private void goBackButton_Click(object sender, EventArgs e)
        {
            OICForm oic_form = new OICForm();

            this.Hide();
            oic_form.setCurrentUser(user);
            oic_form.setUserID(userID);
            oic_form.ShowDialog();
            this.Close();
        }
Exemple #2
0
        private void goBackButton_Click(object sender, EventArgs e)
        {
            try
            {
                string          Conn   = "datasource=localhost;port=3306;username=root;password=;database=medisupply;sslMode=none";
                string          Query  = "SELECT * FROM users WHERE userID = @userID";
                MySqlConnection MyConn = new MySqlConnection(Conn);
                MySqlCommand    cmd    = new MySqlCommand(Query, MyConn);
                cmd.Parameters.AddWithValue("@userID", userID);
                MyConn.Open();
                MySqlDataReader MyReader = cmd.ExecuteReader();


                if (MyReader.Read())
                {
                    string userRealID   = MyReader.GetString("userID");
                    string userRealName = MyReader.GetString("userName");
                    string userType     = MyReader.GetString("userType");

                    if (userRealID == userID && userType == "Admin")
                    {
                        adminForm admin_form = new adminForm();
                        this.Hide();
                        admin_form.setCurrentUser(userRealName);
                        admin_form.setUserID(userRealID);
                        admin_form.ShowDialog();
                        this.Close();
                    }
                    else
                    {
                        OICForm oic_form = new OICForm();
                        this.Hide();
                        oic_form.setCurrentUser(userRealName);
                        oic_form.setUserID(userRealID);
                        oic_form.ShowDialog();
                        this.Close();
                    }
                }
                else
                {
                    MessageBox.Show("This ID does not exist!", "Error Message");
                }
                MyConn.Close();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }
        private void loginButton_Click(object sender, EventArgs e)
        {
            String id  = this.idInput.Text;
            String pwd = this.pwdInput.Text;

            if (this.idInput.Text == "" || this.pwdInput.Text == "")
            {
                MessageBox.Show("There is a blank input", "Login Error");
            }
            else
            {
                loginAttemptCount++;

                if (loginAttemptCount > 3)
                {
                    try
                    {
                        string          Conn   = "datasource=localhost;port=3306;username=root;password=;database=medisupply;sslMode=none";
                        string          Query  = "UPDATE users SET userStatus = @userStatus WHERE userID = @userID AND userType = 'OIC'";
                        MySqlConnection MyConn = new MySqlConnection(Conn);
                        MySqlCommand    cmd    = new MySqlCommand(Query, MyConn);
                        cmd.Parameters.AddWithValue("@userStatus", "Locked");
                        cmd.Parameters.AddWithValue("@userID", this.idInput.Text);

                        MyConn.Open();
                        MySqlDataReader MyReader = cmd.ExecuteReader();
                        MessageBox.Show("You failed to login three times, so this ID is locked now. \nPlease, contact the system administrator.", "Login Error");
                        lockedAccountForm locked_account_form = new lockedAccountForm();
                        this.Hide();
                        locked_account_form.ShowDialog();
                        MyConn.Close();
                        this.Close();
                    }
                    catch (Exception ex)
                    {
                        MessageBox.Show(ex.Message);
                    }
                }
                else
                {
                    try
                    {
                        string          Conn         = "datasource=localhost;port=3306;username=root;password=;database=medisupply;sslMode=none";
                        string          Query        = "SELECT * FROM users WHERE userID = @userID";
                        MySqlConnection MyConn       = new MySqlConnection(Conn);
                        MySqlCommand    cmd          = new MySqlCommand(Query, MyConn);
                        string          hash_MD5_pwd = MD5Hash(this.pwdInput.Text);
                        cmd.Parameters.AddWithValue("@userID", this.idInput.Text);
                        MyConn.Open();
                        MySqlDataReader MyReader = cmd.ExecuteReader();


                        if (MyReader.Read())
                        {
                            string userRealID   = MyReader.GetString("userID");
                            string userRealPwd  = MyReader.GetString("userPwd");
                            string userRealName = MyReader.GetString("userName");
                            string userStatus   = MyReader.GetString("userStatus");
                            string userType     = MyReader.GetString("userType");

                            if (userStatus == "Locked" || userStatus == "locked")
                            {
                                MessageBox.Show("Your account is locked! Contact the system administrator, please.", "Login Error");
                            }
                            else
                            {
                                if (this.idInput.Text == userRealID && hash_MD5_pwd == userRealPwd && userType == "Admin")
                                {
                                    adminForm admin_form = new adminForm();
                                    this.Hide();
                                    admin_form.setCurrentUser(userRealName);
                                    admin_form.setUserID(userRealID);
                                    admin_form.ShowDialog();
                                    this.Close();
                                }
                                else if (this.idInput.Text == userRealID && hash_MD5_pwd == userRealPwd && userType == "OIC")
                                {
                                    OICForm oic_form = new OICForm();
                                    this.Hide();
                                    oic_form.setCurrentUser(userRealName);
                                    oic_form.setUserID(userRealID);
                                    oic_form.ShowDialog();
                                    this.Close();
                                }
                                else
                                {
                                    MessageBox.Show("Your ID or password is incorrect!", "Login Error");
                                }
                            }
                        }
                        else
                        {
                            MessageBox.Show("This ID does not exist!", "Login Error");
                        }
                    }
                    catch (Exception ex)
                    {
                        MessageBox.Show(ex.Message);
                    }
                }
            }
        }