private bool IsPasswordVerified()
        {
            bool isCorrect = false;

            using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString()))
            {
                using (SqlCommand cmd = new SqlCommand("usp_Users_VerifyPassword", con)) //specify stored procedure
                {
                    cmd.CommandType = CommandType.StoredProcedure;                       //declare a command for Stored Procedure

                    cmd.Parameters.AddWithValue("@UserName", LoggedInUser.UserName);
                    cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(OldPasswordTextBox.Text.Trim()));


                    if (con.State != ConnectionState.Open) //check if connection with database is established
                    {
                        con.Open();
                    }

                    SqlDataReader sdr = cmd.ExecuteReader(); //read data from database

                    if (sdr.HasRows)
                    {
                        isCorrect = true;
                    }
                }
            }

            return(isCorrect);
        }
        private void LoginButton_Click(object sender, EventArgs e)
        {
            if (IsFormValid())
            {
                using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString()))
                {
                    using (SqlCommand cmd = new SqlCommand("usp_Users_VerifyLoginDetails", con)) //specify stored procedure
                    {
                        cmd.CommandType = CommandType.StoredProcedure;                           //declare a command for Stored Procedure

                        cmd.Parameters.AddWithValue("@UserName", UserNameTextBox.Text.Trim());
                        cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(PasswordTextBox.Text.Trim()));

                        if (con.State != ConnectionState.Open) //check if connection with database is established
                        {
                            con.Open();
                        }

                        DataTable dtUser = new DataTable();      //create a new DataTable that stores the data

                        SqlDataReader sdr = cmd.ExecuteReader(); //read data from database

                        if (sdr.HasRows)
                        {
                            dtUser.Load(sdr);
                            DataRow userRow = dtUser.Rows[0];                           //get data from user role database

                            LoggedInUser.UserName = userRow["UserName"].ToString();     //store UserName to LoggeddInUser class
                            LoggedInUser.RoleId   = Convert.ToInt32(userRow["RoleId"]); //store RoleId to LoggedInUser class

                            this.Hide();
                            DashboardForm dashboardForm = new DashboardForm(); //create a new instance of DashboardForm object
                            dashboardForm.ShowDialog();
                        }
                        else
                        {
                            MessageBox.Show("User Name or Password is incorrect.", "Authentication Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                    }
                }
            }
        }
        private void ChangePasswordButton_Click(object sender, EventArgs e)
        {
            if (IsFormValid())
            {
                //Verify Existing Password
                if (IsPasswordVerified())
                {
                    // Go and Update Password
                    using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString())) //connect to database using AppConnection class and GetConnectionString method
                    {
                        using (SqlCommand cmd = new SqlCommand("usp_Users_ChangePassword", con))
                        {
                            cmd.CommandType = CommandType.StoredProcedure;

                            cmd.Parameters.AddWithValue("@UserName", LoggedInUser.UserName);
                            cmd.Parameters.AddWithValue("@NewPassword", SecureData.EncryptData(NewPasswordTextBox.Text.Trim()));
                            cmd.Parameters.AddWithValue("@CreatedBy", LoggedInUser.UserName);

                            if (con.State != ConnectionState.Open)
                            {
                                con.Open();
                            }

                            cmd.ExecuteNonQuery();

                            MessageBox.Show("Password  is successfully changed.", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
                            ResetFormControl();
                        }
                    }
                }
                else
                {
                    MessageBox.Show("Your old password is not correct, please enter correct password.", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
            }
        }
Ejemplo n.º 4
0
        private void SaveButton_Click(object sender, EventArgs e)
        {
            if (IsFormValid())
            {
                if (this.IsUpdate == true)
                {
                    //Do Update Process
                    using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString())) //connect to database using AppConnection class and GetConnectionString method
                    {
                        using (SqlCommand cmd = new SqlCommand("usp_Users_UpdateUserByUserName", con))
                        {
                            cmd.CommandType = CommandType.StoredProcedure;

                            cmd.Parameters.AddWithValue("@OldUserName", this.UserName);
                            cmd.Parameters.AddWithValue("@UserName", UserNameTextBox.Text.Trim());
                            cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(PasswordTextBox.Text.Trim()));
                            cmd.Parameters.AddWithValue("@RoleId", RolesComboBox.SelectedValue);
                            cmd.Parameters.AddWithValue("@IsActive", IsActiveCheckBox.Checked);
                            cmd.Parameters.AddWithValue("@Description", DescriptionTextBox.Text.Trim());
                            cmd.Parameters.AddWithValue("@CreatedBy", LoggedInUser.UserName);

                            if (con.State != ConnectionState.Open)
                            {
                                con.Open();
                            }

                            cmd.ExecuteNonQuery();

                            MessageBox.Show("User is successfully updated in the database.", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
                            ResetFormControl();
                        }
                    }
                }
                else
                {
                    //Do Insert Operation
                    using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString())) //connect to database using AppConnection class and GetConnectionString method
                    {
                        using (SqlCommand cmd = new SqlCommand("usp_Users_InsertNewUser", con))
                        {
                            cmd.CommandType = CommandType.StoredProcedure;

                            cmd.Parameters.AddWithValue("@UserName", UserNameTextBox.Text.Trim());
                            cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(PasswordTextBox.Text.Trim()));
                            cmd.Parameters.AddWithValue("@RoleId", RolesComboBox.SelectedValue);
                            cmd.Parameters.AddWithValue("@IsActive", IsActiveCheckBox.Checked);
                            cmd.Parameters.AddWithValue("@Description", DescriptionTextBox.Text.Trim());
                            cmd.Parameters.AddWithValue("@CreatedBy", LoggedInUser.UserName);

                            if (con.State != ConnectionState.Open)
                            {
                                con.Open();
                            }

                            cmd.ExecuteNonQuery();

                            MessageBox.Show("User is successfully saved in the database.", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
                            ResetFormControl();
                        }
                    }
                }
            }
        }