public void OnLogin() { string CurrentUser = null; string CurrentUserAccess = null; SqlConnection dBConn = new SqlConnection(); dBConn.ConnectionString = ConfigurationManager.ConnectionStrings["ConnStr"].ToString(); dBConn.Open(); SqlCommand GetUser = new SqlCommand("SELECT USERNAME,ACCESS_LEVEL FROM SESSION", dBConn); SqlDataReader UserDataReader; try { UserDataReader = GetUser.ExecuteReader(); while (UserDataReader.Read()) { CurrentUser = UserDataReader["USERNAME"].ToString(); CurrentUserAccess = UserDataReader["ACCESS_LEVEL"].ToString(); } } catch (Exception ex) { MessageBox.Show(ex.Message); } if (CurrentUserAccess != "Administrator") { Admin_Btn.IsEnabled = false; UsrMngmtBtn.IsEnabled = false; } }
private void BtnLogin_Click(object sender, RoutedEventArgs e) { if (UserNameBox.Text != "" & PassWordBox.Password != "") { string SessionTime = DateTime.Now.ToShortTimeString(); SqlCommand CurrentUser_Cmd; SqlCommand Login_Cmd; SqlDataReader UserDataReader; SqlConnection dBConn = new SqlConnection { ConnectionString = ConfigurationManager.ConnectionStrings["ConnStr"].ToString() }; dBConn.Open(); Login_Cmd = new SqlCommand("select USERNAME,PASSWORD from Staff where Username=@USERNAME and PASSWORD=@PASSWORD", dBConn); Login_Cmd.Parameters.AddWithValue("@USERNAME", UserNameBox.Text.ToString()); Login_Cmd.Parameters.AddWithValue("@PASSWORD", PassWordBox.Password.ToString()); UserDataReader = Login_Cmd.ExecuteReader(); if (UserDataReader.HasRows) { UserDataReader.Dispose(); SqlDataReader CUserDataReader; CurrentUser_Cmd = new SqlCommand("INSERT INTO SESSION (SESSION_TIME,USERNAME,ACCESS_LEVEL)" + " VALUES('" + SessionTime + "','" + UserNameBox.Text.ToString() + "', (SELECT ACCESS_LEVEL FROM STAFF WHERE USERNAME = '******'))"); CurrentUser_Cmd.Connection = dBConn; CUserDataReader = CurrentUser_Cmd.ExecuteReader(); MainWindow NewMainInstance = new MainWindow(); Close(); dBConn.Close(); NewMainInstance.ShowDialog(); } else { MessageBox.Show("no user available"); } } }