private void btnLogin_Click(object sender, EventArgs e)
{
// initialize connection
SqlConnection cn = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\brian\source\repos\krabby-k\C-sharp\NCC-PRO\Database.mdf;Integrated Security=True");
cn.Open();
//variable declaration
string u, p;
u = txtUname.Text;
p = txtPass.Text;
// check if username and password is not null
if (p != "" && u != "")
{
// query to select the account where username and password is provided
SqlCommand cmd = new SqlCommand("select * from Users where Username='******' and Password='******'", cn);
var dr = cmd.ExecuteReader();
// if present
if (dr.Read())
{
dr.Close();
this.Hide();
// we check if the account is an admin account.
if (u == "Admin")
{
// provide a limit to number of login attempts
int loginAttempts = 0;
for (int x = 0; x < 3; x++)
{
// checking if the password is similar to what is in the database
if (p != "Password")
{
loginAttempts++;
}
else
{
break;
}
}
// login attempt more than 2 account is locked.
if (loginAttempts > 2)
{
MessageBox.Show("Account has been Locked!!");
}
// grant access
else
{
AdminPage admin = new AdminPage();
admin.ShowDialog();
}
}
// executed when normal user logs in
else
{
UserPage use = new UserPage();
use.ShowDialog();
}
}
// executed when incorrect Login Details are provided
else
{
dr.Close();
MessageBox.Show("Username and Password does not exist \nor Wrong Username / password ", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
// must provide username and password to proceed
else
{
MessageBox.Show("Please Enter Username and Password", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
cn.Close();
}