Esempio n. 1
0
        private void btnRegister_Click(object sender, EventArgs e)
        {
            if (txtUsername.Text == "" || txtPassword.Text == "")
            {
                MessageBox.Show("Both fields are required");
            }
            else
            {
                dbh.TestConnection();
                dbh.OpenConnectionToDB();
                bool exist = false;

                using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username", dbh.GetCon()))
                {
                    cmd.Parameters.AddWithValue("Username", txtUsername.Text);
                    exist = (int)cmd.ExecuteScalar() > 0;
                }

                if (exist)
                {
                    MessageHandler.ShowMessage("This user already exists.");
                }
                else
                {
                    using (SqlCommand cmd = new SqlCommand("INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin]) VALUES (@Username, @Password, @IsAdmin)"))
                    {
                        cmd.Parameters.AddWithValue("Username", txtUsername.Text);
                        cmd.Parameters.AddWithValue("Password", txtPassword.Text);
                        cmd.Parameters.AddWithValue("IsAdmin", 0);
                        cmd.Connection = dbh.GetCon();
                        cmd.ExecuteNonQuery();
                    }

                    string username = txtUsername.Text;
                    string password = txtPassword.Text;

                    txtUsername.Text = "";
                    txtPassword.Text = "";

                    using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND Password = @Password", dbh.GetCon()))
                    {
                        cmd.Parameters.AddWithValue("Username", username);
                        cmd.Parameters.AddWithValue("Password", password);
                        exist = (int)cmd.ExecuteScalar() > 0;
                    }

                    if (exist)
                    {
                        bool admin;
                        using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) from [tblUsers] WHERE Username = @Username AND IsAdmin = 1", dbh.GetCon()))
                        {
                            cmd.Parameters.AddWithValue("Username", username);
                            admin = (int)cmd.ExecuteScalar() > 0;
                        }
                        dbh.CloseConnectionToDB();

                        if (admin)
                        {
                            frmAdmin.Show();
                        }
                        else
                        {
                            frmPlayer = new frmPlayer(frmRanking, username);
                            frmPlayer.Show();
                            //frmPlayer.Show();
                        }
                    }
                    else
                    {
                        dbh.CloseConnectionToDB();
                        MessageHandler.ShowMessage("Wrong username and/or password.");
                    }
                }



                dbh.CloseConnectionToDB();
            }
        }
Esempio n. 2
0
        private void btnRegister_Click(object sender, EventArgs e)
        {
            // This is letting the user to make an account.

            if (txtUsername.Text == "" || txtPassword.Text == "")
            {
                // This shows a message is the files are empty.

                MessageBox.Show("Both fields are required");
            }
            else
            {
                // Making sure that the username doesn't exists in the database.

                dbh.TestConnection();
                dbh.OpenConnectionToDB();

                bool exist = false;

                using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username", dbh.GetCon()))
                {
                    cmd.Parameters.AddWithValue("Username", txtUsername.Text);

                    exist = (int)cmd.ExecuteScalar() > 0;
                }

                if (exist)
                {
                    // This shows a message if the user already exists.

                    MessageHandler.ShowMessage("This user already exists.");
                }
                else
                {
                    // This is Elton's secret account.

                    string user = txtUsername.Text.ToLower();

                    if (user == "Ninja")
                    {
                        dbh.CloseConnectionToDB();

                        string password = txtPassword.Text;
                        string userName = txtUsername.Text;

                        int admin = 2;
                        int score = 0;

                        // Preparing array to initialize later.

                        byte[] salt;
                        new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);

                        // The hashing formula is executed 10000 times just to be sure that the security level is high.

                        Rfc2898DeriveBytes passwordToHash = new Rfc2898DeriveBytes(password, salt, 10000);
                        byte[]             hashArray      = passwordToHash.GetBytes(20);

                        // Copys the value of an byte array and paste them in an other array.

                        byte[] hashBytes = new byte[36];
                        Array.Copy(salt, 0, hashBytes, 0, 16);
                        Array.Copy(hashArray, 0, hashBytes, 16, 20);

                        // Converting hashed password to a string.

                        string savedPasswordHash = Convert.ToBase64String(hashBytes);
                        string sql = "INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin], [Score]) VALUES ('" + userName + "', '" + savedPasswordHash + "', '" + admin + "', '" + score + "')";

                        dbh.Execute(sql);
                    }
                    else
                    {
                        // Password hashing for registering.

                        dbh.CloseConnectionToDB();

                        string password = txtPassword.Text;
                        string userName = txtUsername.Text;

                        // Preparing array to initialize later.

                        byte[] salt;
                        new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);

                        // The hashing formula is executed 10000 times just to be sure that the security level is high.

                        Rfc2898DeriveBytes passwordToHash = new Rfc2898DeriveBytes(password, salt, 10000);
                        byte[]             hashArray      = passwordToHash.GetBytes(20);

                        // Copys the value of an byte array and paste them in an other array.

                        byte[] hashBytes = new byte[36];
                        Array.Copy(salt, 0, hashBytes, 0, 16);
                        Array.Copy(hashArray, 0, hashBytes, 16, 20);

                        // Converting hashed password to a string.

                        int admin = 0;
                        int score = 0;

                        string savedPasswordHash = Convert.ToBase64String(hashBytes);
                        string sql = "INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin], [Score]) VALUES ('" + userName + "', '" + savedPasswordHash + "', '" + admin + "', '" + score + "')";

                        dbh.Execute(sql);
                    }
                }
                dbh.CloseConnectionToDB();
            }
        }
Esempio n. 3
0
        private void btnLoadData_Click(object sender, EventArgs e)
        {
            if (!(txtPath.Text == null))
            {
                dbh.OpenConnectionToDB();
                StreamReader sr = new StreamReader(txtPath.Text);

                if (tableSelector.Text == "")
                {
                    MessageHandler.ShowMessage("you have to select an table.");
                }
                else if (tableSelector.Text == "matches")
                {
                    string data = sr.ReadLine();

                    while (data != null)
                    {
                        string[] value = data.Split(',');

                        int homeTeam  = Convert.ToInt32(value[1]);
                        int awayTeam  = Convert.ToInt32(value[2]);
                        int scoreHome = Convert.ToInt32(value[3]);
                        int scoreAway = Convert.ToInt32(value[4]);

                        data = sr.ReadLine();

                        using (SqlCommand cmd = new SqlCommand("INSERT INTO TblGames ( HomeTeam, AwayTeam, HomeTeamScore, AwayTeamScore) VALUES (@homeTeam, @awayTeam, @scoreHome, @scoreAway)"))
                        {
                            cmd.Parameters.AddWithValue("@homeTeam", homeTeam);
                            cmd.Parameters.AddWithValue("@awayTeam", awayTeam);
                            cmd.Parameters.AddWithValue("@scoreHome", scoreHome);
                            cmd.Parameters.AddWithValue("@scoreAway", scoreAway);
                            cmd.Connection = dbh.GetCon();
                            cmd.ExecuteNonQuery();

                            MessageHandler.ShowMessage("data insert has been succeeded");
                            dbh.CloseConnectionToDB();
                        }
                    }
                }


                else if (tableSelector.Text == "players")
                {
                    string data = sr.ReadLine();

                    while (data != null)
                    {
                        string[] value      = data.Split(',');
                        int      id         = Convert.ToInt32(value[0]);
                        string   name       = value[3];
                        string   newName    = name.Trim('"');
                        string   surname    = value[4];
                        string   newSurname = surname.Trim('"');
                        int      goalScored = Convert.ToInt32(value[5]);
                        int      team_id    = Convert.ToInt32(value[2]);
                        data = sr.ReadLine();



                        using (SqlCommand cmd = new SqlCommand("INSERT INTO TblPlayers (Name, Surname, GoalsScored, Team_id) VALUES (@name, @surname, @goalScored, @Team_id)"))
                        {
                            cmd.Parameters.AddWithValue("@name", newName);
                            cmd.Parameters.AddWithValue("@surname", newSurname);
                            cmd.Parameters.AddWithValue("@goalScored", goalScored);
                            cmd.Parameters.AddWithValue("@Team_id", team_id);
                            cmd.Connection = dbh.GetCon();
                            cmd.ExecuteNonQuery();

                            MessageHandler.ShowMessage("data insert has been succeeded");
                            dbh.CloseConnectionToDB();
                        }
                    }
                    MessageHandler.ShowMessage("data insert has been succeeded");
                    dbh.CloseConnectionToDB();
                }

                else if (tableSelector.Text == "teams")
                {
                    string data = sr.ReadLine();

                    while (data != null)
                    {
                        string[] value    = data.Split(',');
                        int      Teamid   = Convert.ToInt32(value[0]);
                        int      temp     = Convert.ToInt32(value[1]);
                        string   TeamName = value[2];
                        data = sr.ReadLine();

                        DataTable teamId = dbh.FillDT("SELECT Team_id FROM TblTeams");

                        for (int i = 0; i < teamId.Rows.Count; i++)
                        {
                            DataRow rowTeamId   = teamId.Rows[0];
                            int     checkTeamId = Convert.ToInt32(rowTeamId[0]);

                            if (checkTeamId == Teamid)
                            {
                                MessageHandler.ShowMessage("there is already an team with that team id");
                                Hide();
                            }
                            else if (checkTeamId != Teamid)
                            {
                                using (SqlCommand cmd = new SqlCommand("INSERT INTO  TblTeams (Team_id, TeamName) VALUES (@Teamid, @teamname)"))
                                {
                                    dbh.OpenConnectionToDB();
                                    cmd.Parameters.AddWithValue("@Teamid", Teamid);
                                    cmd.Parameters.AddWithValue("@teamName", TeamName);
                                    cmd.Connection = dbh.GetCon();
                                    cmd.ExecuteNonQuery();
                                }
                            }
                        }
                    }
                    MessageHandler.ShowMessage("data insert has been succeeded");
                    dbh.CloseConnectionToDB();
                }
                else
                {
                    MessageHandler.ShowMessage("No filename selected.");
                    dbh.CloseConnectionToDB();
                }
            }
        }
Esempio n. 4
0
        private void btnLogin_Click(object sender, EventArgs e)
        {
            // This is letting the user to log in and go towards the form where he/she belongs.

            dbh.TestConnection();
            dbh.OpenConnectionToDB();

            bool exist = false;

            string username = txtUsername.Text;
            string password = txtPassword.Text;

            // Getting hashed password from database.

            using (SqlCommand cmd = new SqlCommand("SELECT Password FROM TblUsers WHERE Username =  @Username", dbh.GetCon()))
            {
                cmd.Parameters.AddWithValue("Username", username);

                this.gettingHashedPassword = Convert.ToString(cmd.ExecuteScalar());
            }

            // Comparing password from user input and saved password in database.

            using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND Password = @Password", dbh.GetCon()))
            {
                cmd.Parameters.AddWithValue("Username", username);
                cmd.Parameters.AddWithValue("Password", this.gettingHashedPassword);

                exist = (int)cmd.ExecuteScalar() > 0;
            }

            if (exist)
            {
                bool admin;

                using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND IsAdmin = 1", dbh.GetCon()))
                {
                    cmd.Parameters.AddWithValue("Username", username);

                    admin = (int)cmd.ExecuteScalar() > 0;
                }

                dbh.CloseConnectionToDB();

                if (admin)
                {
                    frmAdmin.Show();
                }
                else
                {
                    frmPlayer = new frmPlayer(frmRanking, username);
                    frmPlayer.Show();
                }
            }
            else
            {
                // This shows a message if the username and or password is wrong.

                MessageHandler.ShowMessage("Wrong username and/or password.");
            }
            dbh.CloseConnectionToDB();
        }