private void submitw_Click(object sender, EventArgs e)
{
//checks passwords in both boxes match
if (Password.Text == passwordverify.Text)
{
int id;
string lengthtest;
string unhashed;
string hashedpass;
lengthtest = Username.Text;
unhashed = Password.Text;
bool insert = false;
bool exists;
bool usercheck;
int int1;
int adminuser = 0;
usercheck = Int32.TryParse(Username.Text, out int1);
if (usercheck == false)
{
//prevents conflicting data types when checking for existing users in case a string is entered in the user box
adminuser = 0;
}
else if (usercheck == true)
{
//allows the parsing of username after checking that it's an int
adminuser = Int32.Parse(Username.Text);
}
//checks to see if user already exists in database
string loginSelect = "Select * from dbo.DogeUsers where Username = @username;";
SqlCommand sqlcmd2 = new SqlCommand(loginSelect);
sqlcmd2.Parameters.AddWithValue("@username", adminuser);
sqlcmd2.Connection = Globals.conn;
Globals.conn.Open();
DataSet dataset = new DataSet();
SqlDataAdapter dataadapter = new SqlDataAdapter(sqlcmd2);
dataadapter.Fill(dataset);
Globals.conn.Close();
exists = ((dataset.Tables.Count > 0) && (dataset.Tables[0].Rows.Count > 0));
if (exists == true)
{
MessageBox.Show("This user already exists");
}
else if (exists == false)
{
//input validation
if (string.IsNullOrEmpty(Username.Text) || string.IsNullOrEmpty(Password.Text) || !int.TryParse(Username.Text, out id) || lengthtest.Length > 7 || lengthtest.Length < 7)
{
MessageBox.Show("One or more fields have been left empty or entered incorrectly. Remember User ID must be a 7 digit integer.");
}
else
{
//hash function for password
var hash = SecurePasswordHasher.Hash(unhashed);
hashedpass = hash;
//sql insert command
string insertStatement = "INSERT INTO dbo.DogeUsers(username,password,admin) VALUES(@username,@hashedpassword,@admin)";
SqlCommand insertCommand = new SqlCommand(insertStatement, Globals.conn);
insertCommand.Connection = Globals.conn;
Globals.conn.Open();
insertCommand.Parameters.AddWithValue("@username", SqlDbType.Int).Value = Username.Text;
insertCommand.Parameters.AddWithValue("@hashedpassword", SqlDbType.NVarChar).Value = hashedpass;
insertCommand.Parameters.AddWithValue("@admin", SqlDbType.Bit).Value = insert;
insertCommand.ExecuteNonQuery();
MessageBox.Show("Data added successfully.");
Globals.conn.Close();
//takes you back to admin form when data added correctly
Admin Admin = new Admin();
Admin.Show();
this.Hide();
}
}
}
else
{
MessageBox.Show("Passwords do not match. Please try again.");
}
}
private void submitw_Click(object sender, EventArgs e)
{
int adminuser = 0; //reused and adapted code from previous module - 1605044
string adminpass;
bool adminauth;
int int1;
bool usercheck;
string checkpass = "******"; //if this string is left null, the hashing function returns an error (as it can't hash a null value)
bool exists = false;
//checks the user ID is an integer
usercheck = Int32.TryParse(Username.Text, out int1);
if (usercheck == false)
{
//prevents a hash function crash where the database returns null values (hash function cant work with null values)
adminuser = 0;
}
else if (usercheck == true)
{
//allows the parsing of username after checking that it's an int
adminuser = Int32.Parse(Username.Text);
}
//take unhashed password into variable
adminpass = Password.Text;
//sql select username from database
string selectText = "Select * from dbo.DogeUsers WHERE username = @username;";
SqlCommand Command = new SqlCommand(selectText);
Command.Parameters.AddWithValue("@username", adminuser);
Command.Connection = Globals.conn;
Globals.conn.Open();
SqlDataReader dataR;
dataR = Command.ExecuteReader();
while (dataR.Read())
{
checkpass = dataR[2].ToString();
if (dataR.HasRows)
{
//prevents the hash algorithm attemtping to hash null values by only accepting inputs if value is returned from the database
exists = true;
}
}
dataR.Close();
Globals.conn.Close();
if (exists)
{
//verify password with hashed password from the database
var result = SecurePasswordHasher.Verify(adminpass, checkpass);
if (result)
{
//select statement to determine whether user or admin
string loginSelect = "Select * from dbo.DogeUsers where Username = @username and Admin = @admin;";
SqlCommand sqlcmd2 = new SqlCommand(loginSelect);
sqlcmd2.Parameters.AddWithValue("@username", adminuser);
sqlcmd2.Parameters.AddWithValue("@admin", "1");
sqlcmd2.Connection = Globals.conn;
Globals.conn.Open();
DataSet dataset = new DataSet();
SqlDataAdapter dataadapter = new SqlDataAdapter(sqlcmd2);
dataadapter.Fill(dataset);
Globals.conn.Close();
adminauth = ((dataset.Tables.Count > 0) && (dataset.Tables[0].Rows.Count > 0));
if (adminauth == true)
{
//select statement to display username on admin page
string displayuser2 = "Select Username from dbo.DogeUsers where Username = @username;";
SqlCommand sqlcmd4 = new SqlCommand(displayuser2);
sqlcmd4.Parameters.AddWithValue("@username", adminuser);
sqlcmd4.Connection = Globals.conn;
Globals.conn.Open();
SqlDataReader dataR2;
dataR2 = sqlcmd4.ExecuteReader();
while (dataR2.Read())
{
Globals.usernamesend = Int32.Parse(dataR2[0].ToString());
}
Globals.conn.Close();
//show admin form
Admin frmadmin = new Admin();
frmadmin.Show();
this.Hide();
}
else
{
//select username to display on training page
string displayuser = "******";
SqlCommand sqlcmd3 = new SqlCommand(displayuser);
sqlcmd3.Parameters.AddWithValue("@username", adminuser);
sqlcmd3.Connection = Globals.conn;
Globals.conn.Open();
SqlDataReader dataR2;
dataR2 = sqlcmd3.ExecuteReader();
while (dataR2.Read())
{
Globals.usernamesend = Int32.Parse(dataR2[0].ToString());
}
dataR2.Close();
Globals.conn.Close();
this.Hide();
//display main form
Main frm2 = new Main();
frm2.Show();
}
}
else
{
MessageBox.Show("Incorrect Username or Password");
}
}
else
{
MessageBox.Show("Incorrect Username or Password");
}
}
