private void CmdAdminLogin_Click(object sender, EventArgs e) { if (TxtAdminUserName.Text.Trim().Length == 0) { MessageBox.Show("Please enter user name", "Input Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); TxtAdminUserName.Focus(); return; } if (TxtAdminPassword.Text.Trim().Length == 0) { MessageBox.Show("Please enter password", "Input Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); TxtAdminPassword.Focus(); return; } // create a new database connection: SQLiteConnection sqlite_conn = new SQLiteConnection("Data Source=database.sqlite;Version=3;"); // open the connection: //SQLiteCommand sqlite_conn.Open(); string sql = "SELECT * FROM users WHERE username='******' AND password='******'"; SQLiteCommand command = new SQLiteCommand(sql, sqlite_conn); SQLiteDataReader reader = command.ExecuteReader(); var count = 0; var name = ""; while (reader.Read()) { count = count + 1; name = (string)reader["name"]; Console.WriteLine("Name: " + reader["name"] + "\tScore: " + reader["email"]); } if (count == 1) { MessageBox.Show("Sukses Login Name: " + name, "Sukses Login", MessageBoxButtons.OK, MessageBoxIcon.Information); DialogResult = System.Windows.Forms.DialogResult.OK; this.Close(); } else if (count == 0) { MessageBox.Show("GAGAL Login", "GAGAL Login", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); } sqlite_conn.Close(); }
private void sValidate() { if (Strings.Len(Strings.Trim(TxtAdminUserName.Text)) == 0) { MessageBox.Show("Please enter user name", "Input Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); TxtAdminUserName.Focus(); return; } if (Strings.Len(Strings.Trim(TxtAdminPassword.Text)) == 0) { MessageBox.Show("Please enter password", "Input Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); TxtAdminPassword.Focus(); return; } try { // REVIEW: MOOAS GANI – 5 – DO NOT HARD CODE SQL CONNECTION STRINGS. CHANGE TO PULL FROM APP.CONFIG SqlConnection cn = new SqlConnection(@"Data Source=.;Initial Catalog=FP_SAMPLE;Integrated Security=True"); if (cn.State == ConnectionState.Open) { cn.Close(); } cn.Open(); // REVIEW: MOOAS GANI – 5 – Refactor this into a Security/Autentication module that does authentication SqlDataReader dr1 = null; SqlCommand com = new SqlCommand(); com.CommandText = "select [UserName],[Pass] from AdminInfo where UserName = @UName"; SqlParameter UName = new SqlParameter("@UName", SqlDbType.VarChar, 20); UName.Value = Strings.UCase(TxtAdminUserName.Text.ToString()); com.Parameters.Add(UName); com.Connection = cn; dr1 = com.ExecuteReader(); if (dr1.Read()) { if (Strings.UCase(dr1["Pass"].ToString()) == Strings.UCase(TxtAdminPassword.Text.ToString())) { cn.Close(); // REVIEW: MOOAS GANI – 1 – Remove this commented code below //Program.FrmState = "Admin"; //Program.UserName = Strings.UCase(TxtAdminUserName.Text.ToString()); //this.Hide(); //MessageBox.Show("Have A Nice Day", ":)", MessageBoxButtons.OK, MessageBoxIcon.Warning); //Menu obj = new Menu(); //obj.Show(); isvalid = true; User = TxtAdminUserName.Text; MessageBox.Show("Login Success", "", MessageBoxButtons.OK, MessageBoxIcon.Warning); Close(); return; } } } catch (Exception ex) { MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }