private void buttonChange_Click(object sender, EventArgs e)
{
if (textBoxNew.Text == textBoxNewConfirm.Text)
{
MySqlConnection connection = Database.GetConnection();
connection.Open();
string sql = "SELECT passwordHash FROM tbl_staff WHERE username = @username;";
MySqlCommand command = new MySqlCommand(sql, connection);
command.Parameters.AddWithValue("@username", username);
MySqlDataReader data = command.ExecuteReader();
data.Read();
if (isAdmin || (Passwords.Verify(textBoxOld.Text, data.GetString(data.GetOrdinal("passwordHash")))))
{
data.Close();
sql = "UPDATE tbl_staff SET passwordHash = @passwordHash WHERE username = @username;";
command = new MySqlCommand(sql, connection);
command.Parameters.AddWithValue("@username", username);
command.Parameters.AddWithValue("@passwordHash", Passwords.GetHash(textBoxNew.Text));
command.ExecuteNonQuery();
MessageBox.Show("Password Changed");
this.Close();
}
else
{
data.Close();
MessageBox.Show("Incorrect current password, please try again");
textBoxOld.Text = "";
}
connection.Close();
}
else
{
MessageBox.Show("The two new passwords do not match, please try again");
textBoxNew.Text = "";
textBoxNewConfirm.Text = "";
}
}
private void buttonAdd_Click(object sender, EventArgs e)
{
string message;
if (isUsernameValid(out message))
{
if (isPasswordValid(out message))
{
MySqlConnection connection = Database.GetConnection();
connection.Open();
string sql = "INSERT INTO tbl_staff (username, passwordHash, isAdmin) VALUES (@username, @passwordHash, @isAdmin);";
MySqlCommand command = new MySqlCommand(sql, connection);
command.Parameters.AddWithValue("@username", textBoxUsername.Text);
command.Parameters.AddWithValue("@passwordHash", Passwords.GetHash(textBoxPassword.Text));
command.Parameters.AddWithValue("@isAdmin", Database.BoolToDatabase(checkBoxIsAdmin.Checked));
if (command.ExecuteNonQuery() == 1) //If the addition was a success
{
MessageBox.Show("User " + textBoxUsername.Text + " added successfully.", "Success");
shouldPopUp = false;
this.Close();
}
else
{
MessageBox.Show("Error: User not added", "Error");
}
}
else
{
MessageBox.Show(message, "Password");
}
}
else
{
MessageBox.Show(message, "Username");
}
}