private void btnCreateAccount_Click(object sender, EventArgs e)
{
if (IsValidData())
{
try
{
//sql connection
SqlConnection conn = new SqlConnection(connString);
SqlCommand command = conn.CreateCommand();
command.CommandText = "INSERT INTO [user] (username, password) VALUES (@username, @password) ";
command.Parameters.AddWithValue("@username", txtUsername.Text);
command.Parameters.AddWithValue("@password", Utilis.hashPassword(txtPassword.Text));
conn.Open();
if (command.ExecuteNonQuery() > 0)
{
// we created the user record
command.CommandText = "SELECT user_id FROM [user] WHERE username = @username ";
int user_id = (int)command.ExecuteScalar();
command.CommandText = "INSERT INTO user_account (account_user_id, account_name,account_gender, account_dob, " +
" account_phone, account_type, account_notes, account_creation_date )" +
"VALUES (@user_id, @name,@account_gender, @dob, @phone, @type, @notes, @date)";
command.Parameters.Clear();
command.Parameters.AddWithValue("@user_id", user_id);
command.Parameters.AddWithValue("@name", txtName.Text);
command.Parameters.AddWithValue("@account_gender", cmbGender.SelectedItem.ToString());
command.Parameters.AddWithValue("@dob", dtpDOB.Value.ToString());
command.Parameters.AddWithValue("@phone", txtPhone.Text);
command.Parameters.AddWithValue("@type", cmbType.SelectedIndex);
command.Parameters.AddWithValue("@notes", rchNotes.Text);
command.Parameters.AddWithValue("@date", DateTime.Now);
if (command.ExecuteNonQuery() > 0)
{
//All good, account created
MessageBox.Show("Account was successfully created");
txtUsername.Clear();
txtPassword.Clear();
txtName.Clear();
txtPhone.Clear();
rchNotes.Clear();
//cmbType.Items.Clear();
}
else
{
MessageBox.Show("Error while creating account");
}
}
else
{
MessageBox.Show("Error while creating account");
}
conn.Close();
updateList("");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
private void btnLogin_Click_1(object sender, EventArgs e)
{
if (IsValidData())
{
using (conn = new SqlConnection(connString))
{
try
{
////dataAdapter = new SqlDataAdapter(@"SELECT account_role, account_id FROM [user_account] JOIN [user]
//// ON [user_account].user_id = [user].user_id
//// WHERE username='******' and password='******' ", conn);
SqlCommand command = conn.CreateCommand();
//command.CommandText = @"SELECT account_type, account_id FROM [user_account] JOIN [user]
// ON [user_account].account_user_id = [user].user_id
// WHERE username=@username and password=@password";
command.CommandText = @"SELECT user_id FROM [user] WHERE username=@username and password=@password";
command.Parameters.AddWithValue("@username", txtUsername.Text);
command.Parameters.AddWithValue("@password", Utilis.hashPassword(txtPassword.Text));
//command.Parameters.AddWithValue("@password", txtPassword.Text);
//table = new System.Data.DataTable();
//dataAdapter.Fill(table);
conn.Open();
var result = command.ExecuteScalar();
conn.Close();
if (result != null)
{
//Authenticate
if (txtUsername.Text == "admin")
{
//Admin Panel
Hide();
AdminPanel adminPanel = new AdminPanel();
adminPanel.ShowDialog();
Show();
}
else
{
conn.Open();
command.CommandText = "Select account_id, account_type From user_account Where account_user_id = @user_id ";
command.Parameters.AddWithValue("@user_id", result.ToString());
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
int account_id = reader.GetInt32(0);
int account_type = reader.GetInt32(1);
conn.Close();
if (account_type == 0)
{
//Nurse Panel
Hide();
NursePanel nursePanel = new NursePanel(account_id);
nursePanel.ShowDialog();
Show();
Clear();
}
else if (account_type == 1)
{
//Doctor Panel
Hide();
DoctorPanel doctorPanel = new DoctorPanel(account_id);
doctorPanel.ShowDialog();
Show();
Clear();
}
}
}
}
else
{
//Authentication failure
MessageBox.Show("Invalid Username and Password");
Clear();
txtUsername.Focus();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
}