private void loginBtn_Click(object sender, EventArgs e)
{
string user = userBox.Text;
string pass = customFuncs.SHA512Hash(passBox.Text);
SqlConnection conn = new SqlConnection(GVars.connectionString());
string SQLlogin = "******";
string SQLuserID = "SELECT userList_ID FROM users WHERE username LIKE @username;";
string SQLType = "SELECT type FROM users WHERE username LIKE @username;";
SqlCommand cmdLog = new SqlCommand(SQLlogin, conn);
SqlCommand cmdID = new SqlCommand(SQLuserID, conn);
SqlCommand cmdType = new SqlCommand(SQLType, conn);
cmdLog.Parameters.AddWithValue("@username", user);
cmdLog.Parameters.AddWithValue("@password", pass);
cmdLog.Connection = conn;
cmdID.Parameters.AddWithValue("@username", user);
cmdID.Connection = conn;
cmdType.Parameters.AddWithValue("@username", user);
cmdType.Connection = conn;
conn.Open();
int temp = Convert.ToInt32(cmdID.ExecuteScalar());
GVars.setUserID(temp);
DataSet ds = new DataSet();
SqlDataAdapter SQLDa = new SqlDataAdapter(cmdLog);
SQLDa.Fill(ds);
var typeCheck = cmdType.ExecuteScalar();
conn.Close();
bool loginSucc = ((ds.Tables.Count > 0) && (ds.Tables[0].Rows.Count > 0));
if (loginSucc)
{
if (typeCheck.ToString() == "Student")
{
Form StudentForm = new StudentForm();
StudentForm.Show();
this.Hide();
}
else
{
Form TeacherForm = new TeacherForm();
TeacherForm.Show();
this.Hide();
}
}
else
{
MessageBox.Show("Check Credentials");
}
}
public static int getDiscipData(string slct, string from, string userID)
{
// I know this is vulnerable to SQL injection but the user cannot influence the input of this in any way, shape or form so it's not an issue
string SQL = "SELECT " + slct + " FROM " + from + " WHERE " + userID + "=" + GVars.getUserID();
SqlConnection conn = new SqlConnection(GVars.connectionString());
SqlCommand cmd = new SqlCommand(SQL, conn);
conn.Open();
int temp = Convert.ToInt32(cmd.ExecuteScalar());
conn.Close();
return(temp);
}
private bool checkExistingUser(string input)
{
try
{
SqlConnection conn = new SqlConnection(GVars.connectionString());
SqlCommand cmd = new SqlCommand("SELECT username FROM users WHERE username= @Username", conn);
cmd.Parameters.AddWithValue("@Username", usernameBox.Text);
conn.Open();
var result = cmd.ExecuteScalar();
if (result != null)
{
return(true);
}
else
{
return(false);
}
}
catch (Exception err)
{
MessageBox.Show(err.Message);
return(true);
}
}
private void StudentForm_Load(object sender, EventArgs e)
{
{
SqlConnection conn = new SqlConnection(GVars.connectionString());
string spec = "SELECT Specialization FROM data WHERE userData_ID=@userID";
string year = "SELECT Year FROM data WHERE userData_ID=@userID";
string seme = "SELECT Semester FROM data WHERE userData_ID=@userID";
SqlCommand cmdSpec = new SqlCommand(spec, conn);
SqlCommand cmdYear = new SqlCommand(year, conn);
SqlCommand cmdSeme = new SqlCommand(seme, conn);
cmdSpec.Parameters.AddWithValue("@userID", GVars.getUserID());
cmdYear.Parameters.AddWithValue("@userID", GVars.getUserID());
cmdSeme.Parameters.AddWithValue("@userID", GVars.getUserID());
conn.Open();
int tempSpec = Convert.ToInt16(cmdSpec.ExecuteScalar());
int tempYear = Convert.ToInt16(cmdYear.ExecuteScalar());
int tempSeme = Convert.ToInt16(cmdSeme.ExecuteScalar());
switch (tempSpec)
{
case 1:
{
switch (tempYear)
{
case 1:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 2:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 3:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 4:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
}
break;
}
case 2:
{
switch (tempYear)
{
case 1:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
dis1Label.Text = "Desen Tehnic";
dis2Label.Text = "PCLP";
dis1Box.Text = Convert.ToString(DatabaseHelper.getDiscipData("Discipline1", "disciplines", "user_ID"));
dis2Box.Text = Convert.ToString(DatabaseHelper.getDiscipData("Discipline2", "disciplines", "user_ID"));
break;
}
}
break;
}
case 2:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 3:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 4:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
}
break;
}
case 3:
{
switch (tempYear)
{
case 1:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 2:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 3:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 4:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
}
break;
}
case 4:
{
switch (tempYear)
{
case 1:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 2:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 3:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
case 4:
{
switch (tempSeme)
{
case 1:
{
break;
}
case 2:
{
break;
}
}
break;
}
}
break;
}
}
}
}
