private void btnHome_Click(object sender, EventArgs e)
{
//On button event, hide current form and open mainDashboard.
Hide();
mainDashboard Dashboard = new mainDashboard();
Dashboard.ShowDialog();
}
private void loginBtn_Click(object sender, EventArgs e)
{
//If username and password aren't blank, select all from the database that matches the username entered.
userLogin = txtUsername.Text;
userPassword = txtPassword.Text;
checkpointReached = false;
if ((userLogin != "") || (userPassword != ""))
{
MySqlConnection connectionMySQL = new MySqlConnection(ConnectionString);
connectionMySQL.Open();
MySqlCommand cmd = new MySqlCommand("SELECT * FROM userAccounts WHERE userLogin = @userLogin", connectionMySQL);
cmd.Parameters.AddWithValue("@userLogin", userLogin);
MySqlDataReader rdr = cmd.ExecuteReader();
rdr.Read();
//Try to set variables to data from select. If error, no data found. Output login denied.
try
{
var Valid = Convert.ToString(rdr[0]);
var databasePassword = Convert.ToString(rdr[2]);
UserID = Convert.ToString(rdr[0]);
Username = Convert.ToString(rdr[1]);
Password = Convert.ToString(rdr[2]);
Forename = Convert.ToString(rdr[3]);
Surname = Convert.ToString(rdr[4]);
EmailAddress = Convert.ToString(rdr[5]);
ProfileImage = Convert.ToString(rdr[6]);
CompanyID = Convert.ToString(rdr[7]);
Role = Convert.ToString(rdr[8]);
//Hash and salt user input.
String EnteredPassword = SHA.GenerateSHA512String(userSalt + txtPassword.Text);
rdr.Close();
//If hashed and salted password doesn't match data stored in the database, insert into the failedLoginAttempts table a log of the details.
if (EnteredPassword != databasePassword)
{
System.Windows.Forms.MessageBox.Show("Login Denied. The username or password you have entered do not match any account we have on record.");
MySqlCommand failedCMD = new MySqlCommand("INSERT INTO failedLoginAttempts (attemptUsername, attemptIP, attemptTimeStamp) VALUES (@attemptUsername, @attemptIP, @attemptTimeStamp)", connectionMySQL);
failedCMD.Parameters.AddWithValue("@attemptUsername", txtUsername.Text);
failedCMD.Parameters.AddWithValue("@attemptIP", IPAddress);
failedCMD.Parameters.AddWithValue("@attemptTimeStamp", DateTime.Now);
failedCMD.ExecuteNonQuery();
}
//Else update the last login IP and date. Set variables to match permissions for the role that the user is set.
else
{
MySqlCommand accountCMD = new MySqlCommand("UPDATE `userAccounts` SET userIPAddress = @attemptIP, userLastLogin = @attemptTimeStamp", connectionMySQL);
accountCMD.Parameters.AddWithValue("@attemptIP", IPAddress);
accountCMD.Parameters.AddWithValue("@attemptTimeStamp", DateTime.Now);
accountCMD.ExecuteNonQuery();
MySqlCommand permissionCommand = new MySqlCommand("SELECT * FROM userPermissions WHERE permID = @permid", connectionMySQL);
permissionCommand.Parameters.AddWithValue("@permid", Role);
MySqlDataReader permissionRDR = permissionCommand.ExecuteReader();
permissionRDR.Read();
loginMenu.Role = Convert.ToString(permissionRDR[1]);
permChangePassword = Convert.ToBoolean(permissionRDR[3]);
permChangeUsername = Convert.ToBoolean(permissionRDR[4]);
permChangeEmail = Convert.ToBoolean(permissionRDR[5]);
permViewServers = Convert.ToBoolean(permissionRDR[6]);
permEditServers = Convert.ToBoolean(permissionRDR[7]);
permDeleteServers = Convert.ToBoolean(permissionRDR[8]);
permViewLocations = Convert.ToBoolean(permissionRDR[9]);
permEditLocations = Convert.ToBoolean(permissionRDR[10]);
permDeleteLocations = Convert.ToBoolean(permissionRDR[11]);
permCreateTicket = Convert.ToBoolean(permissionRDR[12]);
permAdminTicket = Convert.ToBoolean(permissionRDR[13]);
permCloseTicket = Convert.ToBoolean(permissionRDR[14]);
permAddAction = Convert.ToBoolean(permissionRDR[15]);
permEditAction = Convert.ToBoolean(permissionRDR[16]);
permDeleteAction = Convert.ToBoolean(permissionRDR[17]);
permRunCustomAction = Convert.ToBoolean(permissionRDR[18]);
permAdminViewUsers = Convert.ToBoolean(permissionRDR[19]);
permAdminEditUserInfo = Convert.ToBoolean(permissionRDR[20]);
permAdminForcePassReset = Convert.ToBoolean(permissionRDR[21]);
permAdminAddUser = Convert.ToBoolean(permissionRDR[22]);
permAdminDelUser = Convert.ToBoolean(permissionRDR[23]);
permAdminChangePermissions = Convert.ToBoolean(permissionRDR[24]);
permControlServers = Convert.ToBoolean(permissionRDR[25]);
permManageBackupSystem = Convert.ToBoolean(permissionRDR[26]);
permCreateLocation = Convert.ToBoolean(permissionRDR[27]);
permCreateServer = Convert.ToBoolean(permissionRDR[28]);
permissionRDR.Close();
//Get data about the company.
MySqlCommand companyCMD = new MySqlCommand("SELECT * FROM userCompanies WHERE companyID = @companyID", connectionMySQL);
companyCMD.Parameters.AddWithValue("@companyID", CompanyID);
MySqlDataReader companyRDR = companyCMD.ExecuteReader();
companyRDR.Read();
CompanyName = Convert.ToString(companyRDR[2]);
companyRDR.Close();
//Hide the form, and open mainDashboard. If something errors in the program display the error.
Hide();
try
{
mainDashboard mainDashboardDisplay = new mainDashboard();
mainDashboardDisplay.ShowDialog();
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show(Convert.ToString(ex));
}
Show();
}
}
catch
{
System.Windows.Forms.MessageBox.Show("Login Denied. The username or password you have entered do not match any account we have on record.");
rdr.Close();
}
txtUsername.Text = "";
txtPassword.Text = "";
connectionMySQL.Close();
}
else
{
System.Windows.Forms.MessageBox.Show("The username or password cannot be blank.");
}
}
