Beispiel #1
0
        /// <summary>
        /// Authenticate User with giver login data. Returns null if user does not exist
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static UserDatabaseError Authenticate(string username, string password, out User user)
        {
            user = null;
            SQLiteConnection connection = new SQLiteConnection(DatabaseManager.CONNECTION_STRING);
            SQLiteCommand command = new SQLiteCommand("SELECT salt FROM users WHERE username=@username and active = 1", connection);
            //SQLiteCommand command = new SQLiteCommand("SELECT count(*) FROM users", connection);
            command.Parameters.AddWithValue("@username", username);
            try
            {
                connection.Open();
            }
            catch
            {
                return UserDatabaseError.ERR_DATABASE_CONNECTION;
            }
            String salt = (string)command.ExecuteScalar();

            if (salt == null || salt == string.Empty)
            {
                connection.Close();
                return UserDatabaseError.ERR_USER_DOES_NOT_EXIST;
            }
            string hash = DatabaseManager.GetSha256(password + salt);
            command.CommandText = "SELECT name, privilege FROM users WHERE username=@username AND sha256p =@password";
            command.Parameters.AddWithValue("@password", hash);

            SQLiteDataReader reader = command.ExecuteReader();
            while (reader.Read())
                user = new User(username, (string)reader["name"], (User.UserPrivilege)(Int64)reader["privilege"]);
            if (user == null)
                return UserDatabaseError.ERR_AUTH;

            connection.Close();
            return UserDatabaseError.ERR_SUCCESS;
        }
Beispiel #2
0
        private void btnAdd_Click(object sender, EventArgs e)
        {
            string username = txtAddUserUsername.Text;
            string password = txtAddUserPassword.Text;
            if (password != txtAddUserRepeatPassword.Text)
            {
                MessageBox.Show("Passwords do not match!");
                return;
            }

            if (Regex.IsMatch(password, @"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\da-zA-Z]).{8,15}$"))
            {
                MessageBox.Show("Password must be at least 8 characters ( up to 16 ), contain at least one uppercase letter, and a special character.");
                return;
            }

            string name = txtName.Text;

            User newUser = new User(username, name, User.UserPrivilege.REGULAR);
            //Method is AddUserToDatabase non-static for security reasons
            User.UserDatabaseError result = user.AddUserToDatabase(newUser, password);
            if (result == User.UserDatabaseError.ERR_SUCCESS)
            {
                MessageBox.Show("User/Salesperson successfully added.");
                this.Close();
            }
        }
Beispiel #3
0
        private void btnLogin_Click(object sender, EventArgs e)
        {

            string username = txtLoginUsername.Text;
            string password = txtLoginPassword.Text;


            User user;
            User.UserDatabaseError loginResult = User.Authenticate(username, password, out user);
            switch (loginResult)
            {
                case User.UserDatabaseError.ERR_DATABASE_CONNECTION:
                    MessageBox.Show("There was an error connecting to database.");
                    break;
                case User.UserDatabaseError.ERR_USER_DOES_NOT_EXIST:
                    MessageBox.Show("User with such username does not exist.");
                    break;
                case User.UserDatabaseError.ERR_AUTH:
                    MessageBox.Show("Wrong password.");
                    break;
            }
            if (user == null)
            {
                MessageBox.Show("Something went wrong. Please try again.");
                return;
            }

            this.user = user;
            this.Close();
        }
Beispiel #4
0
        public ManageItems(User user)
        {
            cms = new ContextMenuStrip();
            cms.Items.Add("Edit");
            cms.Items.Add("Delete");
            cms.Items[0].Click += delegate (object sender, EventArgs e)
            {
                ListViewItem lvItem = mainData.SelectedItems[0];
                if (lvItem == null)
                    return;
                Item SelectedItem = null;
                foreach (Item it in SearchResults)
                    if (it.ID.ToString() == lvItem.SubItems[0].Text)
                        SelectedItem = it;

                if (SelectedItem == null)
                    return;

                ItemAdd ia = new ItemAdd(SelectedItem);
                ia.Show();
                ia.FormClosed += delegate (object subSender, FormClosedEventArgs ea)
                {
                    this.txtSearch_KeyDown_1(null, new KeyEventArgs(Keys.Enter));
                };
            };
            cms.Items[1].Click += delegate (object sender, EventArgs e)
            {
                ListViewItem lvItem = mainData.SelectedItems[0];
                if (lvItem == null)
                    return;
                Item SelectedItem = null;
                foreach (Item it in SearchResults)
                    if (it.ID.ToString() == lvItem.SubItems[0].Text)
                        SelectedItem = it;

                if (SelectedItem == null)
                    return;

                var result = Item.RemoveItem(SelectedItem);
                if (result == Item.ItemDatabaseError.ERR_SUCCESS)
                {
                    MessageBox.Show("Item deleted successfully!", "Notice");
                    try
                    {
                        mainData.Items.Remove(lvItem);
                        SearchResults.Remove(SelectedItem);
                    }
                    catch
                    {
                    }
                }

            };
            InitializeComponent();
        }
Beispiel #5
0
 private void ShowLogin()
 {
     while (user == null && !ShouldClose)
     {
         LoginForm lForm = new LoginForm();
         lForm.FormClosing += delegate (object subSender, FormClosingEventArgs se)
         {
             LoginForm senderForm = (LoginForm)subSender;
             if (senderForm.ShouldClose)
             {
                 this.ShouldClose = true;
                 this.Close();
             }
             user = senderForm.GetUser();
         };
         lForm.ShowDialog();
     }
     if (ShouldClose)
         this.Close();
 }
Beispiel #6
0
 public UserAdd(User user)
 {
     this.user = user;
     InitializeComponent();
 }
Beispiel #7
0
        /// <summary>
        /// Adds user to database.
        /// </summary>
        /// <param name="toAdd"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public UserDatabaseError AddUserToDatabase(User toAdd, string password)
        {
            if (this.Privilege != UserPrivilege.ADMINISTRATOR)
                return UserDatabaseError.ERR_PRIVILEGE;

            SQLiteConnection connection = new SQLiteConnection(DatabaseManager.CONNECTION_STRING);
            //Check whether the user exists. This could also be done by just trying to insert into database and handling error of user existing.
            SQLiteCommand command = new SQLiteCommand("SELECT count(*) FROM users WHERE username=@username", connection);
            command.Parameters.AddWithValue("@username", toAdd.Username);

            try
            {
                connection.Open();
            }
            catch (SQLiteException ex)
            {
                return UserDatabaseError.ERR_DATABASE_CONNECTION;
            }
            if (Convert.ToInt64(command.ExecuteScalar()) > 0)
            {
                connection.Close();
                return UserDatabaseError.ERR_USER_EXISTS;
            }



            command.CommandText = "INSERT INTO users(username, sha256p, salt,  name, privilege) VALUES(@username,@password,@salt,@name,@privilege)";

            //Generate random salt
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
            byte[] buffer = new byte[1024];
            rng.GetBytes(buffer);
            string salt = Regex.Replace(BitConverter.ToString(buffer), "-", "");


            var saltedPassword = password + salt;
            command.Parameters.AddWithValue("@password", DatabaseManager.GetSha256(saltedPassword));
            command.Parameters.AddWithValue("@salt", salt);
            command.Parameters.AddWithValue("@name", toAdd.Name);

            //At this moment, only regular users can be created. Administrator account will be delivered with the software.
            //Possible improvement is to introduce the MASTER account, which will be able to manage other accounts ( including administrators )
            command.Parameters.AddWithValue("@privilege", UserPrivilege.REGULAR);

            try
            {
                command.ExecuteNonQuery();
            }
            catch (SQLiteException ex)
            {
                return UserDatabaseError.ERR_UKNOWN;
            }

            return UserDatabaseError.ERR_SUCCESS;
        }
Beispiel #8
0
        /// <summary>
        /// Removes user from database. Self-deletion is not allowed.
        /// </summary>
        /// <returns></returns>
        public UserDatabaseError RemoveUserFromDatabase(User toRemove)
        {
            if (this.Privilege != UserPrivilege.ADMINISTRATOR)
                return UserDatabaseError.ERR_PRIVILEGE;

            SQLiteConnection connection = new SQLiteConnection(DatabaseManager.CONNECTION_STRING);
            //Check whether the user exists. This could also be done by just trying to insert into database and handling error of user existing.
            SQLiteCommand command = new SQLiteCommand("SELECT count(*) FROM users WHERE username=@username", connection);
            command.Parameters.AddWithValue("@username", toRemove.Username);

            try
            {
                connection.Open();
            }
            catch (SQLiteException ex)
            {
                return UserDatabaseError.ERR_DATABASE_CONNECTION;
            }
            if (Convert.ToInt64(command.ExecuteScalar()) == 0)
            {
                connection.Close();
                return UserDatabaseError.ERR_USER_DOES_NOT_EXIST;
            }

            command.CommandText = "UPDATE users SET active = 0 WHERE username=@username AND username!=@currentUsername AND privilege = 0";
            command.Parameters.Clear();
            command.Parameters.AddWithValue("@username", toRemove.Username);
            command.Parameters.AddWithValue("@currentUsername", this.Username);

            try
            {
                command.ExecuteNonQuery();
            }
            catch (SQLiteException ex)
            {
                return UserDatabaseError.ERR_UKNOWN;
            }

            return UserDatabaseError.ERR_SUCCESS;
        }
Beispiel #9
0
 private void logOutToolStripMenuItem_Click(object sender, EventArgs e)
 {
     this.mainData.Items.Clear();
     this.txtAmount.Clear();
     this.txtAmountIn.Clear();
     this.txtItemCode.Clear();
     this.txtToReturn.Clear();
     this.menuStrip1.Items.RemoveAt(menuStrip1.Items.Count - 1);
     user = null;
     this.Hide();
     this.ShowLogin();
     if (user == null || ShouldClose)
         this.Close();
     else
     {
         if (user.Privilege == User.UserPrivilege.ADMINISTRATOR)
         {
             LoadAministrativeOptions();
         }
         Main_Load(null, null);
         this.Show();
     }
 }
Beispiel #10
0
 public Receipt(User salesPerson)
 {
     SalesPersonID = salesPerson.ID;
     Items = new List<Item>();
 }
Beispiel #11
0
 public UserRemove(User user)
 {
     this.user = user;
     InitializeComponent();
 }