;
}
else
{
MessageBox.Show("User not found. Confirm username of the account and try again later.", "Error!");
return;
}
}
cmd = new SQLiteCommand(@"SELECT OTP_Token FROM Accounts WHERE Username = @Username", connection);
cmd.Prepare();
cmd.Parameters.Add("@Username", DbType.String).Value = username;
string totpToken = cmd.ExecuteScalar().ToString();
ShowQRWindow showQR = new ShowQRWindow(totpToken, username);
showQR.Show();
this.Close();
}
else
{
cmdString = cmdString.Replace("COUNT(*)", "OTP_Token, Username");
cmd = new SQLiteCommand(cmdString, connection);
cmd.Prepare();
cmd.Parameters.Add("@fname", DbType.String).Value = firstname;
if (names.Length == 3)
{
cmd.Parameters.Add("@mname", DbType.String).Value = middlename;
}
cmd.Parameters.Add("@lname", DbType.String).Value = lastname;
SQLiteDataReader reader = cmd.ExecuteReader();
string totpToken = ""; string username = "";
while (reader.Read())
{
totpToken = reader[0].ToString();
username = reader[1].ToString();
}
ShowQRWindow showQR = new ShowQRWindow(totpToken, username);
showQR.Show();
this.Close();
}
connection.Close();
}
