private bool IsPasswordVerified()
{
bool isCorrect = false;
using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString()))
{
using (SqlCommand cmd = new SqlCommand("usp_Users_VerifyPassword", con)) //specify stored procedure
{
cmd.CommandType = CommandType.StoredProcedure; //declare a command for Stored Procedure
cmd.Parameters.AddWithValue("@UserName", LoggedInUser.UserName);
cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(OldPasswordTextBox.Text.Trim()));
if (con.State != ConnectionState.Open) //check if connection with database is established
{
con.Open();
}
SqlDataReader sdr = cmd.ExecuteReader(); //read data from database
if (sdr.HasRows)
{
isCorrect = true;
}
}
}
return(isCorrect);
}
private void LoginButton_Click(object sender, EventArgs e)
{
if (IsFormValid())
{
using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString()))
{
using (SqlCommand cmd = new SqlCommand("usp_Users_VerifyLoginDetails", con)) //specify stored procedure
{
cmd.CommandType = CommandType.StoredProcedure; //declare a command for Stored Procedure
cmd.Parameters.AddWithValue("@UserName", UserNameTextBox.Text.Trim());
cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(PasswordTextBox.Text.Trim()));
if (con.State != ConnectionState.Open) //check if connection with database is established
{
con.Open();
}
DataTable dtUser = new DataTable(); //create a new DataTable that stores the data
SqlDataReader sdr = cmd.ExecuteReader(); //read data from database
if (sdr.HasRows)
{
dtUser.Load(sdr);
DataRow userRow = dtUser.Rows[0]; //get data from user role database
LoggedInUser.UserName = userRow["UserName"].ToString(); //store UserName to LoggeddInUser class
LoggedInUser.RoleId = Convert.ToInt32(userRow["RoleId"]); //store RoleId to LoggedInUser class
this.Hide();
DashboardForm dashboardForm = new DashboardForm(); //create a new instance of DashboardForm object
dashboardForm.ShowDialog();
}
else
{
MessageBox.Show("User Name or Password is incorrect.", "Authentication Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
}
private void ChangePasswordButton_Click(object sender, EventArgs e)
{
if (IsFormValid())
{
//Verify Existing Password
if (IsPasswordVerified())
{
// Go and Update Password
using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString())) //connect to database using AppConnection class and GetConnectionString method
{
using (SqlCommand cmd = new SqlCommand("usp_Users_ChangePassword", con))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@UserName", LoggedInUser.UserName);
cmd.Parameters.AddWithValue("@NewPassword", SecureData.EncryptData(NewPasswordTextBox.Text.Trim()));
cmd.Parameters.AddWithValue("@CreatedBy", LoggedInUser.UserName);
if (con.State != ConnectionState.Open)
{
con.Open();
}
cmd.ExecuteNonQuery();
MessageBox.Show("Password is successfully changed.", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
ResetFormControl();
}
}
}
else
{
MessageBox.Show("Your old password is not correct, please enter correct password.", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
private void SaveButton_Click(object sender, EventArgs e)
{
if (IsFormValid())
{
if (this.IsUpdate == true)
{
//Do Update Process
using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString())) //connect to database using AppConnection class and GetConnectionString method
{
using (SqlCommand cmd = new SqlCommand("usp_Users_UpdateUserByUserName", con))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@OldUserName", this.UserName);
cmd.Parameters.AddWithValue("@UserName", UserNameTextBox.Text.Trim());
cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(PasswordTextBox.Text.Trim()));
cmd.Parameters.AddWithValue("@RoleId", RolesComboBox.SelectedValue);
cmd.Parameters.AddWithValue("@IsActive", IsActiveCheckBox.Checked);
cmd.Parameters.AddWithValue("@Description", DescriptionTextBox.Text.Trim());
cmd.Parameters.AddWithValue("@CreatedBy", LoggedInUser.UserName);
if (con.State != ConnectionState.Open)
{
con.Open();
}
cmd.ExecuteNonQuery();
MessageBox.Show("User is successfully updated in the database.", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
ResetFormControl();
}
}
}
else
{
//Do Insert Operation
using (SqlConnection con = new SqlConnection(AppConnection.GetConnectionString())) //connect to database using AppConnection class and GetConnectionString method
{
using (SqlCommand cmd = new SqlCommand("usp_Users_InsertNewUser", con))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@UserName", UserNameTextBox.Text.Trim());
cmd.Parameters.AddWithValue("@Password", SecureData.EncryptData(PasswordTextBox.Text.Trim()));
cmd.Parameters.AddWithValue("@RoleId", RolesComboBox.SelectedValue);
cmd.Parameters.AddWithValue("@IsActive", IsActiveCheckBox.Checked);
cmd.Parameters.AddWithValue("@Description", DescriptionTextBox.Text.Trim());
cmd.Parameters.AddWithValue("@CreatedBy", LoggedInUser.UserName);
if (con.State != ConnectionState.Open)
{
con.Open();
}
cmd.ExecuteNonQuery();
MessageBox.Show("User is successfully saved in the database.", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
ResetFormControl();
}
}
}
}
}
