private void btnLoginAuthentication_Click(object sender, EventArgs e)
{
//Check for empty field
if (!string.IsNullOrEmpty(txtCode.Text))
{
//Check if unique code matche
if (uniqueCode == txtCode.Text)
{
//Check if 5 minutes have passed since the code was created
if (DateTime.Now.Minute > (dateTimeCode.Minute + 5))
{
//Notify user - code expired
MessageBox.Show("The unique code is no longer valid. \n Authentication failed!");
}
else
{
//Create main form
Form_Main mainForm = new Form_Main(user);
//Hide this form
Hide();
//Show main form
mainForm.ShowDialog();
//Close this form
Close();
}
}
else
{
MessageBox.Show("Invalid code.");
}
}
else
{
MessageBox.Show("No code has been added!");
}
}
private void btnLogin_Click(object sender, EventArgs e)
{
//Check input validation
if (!ValidationError())
{
//Check for sql injection
if (!SqlInjectionDetected())
{
//Check if email is valid
if (emailChecker.CheckEmail(txtEmail.Text))
{
//Create query to selecte the user's info
string query = "SELECT * FROM users WHERE email = @email and password = @password";
//Create table to store the data from database
DataTable dt = db.QueryReader(query, p =>
{
p.Add("@email", DbType.String).Value = encrypt.EncryptData(txtEmail.Text);
p.Add("@password", DbType.String).Value = encrypt.EncryptData(txtPassword.Text);
});
//Check for result (empty returns means there is no row)
if (dt.Rows.Count != 0)
{
//Store the data from datatabase
string dbEmail = dt.Rows[0]["email"].ToString();
string dbPassword = dt.Rows[0]["password"].ToString();
string dbId = dt.Rows[0]["ID"].ToString();
string dbFirstName = dt.Rows[0]["first_name"].ToString();
string dbLastName = dt.Rows[0]["last_name"].ToString();
bool dbMultiFactorAuth = (bool)dt.Rows[0]["two_factor_authentication"];
//Check for second time if email and password are correct
if (encrypt.DecryptData(dbEmail) == txtEmail.Text && encrypt.DecryptData(dbPassword) == txtPassword.Text)
{
//Check if user object is created
if (user == null)
{
//Create user object
user = new User();
}
//Initialise all properties with the data from database
user.Id = Convert.ToInt32(dbId);
user.FirstName = dbFirstName;
user.LastName = dbLastName;
user.Email = dbEmail;
user.Password = dbPassword;
user.MultiFactorAuthentication = dbMultiFactorAuth;
if (!user.MultiFactorAuthentication)
{
//Create main form
Form_Main mainForm = new Form_Main(user);
//Hide this form
Hide();
//Show main form
mainForm.ShowDialog();
//Close this form
Close();
}
else
{
panelEmail.Visible = true;
lblMauthTile.Text = "Authentication code";
lblMsgMauth.Visible = false;
txtCode.Visible = true;
//Create a random code
uniqueCode = CreateRandomCode(10);
//Create a time to determinate when the code was created
dateTimeCode = DateTime.Now;
//Create a query to insert the code into database
query = "Update unique_codes SET code = @code, time = @time WHERE user_id = @userID";
//Query the database. add parameters
db.NonQuery(query, p =>
{
p.Add("@userID", DbType.Int32).Value = user.Id;
p.Add("@code", DbType.String).Value = uniqueCode;
p.Add("@time", DbType.DateTime).Value = dateTimeCode;
});
Task.Run(() =>
{
//Send email to the user with the created code
emailServices.SendEmail(encrypt.DecryptData(user.Email), uniqueCode);
});
MessageBox.Show("Multi factor authentication is enabled. An email has been send with a validation code.");
}
}
else
{
//Notify user whne passowrd or email is wrong from second check (databse result)
MessageBox.Show("Email or password is wrong!");
}
}
else
{
//Notify user whne passowrd or email is wrong from first check (user's input)
MessageBox.Show("Email or password is wrong!");
}
}
else
{
//Notifiy user- invalid email
MessageBox.Show("Invalid email");
}
}
}
else
{
//Notify user when is empty field
MessageBox.Show("You must complete all fields");
}
}
