private void btnSave_Click(object sender, EventArgs e)
        {
            string stfID         = txtStfId.Text;
            string fName         = txtFName.Text;
            string lName         = txtLName.Text;
            string email         = txtEmail.Text;
            string phone         = txtPhone.Text;
            string nic           = txtNIC.Text;
            string qualification = txtQualification.Text;
            string experience    = txtExperience.Text;
            string dob           = dobPicker.Value.ToShortDateString();
            string appdate       = appdatePicker.Value.ToShortDateString();
            string jdate         = jDatePicker.Value.ToShortDateString();
            string gender        = "";
            string password      = txtPassword.Text;

            if (rBtnMale.Checked)
            {
                gender = "M";
            }
            else if (rBtnFemale.Checked)
            {
                gender = "F";
            }
            string pattern = null;

            pattern = "^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$";


            if (!(stfID == "" || fName == "" || lName == "" || email == "" || phone == "" || nic == "" || qualification == "" || experience == "" ||
                  dob == "" || appdate == "" || jdate == "" || gender == "" || password == ""))
            {
                if (!(Regex.IsMatch(txtEmail.Text, pattern)))
                {
                    MessageBox.Show("Email is not correct.");
                }
                else if (txtNIC.Text.Length != 10)
                {
                    MessageBox.Show("NIC is incorrect.");
                }
                else
                {
                    try
                    {
                        sqlCon.Open();

                        SqlCommand cmd1 = sqlCon.CreateCommand();
                        cmd1.CommandType = CommandType.Text;
                        cmd1.CommandText = "INSERT INTO Staff VALUES('" + stfID + "', '" + phone + "', '" + fName + "', '" + lName
                                           + "','" + email + "','" + nic + "','" + appdate + "','" + jdate + "','" + qualification + "','" + gender + "','" + dob + "')";
                        cmd1.ExecuteNonQuery();

                        SqlCommand cmd2 = sqlCon.CreateCommand();
                        cmd2.CommandType = CommandType.Text;
                        cmd2.CommandText = "INSERT INTO Non_Academic_Staff VALUES('" + stfID + "', '" + experience + "')";
                        cmd2.ExecuteNonQuery();

                        string saltpwd = PasswordUtil.getSalt(30);
                        string secpwd  = PasswordUtil.generateSecurePassword(password, saltpwd);

                        SqlCommand cmd3 = sqlCon.CreateCommand();
                        cmd3.CommandType = CommandType.Text;
                        cmd3.CommandText = "INSERT INTO Non_Academic_Staff_Credentials VALUES('" + stfID + "','" + secpwd + "','" + saltpwd + "')";
                        cmd3.ExecuteNonQuery();
                    }
                    catch (Exception ex1)
                    {
                        MessageBox.Show("Error: " + ex1);
                    }
                    finally
                    {
                        sqlCon.Close();
                    }


                    FillDataGridView();
                    MessageBox.Show("Successfully Inserted!");
                    clearDetails();
                }
            }
            else
            {
                MessageBox.Show("All fields must be filled.");
            }
        }
        private void button1_Click(object sender, EventArgs e)
        {
            if (txtPassword.Text == "" || txtRePassword.Text == "")
            {
                MessageBox.Show("Please enter new password and enter it again.");
            }
            else if (!(txtPassword.Text.Equals(txtRePassword.Text)))
            {
                MessageBox.Show("Passwords are not equal.");
            }
            else
            {
                //txtPassword.Text;
                //txtRePassword.Text;
                string saltpwd    = PasswordUtil.getSalt(30);
                string secpwd     = PasswordUtil.generateSecurePassword(txtPassword.Text, saltpwd);
                string typeString = userType.SelectedItem.ToString();

                using (SqlConnection connection = new SqlConnection(conString))
                {
                    //try{
                    connection.Open();
                    SqlCommand command = new SqlCommand(null, connection);

                    /*
                     * UPDATE Academic_Staff_Credentials
                     * SET password = '******', salt = 'sss'
                     * WHERE stfID = 'iii';
                     */


                    if (typeString.Equals("Academic Staff"))
                    {
                        command.CommandText = "UPDATE Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
                    }
                    else if (typeString.Equals("Non Academic Staff"))
                    {
                        command.CommandText = "UPDATE Non_Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
                    }
                    else if (typeString.Equals("Administrative Staff"))
                    {
                        command.CommandText = "UPDATE Administrative_Staff_credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
                    }

                    SqlParameter secPassword = new SqlParameter("@secPassword", SqlDbType.VarChar, 100);
                    secPassword.Value = secpwd;
                    command.Parameters.Add(secPassword);

                    SqlParameter saltPassword = new SqlParameter("@saltPassword", SqlDbType.VarChar, 100);
                    saltPassword.Value = saltpwd;
                    command.Parameters.Add(saltPassword);

                    SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
                    stfID.Value = usernameString;
                    command.Parameters.Add(stfID);

                    // Call Prepare after setting the Commandtext and Parameters.
                    command.Prepare();
                    command.ExecuteNonQuery();
                    MessageBox.Show("Password updated successfully. Now use your new password to login to the system.");
                    //}
                    //catch(Exception ex) {
                    //    MessageBox.Show(ex+"Error occured.");
                    //} finally {
                    //    connection.Close();
                    //}
                }
            }
        }