private void btnLogin_Click(object sender, EventArgs e)
        {
            DateTime thisDay = DateTime.Today;
            string   date    = thisDay.ToString("D");

            try
            {
                MySqlConnection con = new MySqlConnection("Server=localhost;Database=ehr;username=root;password=;");

                if (txtUserName.Text != "" && txtPassword.Text != "")
                {
                    try
                    {
                        string       insertquery = "INSERT INTO login_attempt(`user_name`,`password`,`date`) VALUES('" + txtUserName.Text + " ' , ' " + Protect.Encrypt(txtPassword.Text) + "','" + date + "')";
                        MySqlCommand cmdin       = new MySqlCommand(insertquery, con);
                        con.Open();
                        cmdin.ExecuteNonQuery();
                        con.Close();

                        String       viewquery = "SELECT * FROM user WHERE user_name = '" + txtUserName.Text + "'";
                        MySqlCommand cmdout    = new MySqlCommand(viewquery, con);
                        con.Open();
                        MySqlDataReader rdr = cmdout.ExecuteReader();


                        if (rdr.Read())
                        {
                            string User_name = rdr.GetString(1);

                            string Password = Protect.Decrypt(rdr.GetString(2));

                            if (txtUserName.Text == User_name)
                            {
                                if (txtPassword.Text == Password)
                                {
                                    if (rdr.GetString(3) == "Administrator")
                                    {
                                        AdminForm frm2 = new AdminForm();
                                        frm2.Show();
                                        this.Hide();
                                    }
                                    else if (rdr.GetString(3) == "Doctor")
                                    {
                                        this.Hide();
                                        DoctorForm frm3 = new DoctorForm();
                                        frm3.Show();
                                    }
                                }
                                else
                                {
                                    lblError.Text    = "Incorrect Username/Password. \n Please try again!";
                                    txtUserName.Text = null;
                                    txtPassword.Text = null;
                                }
                            }
                            else
                            {
                                lblError.Text    = "Incorrect Username/Password. \n Please try again!";
                                txtUserName.Text = null;
                                txtPassword.Text = null;
                            }
                        }

                        con.Close();
                    }
                    catch (Exception ex)
                    {
                        con.Close();
                        MessageBox.Show(ex.Message);
                    }
                }
                else
                {
                    lblError.Text = "Please Enter Username/Password";
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }
Exemple #2
0
        private void btnAdd_Click(object sender, EventArgs e)
        {
            string userName  = txtUserName.Text;
            string password1 = txtPassword1.Text;
            string password2 = txtPassword2.Text;
            string name      = txtName.Text;
            string phone     = txtPhone.Text;
            string email     = txtEmail.Text;
            string specialty = txtSpecialty.Text;

            if (rbtnAdmin.IsChecked)
            {
                if (string.IsNullOrWhiteSpace(userName) == false && string.IsNullOrWhiteSpace(password1) == false && string.IsNullOrWhiteSpace(password2) == false)
                {
                    if (password1 == password2)
                    {
                        try
                        {
                            string       password = Protect.Encrypt(password1);
                            String       query    = "INSERT INTO `user`( `user_name`, `password`, `role`) VALUES('" + userName + "','" + password + "','Administrator')";
                            MySqlCommand cmd      = new MySqlCommand(query, con);
                            con.Open();
                            cmd.ExecuteNonQuery();
                            con.Close();
                        }
                        catch (Exception ex)
                        {
                            con.Close();
                            MessageBox.Show(ex.Message);
                        }
                    }
                    else
                    {
                        MessageBox.Show("password do not match");
                    }
                }
                else
                {
                    MessageBox.Show("Fill all boxes");
                }
            }
            else if (rbtnDoctor.IsChecked)
            {
                if (string.IsNullOrWhiteSpace(userName) == false && string.IsNullOrWhiteSpace(password1) == false && string.IsNullOrWhiteSpace(password2) == false && string.IsNullOrWhiteSpace(name) == false && string.IsNullOrWhiteSpace(phone) == false && string.IsNullOrWhiteSpace(email) == false && string.IsNullOrWhiteSpace(specialty) == false)
                {
                    if (password1 == password2)
                    {
                        try
                        {
                            string password = Protect.Encrypt(password1);
                            String query    = "INSERT INTO `user`( `user_name`, `password`, `role`) VALUES('" + userName + "','" + password + "','Doctor')";

                            MySqlCommand cmd = new MySqlCommand(query, con);
                            con.Open();
                            cmd.ExecuteNonQuery();
                            con.Close();

                            String       query1 = "INSERT INTO `doctor`(`name`,`phone`,`email`,`specialty`) VALUES('" + name + "','" + phone + "','" + email + "','" + specialty + "')";
                            MySqlCommand cmd1   = new MySqlCommand(query1, con);
                            con.Open();
                            cmd1.ExecuteNonQuery();
                            con.Close();
                        }
                        catch (Exception ex)
                        {
                            con.Close();
                            MessageBox.Show(ex.Message);
                        }
                    }
                    else
                    {
                        MessageBox.Show("password do not match");
                    }
                }
                else
                {
                    MessageBox.Show("Fill all boxes");
                }
            }
            viewUsers();

            txtUserName.Text  = "";
            txtPassword1.Text = "";
            txtPassword2.Text = "";
            txtName.Text      = "";
            txtPhone.Text     = "";
            txtEmail.Text     = "";
            txtSpecialty.Text = "";
        }