public void OnLogin()
{
string CurrentUser = null;
string CurrentUserAccess = null;
SqlConnection dBConn = new SqlConnection();
dBConn.ConnectionString = ConfigurationManager.ConnectionStrings["ConnStr"].ToString();
dBConn.Open();
SqlCommand GetUser = new SqlCommand("SELECT USERNAME,ACCESS_LEVEL FROM SESSION", dBConn);
SqlDataReader UserDataReader;
try
{
UserDataReader = GetUser.ExecuteReader();
while (UserDataReader.Read())
{
CurrentUser = UserDataReader["USERNAME"].ToString();
CurrentUserAccess = UserDataReader["ACCESS_LEVEL"].ToString();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
if (CurrentUserAccess != "Administrator")
{
Admin_Btn.IsEnabled = false;
UsrMngmtBtn.IsEnabled = false;
}
}
private void BtnLogin_Click(object sender, RoutedEventArgs e)
{
if (UserNameBox.Text != "" & PassWordBox.Password != "")
{
string SessionTime = DateTime.Now.ToShortTimeString();
SqlCommand CurrentUser_Cmd;
SqlCommand Login_Cmd;
SqlDataReader UserDataReader;
SqlConnection dBConn = new SqlConnection
{
ConnectionString = ConfigurationManager.ConnectionStrings["ConnStr"].ToString()
};
dBConn.Open();
Login_Cmd = new SqlCommand("select USERNAME,PASSWORD from Staff where Username=@USERNAME and PASSWORD=@PASSWORD", dBConn);
Login_Cmd.Parameters.AddWithValue("@USERNAME", UserNameBox.Text.ToString());
Login_Cmd.Parameters.AddWithValue("@PASSWORD", PassWordBox.Password.ToString());
UserDataReader = Login_Cmd.ExecuteReader();
if (UserDataReader.HasRows)
{
UserDataReader.Dispose();
SqlDataReader CUserDataReader;
CurrentUser_Cmd = new SqlCommand("INSERT INTO SESSION (SESSION_TIME,USERNAME,ACCESS_LEVEL)" +
" VALUES('" + SessionTime + "','" + UserNameBox.Text.ToString() +
"', (SELECT ACCESS_LEVEL FROM STAFF WHERE USERNAME = '******'))");
CurrentUser_Cmd.Connection = dBConn;
CUserDataReader = CurrentUser_Cmd.ExecuteReader();
MainWindow NewMainInstance = new MainWindow();
Close();
dBConn.Close();
NewMainInstance.ShowDialog();
}
else
{
MessageBox.Show("no user available");
}
}
}
