private void btnRegister_Click(object sender, EventArgs e) { if (txtUsername.Text == "" || txtPassword.Text == "") { MessageBox.Show("Both fields are required"); } else { dbh.TestConnection(); dbh.OpenConnectionToDB(); bool exist = false; using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username", dbh.GetCon())) { cmd.Parameters.AddWithValue("Username", txtUsername.Text); exist = (int)cmd.ExecuteScalar() > 0; } if (exist) { MessageHandler.ShowMessage("This user already exists."); } else { using (SqlCommand cmd = new SqlCommand("INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin]) VALUES (@Username, @Password, @IsAdmin)")) { cmd.Parameters.AddWithValue("Username", txtUsername.Text); cmd.Parameters.AddWithValue("Password", txtPassword.Text); cmd.Parameters.AddWithValue("IsAdmin", 0); cmd.Connection = dbh.GetCon(); cmd.ExecuteNonQuery(); } string username = txtUsername.Text; string password = txtPassword.Text; txtUsername.Text = ""; txtPassword.Text = ""; using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND Password = @Password", dbh.GetCon())) { cmd.Parameters.AddWithValue("Username", username); cmd.Parameters.AddWithValue("Password", password); exist = (int)cmd.ExecuteScalar() > 0; } if (exist) { bool admin; using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) from [tblUsers] WHERE Username = @Username AND IsAdmin = 1", dbh.GetCon())) { cmd.Parameters.AddWithValue("Username", username); admin = (int)cmd.ExecuteScalar() > 0; } dbh.CloseConnectionToDB(); if (admin) { frmAdmin.Show(); } else { frmPlayer = new frmPlayer(frmRanking, username); frmPlayer.Show(); //frmPlayer.Show(); } } else { dbh.CloseConnectionToDB(); MessageHandler.ShowMessage("Wrong username and/or password."); } } dbh.CloseConnectionToDB(); } }
private void btnRegister_Click(object sender, EventArgs e) { // This is letting the user to make an account. if (txtUsername.Text == "" || txtPassword.Text == "") { // This shows a message is the files are empty. MessageBox.Show("Both fields are required"); } else { // Making sure that the username doesn't exists in the database. dbh.TestConnection(); dbh.OpenConnectionToDB(); bool exist = false; using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username", dbh.GetCon())) { cmd.Parameters.AddWithValue("Username", txtUsername.Text); exist = (int)cmd.ExecuteScalar() > 0; } if (exist) { // This shows a message if the user already exists. MessageHandler.ShowMessage("This user already exists."); } else { // This is Elton's secret account. string user = txtUsername.Text.ToLower(); if (user == "Ninja") { dbh.CloseConnectionToDB(); string password = txtPassword.Text; string userName = txtUsername.Text; int admin = 2; int score = 0; // Preparing array to initialize later. byte[] salt; new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]); // The hashing formula is executed 10000 times just to be sure that the security level is high. Rfc2898DeriveBytes passwordToHash = new Rfc2898DeriveBytes(password, salt, 10000); byte[] hashArray = passwordToHash.GetBytes(20); // Copys the value of an byte array and paste them in an other array. byte[] hashBytes = new byte[36]; Array.Copy(salt, 0, hashBytes, 0, 16); Array.Copy(hashArray, 0, hashBytes, 16, 20); // Converting hashed password to a string. string savedPasswordHash = Convert.ToBase64String(hashBytes); string sql = "INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin], [Score]) VALUES ('" + userName + "', '" + savedPasswordHash + "', '" + admin + "', '" + score + "')"; dbh.Execute(sql); } else { // Password hashing for registering. dbh.CloseConnectionToDB(); string password = txtPassword.Text; string userName = txtUsername.Text; // Preparing array to initialize later. byte[] salt; new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]); // The hashing formula is executed 10000 times just to be sure that the security level is high. Rfc2898DeriveBytes passwordToHash = new Rfc2898DeriveBytes(password, salt, 10000); byte[] hashArray = passwordToHash.GetBytes(20); // Copys the value of an byte array and paste them in an other array. byte[] hashBytes = new byte[36]; Array.Copy(salt, 0, hashBytes, 0, 16); Array.Copy(hashArray, 0, hashBytes, 16, 20); // Converting hashed password to a string. int admin = 0; int score = 0; string savedPasswordHash = Convert.ToBase64String(hashBytes); string sql = "INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin], [Score]) VALUES ('" + userName + "', '" + savedPasswordHash + "', '" + admin + "', '" + score + "')"; dbh.Execute(sql); } } dbh.CloseConnectionToDB(); } }
private void btnLoadData_Click(object sender, EventArgs e) { if (!(txtPath.Text == null)) { dbh.OpenConnectionToDB(); StreamReader sr = new StreamReader(txtPath.Text); if (tableSelector.Text == "") { MessageHandler.ShowMessage("you have to select an table."); } else if (tableSelector.Text == "matches") { string data = sr.ReadLine(); while (data != null) { string[] value = data.Split(','); int homeTeam = Convert.ToInt32(value[1]); int awayTeam = Convert.ToInt32(value[2]); int scoreHome = Convert.ToInt32(value[3]); int scoreAway = Convert.ToInt32(value[4]); data = sr.ReadLine(); using (SqlCommand cmd = new SqlCommand("INSERT INTO TblGames ( HomeTeam, AwayTeam, HomeTeamScore, AwayTeamScore) VALUES (@homeTeam, @awayTeam, @scoreHome, @scoreAway)")) { cmd.Parameters.AddWithValue("@homeTeam", homeTeam); cmd.Parameters.AddWithValue("@awayTeam", awayTeam); cmd.Parameters.AddWithValue("@scoreHome", scoreHome); cmd.Parameters.AddWithValue("@scoreAway", scoreAway); cmd.Connection = dbh.GetCon(); cmd.ExecuteNonQuery(); MessageHandler.ShowMessage("data insert has been succeeded"); dbh.CloseConnectionToDB(); } } } else if (tableSelector.Text == "players") { string data = sr.ReadLine(); while (data != null) { string[] value = data.Split(','); int id = Convert.ToInt32(value[0]); string name = value[3]; string newName = name.Trim('"'); string surname = value[4]; string newSurname = surname.Trim('"'); int goalScored = Convert.ToInt32(value[5]); int team_id = Convert.ToInt32(value[2]); data = sr.ReadLine(); using (SqlCommand cmd = new SqlCommand("INSERT INTO TblPlayers (Name, Surname, GoalsScored, Team_id) VALUES (@name, @surname, @goalScored, @Team_id)")) { cmd.Parameters.AddWithValue("@name", newName); cmd.Parameters.AddWithValue("@surname", newSurname); cmd.Parameters.AddWithValue("@goalScored", goalScored); cmd.Parameters.AddWithValue("@Team_id", team_id); cmd.Connection = dbh.GetCon(); cmd.ExecuteNonQuery(); MessageHandler.ShowMessage("data insert has been succeeded"); dbh.CloseConnectionToDB(); } } MessageHandler.ShowMessage("data insert has been succeeded"); dbh.CloseConnectionToDB(); } else if (tableSelector.Text == "teams") { string data = sr.ReadLine(); while (data != null) { string[] value = data.Split(','); int Teamid = Convert.ToInt32(value[0]); int temp = Convert.ToInt32(value[1]); string TeamName = value[2]; data = sr.ReadLine(); DataTable teamId = dbh.FillDT("SELECT Team_id FROM TblTeams"); for (int i = 0; i < teamId.Rows.Count; i++) { DataRow rowTeamId = teamId.Rows[0]; int checkTeamId = Convert.ToInt32(rowTeamId[0]); if (checkTeamId == Teamid) { MessageHandler.ShowMessage("there is already an team with that team id"); Hide(); } else if (checkTeamId != Teamid) { using (SqlCommand cmd = new SqlCommand("INSERT INTO TblTeams (Team_id, TeamName) VALUES (@Teamid, @teamname)")) { dbh.OpenConnectionToDB(); cmd.Parameters.AddWithValue("@Teamid", Teamid); cmd.Parameters.AddWithValue("@teamName", TeamName); cmd.Connection = dbh.GetCon(); cmd.ExecuteNonQuery(); } } } } MessageHandler.ShowMessage("data insert has been succeeded"); dbh.CloseConnectionToDB(); } else { MessageHandler.ShowMessage("No filename selected."); dbh.CloseConnectionToDB(); } } }
private void btnLogin_Click(object sender, EventArgs e) { // This is letting the user to log in and go towards the form where he/she belongs. dbh.TestConnection(); dbh.OpenConnectionToDB(); bool exist = false; string username = txtUsername.Text; string password = txtPassword.Text; // Getting hashed password from database. using (SqlCommand cmd = new SqlCommand("SELECT Password FROM TblUsers WHERE Username = @Username", dbh.GetCon())) { cmd.Parameters.AddWithValue("Username", username); this.gettingHashedPassword = Convert.ToString(cmd.ExecuteScalar()); } // Comparing password from user input and saved password in database. using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND Password = @Password", dbh.GetCon())) { cmd.Parameters.AddWithValue("Username", username); cmd.Parameters.AddWithValue("Password", this.gettingHashedPassword); exist = (int)cmd.ExecuteScalar() > 0; } if (exist) { bool admin; using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND IsAdmin = 1", dbh.GetCon())) { cmd.Parameters.AddWithValue("Username", username); admin = (int)cmd.ExecuteScalar() > 0; } dbh.CloseConnectionToDB(); if (admin) { frmAdmin.Show(); } else { frmPlayer = new frmPlayer(frmRanking, username); frmPlayer.Show(); } } else { // This shows a message if the username and or password is wrong. MessageHandler.ShowMessage("Wrong username and/or password."); } dbh.CloseConnectionToDB(); }