private void btnHome_Click(object sender, EventArgs e) { //On button event, hide current form and open mainDashboard. Hide(); mainDashboard Dashboard = new mainDashboard(); Dashboard.ShowDialog(); }
private void loginBtn_Click(object sender, EventArgs e) { //If username and password aren't blank, select all from the database that matches the username entered. userLogin = txtUsername.Text; userPassword = txtPassword.Text; checkpointReached = false; if ((userLogin != "") || (userPassword != "")) { MySqlConnection connectionMySQL = new MySqlConnection(ConnectionString); connectionMySQL.Open(); MySqlCommand cmd = new MySqlCommand("SELECT * FROM userAccounts WHERE userLogin = @userLogin", connectionMySQL); cmd.Parameters.AddWithValue("@userLogin", userLogin); MySqlDataReader rdr = cmd.ExecuteReader(); rdr.Read(); //Try to set variables to data from select. If error, no data found. Output login denied. try { var Valid = Convert.ToString(rdr[0]); var databasePassword = Convert.ToString(rdr[2]); UserID = Convert.ToString(rdr[0]); Username = Convert.ToString(rdr[1]); Password = Convert.ToString(rdr[2]); Forename = Convert.ToString(rdr[3]); Surname = Convert.ToString(rdr[4]); EmailAddress = Convert.ToString(rdr[5]); ProfileImage = Convert.ToString(rdr[6]); CompanyID = Convert.ToString(rdr[7]); Role = Convert.ToString(rdr[8]); //Hash and salt user input. String EnteredPassword = SHA.GenerateSHA512String(userSalt + txtPassword.Text); rdr.Close(); //If hashed and salted password doesn't match data stored in the database, insert into the failedLoginAttempts table a log of the details. if (EnteredPassword != databasePassword) { System.Windows.Forms.MessageBox.Show("Login Denied. The username or password you have entered do not match any account we have on record."); MySqlCommand failedCMD = new MySqlCommand("INSERT INTO failedLoginAttempts (attemptUsername, attemptIP, attemptTimeStamp) VALUES (@attemptUsername, @attemptIP, @attemptTimeStamp)", connectionMySQL); failedCMD.Parameters.AddWithValue("@attemptUsername", txtUsername.Text); failedCMD.Parameters.AddWithValue("@attemptIP", IPAddress); failedCMD.Parameters.AddWithValue("@attemptTimeStamp", DateTime.Now); failedCMD.ExecuteNonQuery(); } //Else update the last login IP and date. Set variables to match permissions for the role that the user is set. else { MySqlCommand accountCMD = new MySqlCommand("UPDATE `userAccounts` SET userIPAddress = @attemptIP, userLastLogin = @attemptTimeStamp", connectionMySQL); accountCMD.Parameters.AddWithValue("@attemptIP", IPAddress); accountCMD.Parameters.AddWithValue("@attemptTimeStamp", DateTime.Now); accountCMD.ExecuteNonQuery(); MySqlCommand permissionCommand = new MySqlCommand("SELECT * FROM userPermissions WHERE permID = @permid", connectionMySQL); permissionCommand.Parameters.AddWithValue("@permid", Role); MySqlDataReader permissionRDR = permissionCommand.ExecuteReader(); permissionRDR.Read(); loginMenu.Role = Convert.ToString(permissionRDR[1]); permChangePassword = Convert.ToBoolean(permissionRDR[3]); permChangeUsername = Convert.ToBoolean(permissionRDR[4]); permChangeEmail = Convert.ToBoolean(permissionRDR[5]); permViewServers = Convert.ToBoolean(permissionRDR[6]); permEditServers = Convert.ToBoolean(permissionRDR[7]); permDeleteServers = Convert.ToBoolean(permissionRDR[8]); permViewLocations = Convert.ToBoolean(permissionRDR[9]); permEditLocations = Convert.ToBoolean(permissionRDR[10]); permDeleteLocations = Convert.ToBoolean(permissionRDR[11]); permCreateTicket = Convert.ToBoolean(permissionRDR[12]); permAdminTicket = Convert.ToBoolean(permissionRDR[13]); permCloseTicket = Convert.ToBoolean(permissionRDR[14]); permAddAction = Convert.ToBoolean(permissionRDR[15]); permEditAction = Convert.ToBoolean(permissionRDR[16]); permDeleteAction = Convert.ToBoolean(permissionRDR[17]); permRunCustomAction = Convert.ToBoolean(permissionRDR[18]); permAdminViewUsers = Convert.ToBoolean(permissionRDR[19]); permAdminEditUserInfo = Convert.ToBoolean(permissionRDR[20]); permAdminForcePassReset = Convert.ToBoolean(permissionRDR[21]); permAdminAddUser = Convert.ToBoolean(permissionRDR[22]); permAdminDelUser = Convert.ToBoolean(permissionRDR[23]); permAdminChangePermissions = Convert.ToBoolean(permissionRDR[24]); permControlServers = Convert.ToBoolean(permissionRDR[25]); permManageBackupSystem = Convert.ToBoolean(permissionRDR[26]); permCreateLocation = Convert.ToBoolean(permissionRDR[27]); permCreateServer = Convert.ToBoolean(permissionRDR[28]); permissionRDR.Close(); //Get data about the company. MySqlCommand companyCMD = new MySqlCommand("SELECT * FROM userCompanies WHERE companyID = @companyID", connectionMySQL); companyCMD.Parameters.AddWithValue("@companyID", CompanyID); MySqlDataReader companyRDR = companyCMD.ExecuteReader(); companyRDR.Read(); CompanyName = Convert.ToString(companyRDR[2]); companyRDR.Close(); //Hide the form, and open mainDashboard. If something errors in the program display the error. Hide(); try { mainDashboard mainDashboardDisplay = new mainDashboard(); mainDashboardDisplay.ShowDialog(); } catch (Exception ex) { System.Windows.Forms.MessageBox.Show(Convert.ToString(ex)); } Show(); } } catch { System.Windows.Forms.MessageBox.Show("Login Denied. The username or password you have entered do not match any account we have on record."); rdr.Close(); } txtUsername.Text = ""; txtPassword.Text = ""; connectionMySQL.Close(); } else { System.Windows.Forms.MessageBox.Show("The username or password cannot be blank."); } }