private void button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(Properties.Resources.connectionString);
SqlCommand command = con.CreateCommand();
command.CommandText = "SELECT user_id FROM [user] WHERE user_username=@username AND user_password=@password";
command.Parameters.AddWithValue("@username", textBox1.Text);
command.Parameters.AddWithValue("@password", textBox2.Text);
con.Open();
var result = command.ExecuteScalar();
con.Close();
if (result != null)
{
con.Open();
command.CommandText = "SELECT account_id, account_type FROM account WHERE account_user_id=@user_id";
command.Parameters.AddWithValue("@user_id", result.ToString());
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
int account_id = reader.GetInt32(0);
int account_type = reader.GetInt32(1);
con.Close();
if (account_type == 0)
{
Hide();
SecretaryPanel secretaryPanel = new SecretaryPanel(account_id);
secretaryPanel.ShowDialog();
Show();
}
else if (account_type == 1)
{
Hide();
DoctorPanel doctorPanel = new DoctorPanel(account_id);
doctorPanel.ShowDialog();
Show();
}
}
}
else
{
MessageBox.Show("Authentication Failed!");
textBox1.Text = textBox2.Text = string.Empty;
}
}
private void button1_Click(object sender, EventArgs e)
{
string connectionString = Clinic_Management_System.Properties.Resources.connectionString;
SqlConnection con = new SqlConnection(connectionString);
SqlCommand command = con.CreateCommand();
command.CommandText = "SELECT user_id FROM [user] WHERE user_username=@username AND user_password=@password";
command.Parameters.AddWithValue("@username", textBox1.Text);
command.Parameters.AddWithValue("@password", Utils.hashPassword(textBox2.Text));
con.Open();
var result = command.ExecuteScalar();
con.Close();
if (result != null)
{
//Authenticated
if (textBox1.Text == "admin")
{
//Admin Panel
Hide();
AdminPanel adminPanel = new AdminPanel();
adminPanel.ShowDialog();
Show();
}
else
{
con.Open();
command.CommandText = "SELECT account_id, account_type FROM account WHERE account_user_id=@user_id";
command.Parameters.AddWithValue("@user_id", result.ToString());
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
int account_id = reader.GetInt32(0);
int account_type = reader.GetInt32(1);
con.Close();
if (account_type == 0)
{
//Secretary Panel
Hide();
SecretaryPanel secretaryPanel = new SecretaryPanel(account_id);
secretaryPanel.ShowDialog();
Show();
}
else if (account_type == 1)
{
//Doctor Panel
Hide();
DoctorPanel doctorPanel = new DoctorPanel(account_id);
doctorPanel.ShowDialog();
Show();
}
else if (account_type == 2)
{
//Patient Panel
Hide();
PatientPanel patientPanel = new PatientPanel(account_id);
patientPanel.ShowDialog();
Show();
}
}
}
}
else
{
//Authentication Error
MessageBox.Show("Kullanıcı Bilgileri Yanlış!");
}
}