private void btnLogin_Click(object sender, EventArgs e) { Main mn = new Main(); string user, pass; user = txtUser.Text; pass = txtPass.Text; if (txtUser.Text == "" && txtPass.Text == "") { txtUser.Focus(); MessageBox.Show("No input!"); } else if (txtPass.Text == "") { MessageBox.Show("No Password input"); txtPass.Focus(); } else if (txtUser.Text == "") { MessageBox.Show("No Username input!"); txtUser.Focus(); } else { SqlConnection conn = DBUtils.GetDBConnection(); conn.Open(); Nullable <int> loginAttempts; int userLevel; using (SqlCommand cmd = new SqlCommand("Select loginAttempts FROM Accounts WHERE userID = @userID", conn)) { cmd.Parameters.AddWithValue("@userID", user); loginAttempts = Convert.ToInt32(cmd.ExecuteScalar()); } if (loginAttempts < 5) { string un = txtUser.Text; string pw = txtPass.Text; using (SqlCommand cmd = new SqlCommand("Select * from Accounts where userID = @userID AND Password = @password", conn)) { cmd.Parameters.AddWithValue("@userID", un); cmd.Parameters.AddWithValue("@password", pw); SqlDataReader dr = cmd.ExecuteReader(); if (dr.HasRows) { string lName, fName, mName; dr.Read(); lName = dr.GetString(2); fName = dr.GetString(3); mName = dr.GetString(4); SqlCommand cmd2 = new SqlCommand("UPDATE Accounts SET loginAttempts = 0", conn); int ordinal = 0; //dr.Read(); ordinal = dr.GetOrdinal("userLevel"); userLevel = dr.GetInt32(ordinal); dr.Close(); dr.Dispose(); cmd2.ExecuteNonQuery(); MessageBox.Show("Login Successful"); using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"C:\Logs\ActivityLogs.txt", true)) { string time = DateTime.Now.ToString(); file.WriteLine(time + " Account Name: " + lName + ", " + fName + " " + mName + " has logged in."); } } else { using (SqlCommand cmd2 = new SqlCommand("Select userID from Accounts where userID = @userID", conn)) { cmd2.Parameters.AddWithValue("@userID", un); dr.Close(); dr.Dispose(); dr = cmd2.ExecuteReader(); int ordinal = 0; string value = ""; if (dr.Read()) { ordinal = dr.GetOrdinal("userID"); value = dr.GetString(ordinal); if (value.Equals(un)) { SqlCommand cmd3 = new SqlCommand("UPDATE Accounts SET loginAttempts += 1 WHERE userID = @un", conn); cmd3.Parameters.AddWithValue("@un", un); dr.Close(); dr.Dispose(); cmd3.ExecuteNonQuery(); cmd3.Dispose(); } } } MessageBox.Show("User ID or Password is invalid"); return; } } txtPass.Text = ""; txtUser.Text = ""; mn.Activated += new EventHandler(mn_Activated); mn.FormClosed += new FormClosedEventHandler(mn_FormClosed); if (userLevel == 2) { mn.permission = false; } else { mn.permission = true; } mn.Show(); } else { DialogResult dr = MessageBox.Show("Due to multiple login attempts, your account has been locked. \nWould you like to unlock it?", "Account Recovery", MessageBoxButtons.YesNo); switch (dr) { case DialogResult.Yes: SqlConnection cnn = DBUtils.GetDBConnection(); cnn.Open(); string question = "", answer = ""; int ordinal = 0; using (SqlCommand cmd = new SqlCommand("Select * from Accounts where userID = @userID", cnn)) { cmd.Parameters.AddWithValue("@userID", txtUser.Text); SqlDataReader reader = cmd.ExecuteReader(); if (reader.Read()) { ordinal = reader.GetOrdinal("securityQuestion"); question = reader.GetString(ordinal); ordinal = reader.GetOrdinal("securityAnswer"); answer = reader.GetString(ordinal); } reader.Close(); } string input = Interaction.InputBox(question, "Account Recovery", ""); if (input.Equals(answer)) { SqlCommand cmd2 = new SqlCommand("UPDATE Accounts SET loginAttempts = 0 WHERE userID = @un", cnn); cmd2.Parameters.AddWithValue("@un", txtUser.Text); cmd2.ExecuteNonQuery(); cmd2.Dispose(); MessageBox.Show("Account has been unlocked"); } else { MessageBox.Show("Your answer is wrong"); } break; case DialogResult.No: break; } } //Validation codes END } }