/// <summary> /// Authenticate User with giver login data. Returns null if user does not exist /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <returns></returns> public static UserDatabaseError Authenticate(string username, string password, out User user) { user = null; SQLiteConnection connection = new SQLiteConnection(DatabaseManager.CONNECTION_STRING); SQLiteCommand command = new SQLiteCommand("SELECT salt FROM users WHERE username=@username and active = 1", connection); //SQLiteCommand command = new SQLiteCommand("SELECT count(*) FROM users", connection); command.Parameters.AddWithValue("@username", username); try { connection.Open(); } catch { return UserDatabaseError.ERR_DATABASE_CONNECTION; } String salt = (string)command.ExecuteScalar(); if (salt == null || salt == string.Empty) { connection.Close(); return UserDatabaseError.ERR_USER_DOES_NOT_EXIST; } string hash = DatabaseManager.GetSha256(password + salt); command.CommandText = "SELECT name, privilege FROM users WHERE username=@username AND sha256p =@password"; command.Parameters.AddWithValue("@password", hash); SQLiteDataReader reader = command.ExecuteReader(); while (reader.Read()) user = new User(username, (string)reader["name"], (User.UserPrivilege)(Int64)reader["privilege"]); if (user == null) return UserDatabaseError.ERR_AUTH; connection.Close(); return UserDatabaseError.ERR_SUCCESS; }
private void btnAdd_Click(object sender, EventArgs e) { string username = txtAddUserUsername.Text; string password = txtAddUserPassword.Text; if (password != txtAddUserRepeatPassword.Text) { MessageBox.Show("Passwords do not match!"); return; } if (Regex.IsMatch(password, @"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\da-zA-Z]).{8,15}$")) { MessageBox.Show("Password must be at least 8 characters ( up to 16 ), contain at least one uppercase letter, and a special character."); return; } string name = txtName.Text; User newUser = new User(username, name, User.UserPrivilege.REGULAR); //Method is AddUserToDatabase non-static for security reasons User.UserDatabaseError result = user.AddUserToDatabase(newUser, password); if (result == User.UserDatabaseError.ERR_SUCCESS) { MessageBox.Show("User/Salesperson successfully added."); this.Close(); } }
private void btnLogin_Click(object sender, EventArgs e) { string username = txtLoginUsername.Text; string password = txtLoginPassword.Text; User user; User.UserDatabaseError loginResult = User.Authenticate(username, password, out user); switch (loginResult) { case User.UserDatabaseError.ERR_DATABASE_CONNECTION: MessageBox.Show("There was an error connecting to database."); break; case User.UserDatabaseError.ERR_USER_DOES_NOT_EXIST: MessageBox.Show("User with such username does not exist."); break; case User.UserDatabaseError.ERR_AUTH: MessageBox.Show("Wrong password."); break; } if (user == null) { MessageBox.Show("Something went wrong. Please try again."); return; } this.user = user; this.Close(); }
public ManageItems(User user) { cms = new ContextMenuStrip(); cms.Items.Add("Edit"); cms.Items.Add("Delete"); cms.Items[0].Click += delegate (object sender, EventArgs e) { ListViewItem lvItem = mainData.SelectedItems[0]; if (lvItem == null) return; Item SelectedItem = null; foreach (Item it in SearchResults) if (it.ID.ToString() == lvItem.SubItems[0].Text) SelectedItem = it; if (SelectedItem == null) return; ItemAdd ia = new ItemAdd(SelectedItem); ia.Show(); ia.FormClosed += delegate (object subSender, FormClosedEventArgs ea) { this.txtSearch_KeyDown_1(null, new KeyEventArgs(Keys.Enter)); }; }; cms.Items[1].Click += delegate (object sender, EventArgs e) { ListViewItem lvItem = mainData.SelectedItems[0]; if (lvItem == null) return; Item SelectedItem = null; foreach (Item it in SearchResults) if (it.ID.ToString() == lvItem.SubItems[0].Text) SelectedItem = it; if (SelectedItem == null) return; var result = Item.RemoveItem(SelectedItem); if (result == Item.ItemDatabaseError.ERR_SUCCESS) { MessageBox.Show("Item deleted successfully!", "Notice"); try { mainData.Items.Remove(lvItem); SearchResults.Remove(SelectedItem); } catch { } } }; InitializeComponent(); }
private void ShowLogin() { while (user == null && !ShouldClose) { LoginForm lForm = new LoginForm(); lForm.FormClosing += delegate (object subSender, FormClosingEventArgs se) { LoginForm senderForm = (LoginForm)subSender; if (senderForm.ShouldClose) { this.ShouldClose = true; this.Close(); } user = senderForm.GetUser(); }; lForm.ShowDialog(); } if (ShouldClose) this.Close(); }
public UserAdd(User user) { this.user = user; InitializeComponent(); }
/// <summary> /// Adds user to database. /// </summary> /// <param name="toAdd"></param> /// <param name="password"></param> /// <returns></returns> public UserDatabaseError AddUserToDatabase(User toAdd, string password) { if (this.Privilege != UserPrivilege.ADMINISTRATOR) return UserDatabaseError.ERR_PRIVILEGE; SQLiteConnection connection = new SQLiteConnection(DatabaseManager.CONNECTION_STRING); //Check whether the user exists. This could also be done by just trying to insert into database and handling error of user existing. SQLiteCommand command = new SQLiteCommand("SELECT count(*) FROM users WHERE username=@username", connection); command.Parameters.AddWithValue("@username", toAdd.Username); try { connection.Open(); } catch (SQLiteException ex) { return UserDatabaseError.ERR_DATABASE_CONNECTION; } if (Convert.ToInt64(command.ExecuteScalar()) > 0) { connection.Close(); return UserDatabaseError.ERR_USER_EXISTS; } command.CommandText = "INSERT INTO users(username, sha256p, salt, name, privilege) VALUES(@username,@password,@salt,@name,@privilege)"; //Generate random salt RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] buffer = new byte[1024]; rng.GetBytes(buffer); string salt = Regex.Replace(BitConverter.ToString(buffer), "-", ""); var saltedPassword = password + salt; command.Parameters.AddWithValue("@password", DatabaseManager.GetSha256(saltedPassword)); command.Parameters.AddWithValue("@salt", salt); command.Parameters.AddWithValue("@name", toAdd.Name); //At this moment, only regular users can be created. Administrator account will be delivered with the software. //Possible improvement is to introduce the MASTER account, which will be able to manage other accounts ( including administrators ) command.Parameters.AddWithValue("@privilege", UserPrivilege.REGULAR); try { command.ExecuteNonQuery(); } catch (SQLiteException ex) { return UserDatabaseError.ERR_UKNOWN; } return UserDatabaseError.ERR_SUCCESS; }
/// <summary> /// Removes user from database. Self-deletion is not allowed. /// </summary> /// <returns></returns> public UserDatabaseError RemoveUserFromDatabase(User toRemove) { if (this.Privilege != UserPrivilege.ADMINISTRATOR) return UserDatabaseError.ERR_PRIVILEGE; SQLiteConnection connection = new SQLiteConnection(DatabaseManager.CONNECTION_STRING); //Check whether the user exists. This could also be done by just trying to insert into database and handling error of user existing. SQLiteCommand command = new SQLiteCommand("SELECT count(*) FROM users WHERE username=@username", connection); command.Parameters.AddWithValue("@username", toRemove.Username); try { connection.Open(); } catch (SQLiteException ex) { return UserDatabaseError.ERR_DATABASE_CONNECTION; } if (Convert.ToInt64(command.ExecuteScalar()) == 0) { connection.Close(); return UserDatabaseError.ERR_USER_DOES_NOT_EXIST; } command.CommandText = "UPDATE users SET active = 0 WHERE username=@username AND username!=@currentUsername AND privilege = 0"; command.Parameters.Clear(); command.Parameters.AddWithValue("@username", toRemove.Username); command.Parameters.AddWithValue("@currentUsername", this.Username); try { command.ExecuteNonQuery(); } catch (SQLiteException ex) { return UserDatabaseError.ERR_UKNOWN; } return UserDatabaseError.ERR_SUCCESS; }
private void logOutToolStripMenuItem_Click(object sender, EventArgs e) { this.mainData.Items.Clear(); this.txtAmount.Clear(); this.txtAmountIn.Clear(); this.txtItemCode.Clear(); this.txtToReturn.Clear(); this.menuStrip1.Items.RemoveAt(menuStrip1.Items.Count - 1); user = null; this.Hide(); this.ShowLogin(); if (user == null || ShouldClose) this.Close(); else { if (user.Privilege == User.UserPrivilege.ADMINISTRATOR) { LoadAministrativeOptions(); } Main_Load(null, null); this.Show(); } }
public Receipt(User salesPerson) { SalesPersonID = salesPerson.ID; Items = new List<Item>(); }
public UserRemove(User user) { this.user = user; InitializeComponent(); }