private void acceptButton_Click(object sender, EventArgs e)
{
string password, passwordRetype;
password = passwordTextBox.Text;
passwordRetype = retypePasswordTextBox.Text;
// Check if both inputs are filled
if (!string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(passwordRetype))
{
// Check if both inputs are same
if (password == passwordRetype)
{
// Hash the password
string hashedPassword = DBSqlHelper.SHA512(password);
string query = "UPDATE user_table " +
"SET pw = @password, first_time_login = 0 " +
"WHERE id_user = @id_user";
SqlCommand cmd = DBSqlHelper._instance.conn.CreateCommand();
cmd.CommandText = query;
SqlParameter sqlPassword = new SqlParameter("password", SqlDbType.NVarChar);
sqlPassword.Value = hashedPassword;
cmd.Parameters.Add(sqlPassword);
SqlParameter sqlUserId = new SqlParameter("id_user", DbType.Int32);
sqlUserId.Value = loggedInUser.id;
cmd.Parameters.Add(sqlUserId);
// Execute query
cmd.ExecuteNonQuery();
MessageBox.Show(null, "User details updated successfully!", "Success");
// Login the user afterwards
loginForm.LoginUser(loggedInUser);
this.Close();
}
else
{
MessageBox.Show(null, "Both password fields must be the same.", "Error");
}
}
else
{
MessageBox.Show(null, "Both fields must be filled.", "Error");
}
}
private User GetUserDataFromDB(string username, string password)
{
try
{
// Hash the input password
string hashedPassword = DBSqlHelper.SHA512(password);
// Select user if username and password are correct OR first_time_login is set
string query = "SELECT id_user, fullname, email, username, administrator, first_time_login, valid FROM user_table " +
"WHERE (username = @username OR email = @username) AND (pw = @password OR first_time_login = 1)";
SqlCommand cmd = DBSqlHelper._instance.conn.CreateCommand();
cmd.CommandText = query;
SqlParameter sqlUsername = new SqlParameter("@username", SqlDbType.NVarChar);
sqlUsername.Value = username;
cmd.Parameters.Add(sqlUsername);
SqlParameter sqlPassword = new SqlParameter("@password", SqlDbType.NVarChar);
sqlPassword.Value = hashedPassword;
cmd.Parameters.Add(sqlPassword);
// Execute query
using (DbDataReader reader = cmd.ExecuteReader())
{
// Check if user exists
if (reader.HasRows)
{
// Construct user information from database
reader.Read();
User loggedUser = new User(reader.GetInt32(0), reader.GetString(1), reader.GetString(2), reader.GetString(3), reader.GetBoolean(4), reader.GetBoolean(5), reader.GetBoolean(6));
return(loggedUser);
}
else
{
return(null);
}
}
}
catch (Exception e)
{
MessageBox.Show(null, "Error: " + e, "Error");
return(null);
}
}