private void btnLogin_Click(object sender, EventArgs e)
{
DateTime thisDay = DateTime.Today;
string date = thisDay.ToString("D");
try
{
MySqlConnection con = new MySqlConnection("Server=localhost;Database=ehr;username=root;password=;");
if (txtUserName.Text != "" && txtPassword.Text != "")
{
try
{
string insertquery = "INSERT INTO login_attempt(`user_name`,`password`,`date`) VALUES('" + txtUserName.Text + " ' , ' " + Protect.Encrypt(txtPassword.Text) + "','" + date + "')";
MySqlCommand cmdin = new MySqlCommand(insertquery, con);
con.Open();
cmdin.ExecuteNonQuery();
con.Close();
String viewquery = "SELECT * FROM user WHERE user_name = '" + txtUserName.Text + "'";
MySqlCommand cmdout = new MySqlCommand(viewquery, con);
con.Open();
MySqlDataReader rdr = cmdout.ExecuteReader();
if (rdr.Read())
{
string User_name = rdr.GetString(1);
string Password = Protect.Decrypt(rdr.GetString(2));
if (txtUserName.Text == User_name)
{
if (txtPassword.Text == Password)
{
if (rdr.GetString(3) == "Administrator")
{
AdminForm frm2 = new AdminForm();
frm2.Show();
this.Hide();
}
else if (rdr.GetString(3) == "Doctor")
{
this.Hide();
DoctorForm frm3 = new DoctorForm();
frm3.Show();
}
}
else
{
lblError.Text = "Incorrect Username/Password. \n Please try again!";
txtUserName.Text = null;
txtPassword.Text = null;
}
}
else
{
lblError.Text = "Incorrect Username/Password. \n Please try again!";
txtUserName.Text = null;
txtPassword.Text = null;
}
}
con.Close();
}
catch (Exception ex)
{
con.Close();
MessageBox.Show(ex.Message);
}
}
else
{
lblError.Text = "Please Enter Username/Password";
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
private void btnAdd_Click(object sender, EventArgs e)
{
string userName = txtUserName.Text;
string password1 = txtPassword1.Text;
string password2 = txtPassword2.Text;
string name = txtName.Text;
string phone = txtPhone.Text;
string email = txtEmail.Text;
string specialty = txtSpecialty.Text;
if (rbtnAdmin.IsChecked)
{
if (string.IsNullOrWhiteSpace(userName) == false && string.IsNullOrWhiteSpace(password1) == false && string.IsNullOrWhiteSpace(password2) == false)
{
if (password1 == password2)
{
try
{
string password = Protect.Encrypt(password1);
String query = "INSERT INTO `user`( `user_name`, `password`, `role`) VALUES('" + userName + "','" + password + "','Administrator')";
MySqlCommand cmd = new MySqlCommand(query, con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
catch (Exception ex)
{
con.Close();
MessageBox.Show(ex.Message);
}
}
else
{
MessageBox.Show("password do not match");
}
}
else
{
MessageBox.Show("Fill all boxes");
}
}
else if (rbtnDoctor.IsChecked)
{
if (string.IsNullOrWhiteSpace(userName) == false && string.IsNullOrWhiteSpace(password1) == false && string.IsNullOrWhiteSpace(password2) == false && string.IsNullOrWhiteSpace(name) == false && string.IsNullOrWhiteSpace(phone) == false && string.IsNullOrWhiteSpace(email) == false && string.IsNullOrWhiteSpace(specialty) == false)
{
if (password1 == password2)
{
try
{
string password = Protect.Encrypt(password1);
String query = "INSERT INTO `user`( `user_name`, `password`, `role`) VALUES('" + userName + "','" + password + "','Doctor')";
MySqlCommand cmd = new MySqlCommand(query, con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
String query1 = "INSERT INTO `doctor`(`name`,`phone`,`email`,`specialty`) VALUES('" + name + "','" + phone + "','" + email + "','" + specialty + "')";
MySqlCommand cmd1 = new MySqlCommand(query1, con);
con.Open();
cmd1.ExecuteNonQuery();
con.Close();
}
catch (Exception ex)
{
con.Close();
MessageBox.Show(ex.Message);
}
}
else
{
MessageBox.Show("password do not match");
}
}
else
{
MessageBox.Show("Fill all boxes");
}
}
viewUsers();
txtUserName.Text = "";
txtPassword1.Text = "";
txtPassword2.Text = "";
txtName.Text = "";
txtPhone.Text = "";
txtEmail.Text = "";
txtSpecialty.Text = "";
}
