private void button1_Click_1(object sender, EventArgs e) { string userType = userTypeBox.SelectedItem.ToString(); string username = usernameBox.Text; string password = passwordBox.Text; if (username == "" || password == "" || userTypeBox.Text == "") { MessageBox.Show("Please fill all fields!", "Warning!", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } SqlDataAdapter sda = new SqlDataAdapter($"SELECT COUNT(*) FROM DB_Users WHERE Username='******' AND UserType='{userType}'", connectionString); DataTable dt = new DataTable(); sda.Fill(dt); if (dt.Rows[0][0].ToString() == "0") { MessageBox.Show("User with this username doesn't exists!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } else { sda = new SqlDataAdapter($"SELECT Password FROM DB_Users WHERE Username='******'", connectionString); dt = new DataTable(); sda.Fill(dt); //root@12345 - main admin password //designation@tel - employee password if (password != Security.Decrypt(dt.Rows[0][0].ToString(), true)) { MessageBox.Show("Incorrect password!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error); } else { sda = new SqlDataAdapter($"SELECT UserDetailsID FROM DB_Users WHERE Username='******'", connectionString); dt = new DataTable(); sda.Fill(dt); User user = new User(); user.username = username; user.password = password; user.userType = userType; int userID; if (dt.Rows[0][0].ToString() != "") { userID = Int32.Parse(dt.Rows[0][0].ToString()); user.userId = userID; } if (userType == "admin") { Admin_Form admin_Form = new Admin_Form(user); this.Hide(); admin_Form.Show(); } if (userType == "client") { Client_Form client_Form = new Client_Form(user); this.Hide(); client_Form.Show(); } if (userType == "employee") { Employee_Form employee_Form = new Employee_Form(user); this.Hide(); employee_Form.Show(); } } } }
private void signupBtn_Click(object sender, EventArgs e) { string username = usernameBox.Text; string password = passwordBox.Text; if (username == "" || password == "" || confpassBox.Text == "") { MessageBox.Show("Please fill all fields!", "Warning!", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } if (password != confpassBox.Text) { MessageBox.Show("Passwords do not match!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } SqlDataAdapter sda = new SqlDataAdapter($"SELECT PsID FROM Passengers ORDER BY PsID DESC", connectionString); DataTable dt = new DataTable(); sda.Fill(dt); int PsId = Int32.Parse(dt.Rows[0][0].ToString()); sda = null; dt = null; sda = new SqlDataAdapter($"SELECT COUNT(*) FROM DB_Users WHERE Username='******'", connectionString); dt = new DataTable(); sda.Fill(dt); if (dt.Rows[0][0].ToString() == "1") { MessageBox.Show("User with this username already exists!", "Warning!", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } User user = new User(); user.username = username; user.password = password; user.userType = "client"; user.userId = PsId + 1; try { using (var conn = new SqlConnection(connectionString)) using (var insertCommand = new SqlCommand("INSERT INTO DB_Users (Username, Password, UserType, UserDetailsID) VALUES('" + user.username + "', '" + Security.Encrypt(user.password, true) + "','" + user.userType + "', '" + user.userId + "')")) { insertCommand.Connection = conn; conn.Open(); insertCommand.ExecuteNonQuery(); conn.Close(); } } catch (Exception exp) { MessageBox.Show("Exception Occre while creating table:" + exp.Message + "\t" + exp.GetType() , "Query error!", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } MessageBox.Show("Successfully!"); Client_Form client_Form = new Client_Form(user); this.Hide(); client_Form.Show(); }