Ejemplo n.º 1
0
        public void OnLogin()
        {
            string        CurrentUser       = null;
            string        CurrentUserAccess = null;
            SqlConnection dBConn            = new SqlConnection();

            dBConn.ConnectionString = ConfigurationManager.ConnectionStrings["ConnStr"].ToString();
            dBConn.Open();
            SqlCommand    GetUser = new SqlCommand("SELECT USERNAME,ACCESS_LEVEL FROM SESSION", dBConn);
            SqlDataReader UserDataReader;

            try
            {
                UserDataReader = GetUser.ExecuteReader();
                while (UserDataReader.Read())
                {
                    CurrentUser       = UserDataReader["USERNAME"].ToString();
                    CurrentUserAccess = UserDataReader["ACCESS_LEVEL"].ToString();
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
            if (CurrentUserAccess != "Administrator")
            {
                Admin_Btn.IsEnabled   = false;
                UsrMngmtBtn.IsEnabled = false;
            }
        }
Ejemplo n.º 2
0
        private void BtnLogin_Click(object sender, RoutedEventArgs e)
        {
            if (UserNameBox.Text != "" & PassWordBox.Password != "")
            {
                string        SessionTime = DateTime.Now.ToShortTimeString();
                SqlCommand    CurrentUser_Cmd;
                SqlCommand    Login_Cmd;
                SqlDataReader UserDataReader;

                SqlConnection dBConn = new SqlConnection
                {
                    ConnectionString = ConfigurationManager.ConnectionStrings["ConnStr"].ToString()
                };
                dBConn.Open();
                Login_Cmd = new SqlCommand("select USERNAME,PASSWORD from Staff where Username=@USERNAME and PASSWORD=@PASSWORD", dBConn);
                Login_Cmd.Parameters.AddWithValue("@USERNAME", UserNameBox.Text.ToString());
                Login_Cmd.Parameters.AddWithValue("@PASSWORD", PassWordBox.Password.ToString());
                UserDataReader = Login_Cmd.ExecuteReader();

                if (UserDataReader.HasRows)
                {
                    UserDataReader.Dispose();

                    SqlDataReader CUserDataReader;
                    CurrentUser_Cmd = new SqlCommand("INSERT INTO SESSION (SESSION_TIME,USERNAME,ACCESS_LEVEL)" +
                                                     " VALUES('" + SessionTime + "','" + UserNameBox.Text.ToString() +
                                                     "', (SELECT ACCESS_LEVEL FROM STAFF WHERE USERNAME = '******'))");
                    CurrentUser_Cmd.Connection = dBConn;
                    CUserDataReader            = CurrentUser_Cmd.ExecuteReader();
                    MainWindow NewMainInstance = new MainWindow();
                    Close();
                    dBConn.Close();
                    NewMainInstance.ShowDialog();
                }
                else
                {
                    MessageBox.Show("no user available");
                }
            }
        }