private void btnCreateAccount_Click(object sender, EventArgs e) { //Initialise registretion form tp create new account using (Form_RegisterAccount createAccount = new Form_RegisterAccount()) { //Show form and check the resul if (createAccount.ShowDialog() == DialogResult.OK) { //Get the created user from the form user = createAccount.User; //Show panel to notify the user that an email is sending panelEmail.Visible = true; //Check if the multi factor authentication has been selected if (user.MultiFactorAuthentication) { //Create query to take the user's id from the database string query = "SELECT ID FROM users WHERE email = @email"; //Store returned data from database. Query database. Add parameter email DataTable dt = db.QueryReader(query, p => { p.Add("email", DbType.String).Value = user.Email; }); //Check if there is any data returned if (dt.Rows.Count != 0) { //Initialise the user's id with the id from database user.Id = Convert.ToInt32(dt.Rows[0]["ID"].ToString()); } //Create a random code uniqueCode = CreateRandomCode(10); //Create a time to determinate when the code was created dateTimeCode = DateTime.Now; //Create a query to insert the code into database query = "INSERT INTO unique_codes (user_id, code, time) VALUES (@userID, @code, @time)"; //Query the database. add parameters db.NonQuery(query, p => { p.Add("@userID", DbType.Int32).Value = user.Id; p.Add("@code", DbType.String).Value = uniqueCode; p.Add("@time", DbType.DateTime).Value = dateTimeCode; }); //Send email to the user with the created code emailServices.SendEmail(encrypt.DecryptData(user.Email), uniqueCode); //Initialse the multi factor authentication form using (Form_MultiFactorAuthentication multiFactorAuth = new Form_MultiFactorAuthentication(uniqueCode, dateTimeCode)) { //Show form and check the result if (multiFactorAuth.ShowDialog() == DialogResult.OK) { //Check if the multi factor authentication has been succesfully created if (!multiFactorAuth.AuthEnable) { //Create query to delete the code form database query = "DELETE FROM unique_codes WHERE code = @code and user_id = @userID"; //Query database db.NonQuery(query, p => { p.Add("@code", DbType.String).Value = uniqueCode; p.Add("@userID", DbType.Int32).Value = user.Id; }); //Create query to update the user's multi factor authentication query = "UPDATE users SET two_factor_authentication = false WHERE ID = @userID"; //Query the database db.NonQuery(query, p => { p.Add("@userID", DbType.Int32).Value = user.Id; }); } } } } //Hide the information panel panelEmail.Visible = false; //Populat the field for login. Decrypt the user's data txtEmail.Text = encrypt.DecryptData(user.Email); txtPassword.Text = encrypt.DecryptData(user.Password); } } }
private void btnAuthen_Click(object sender, EventArgs e) { //Create database db = new Database(); //Check button state if (btnAuthen.Text == "Enable") { //Create unique code string uniqueCode = CreateRandomCode(10); //Create the time for the code DateTime datetimeCode = DateTime.Now; //Create query for database string query = "INSERT INTO unique_codes (user_id, code, time) VALUES (@userID, @code, @time)"; //Query database and add parameters db.NonQuery(query, p => { p.Add("@userID", DbType.Int32).Value = user.Id; p.Add("@code", DbType.String).Value = uniqueCode; p.Add("@time", DbType.DateTime).Value = datetimeCode; }); //Create email services emailServices = new EmailServices(); //Send the unique code to the user's email emailServices.SendEmail(lblEmail.Text, uniqueCode); //Show multi factor authentication form using (Form_MultiFactorAuthentication multiFactorAuthentication = new Form_MultiFactorAuthentication(uniqueCode, datetimeCode, true)) { //Check for result if (multiFactorAuthentication.ShowDialog() == DialogResult.OK) { //Change controls for multi factor authentication btnAuthen.Text = "Disable"; lblAuthen.Text = "Enable"; //Check if multi factor authentication has succesfully activated if (!multiFactorAuthentication.AuthEnable) { //Create query to delete the unique code query = "DELETE FROM unique_codes WHERE code = @code and user_id = @userID"; //Query the daabase db.NonQuery(query, p => { p.Add("@code", DbType.String).Value = uniqueCode; p.Add("@userID", DbType.Int32).Value = user.Id; }); //Create query to update user's multi factor authentication query = "UPDATE users SET two_factor_authentication = false WHERE ID = @userID"; //Query the database db.NonQuery(query, p => { p.Add("@userID", DbType.Int32).Value = user.Id; }); } else { //Query database to updated the time of the unique code query = "UPDATE unique_codes SET time = @time WHERE user_id = @userID "; //Deduction 10 minutes from the time datetimeCode = datetimeCode.AddMinutes(-10); //Query the database and add parameters db.NonQuery(query, p => { p.Add("@time", DbType.DateTime).Value = datetimeCode; p.Add("@userID", DbType.Int32).Value = user.Id; }); //Query database to update the user's multi factor authentication to true query = "UPDATE users SET two_factor_authentication = true WHERE ID = @userID"; //Query the database db.NonQuery(query, p => { p.Add("@userID", DbType.Int32).Value = user.Id; }); } } } } else if (btnAuthen.Text == "Disable") // Displable multi factor authentication if enable { //Notify user to make sure that the multi factor authentication should be disable DialogResult result = MessageBox.Show("Disabling Multifactor Authentication will make your account less secure.\nContinue? ", "Multi Factor Authentication", MessageBoxButtons.YesNo, MessageBoxIcon.Information); //Check user's input if (result == DialogResult.Yes) { //Create string to update the multi factor authentication (disable) string query = "UPDATE users SET two_factor_authentication = false WHERE ID = @userID"; //Query the database. Add parameters db.NonQuery(query, p => { p.Add("@userID", DbType.Int32).Value = user.Id; }); //Notify user MessageBox.Show("Multifactor Authentication has been disabled"); btnAuthen.Text = "Enable"; lblAuthen.Text = "Disable"; } } }