コード例 #1
0
ファイル: EditUser1.cs プロジェクト: El2829/PointofSaleSystem
        private void changePassword(string currpass, string newpass, string confirmpass)
        {
            DialogResult dr = MessageBox.Show("Are you sure you want to change your password?", "Question", MessageBoxButtons.YesNo, MessageBoxIcon.Question);

            if (dr == DialogResult.Yes)
            {
                if (currpass == "" || newpass == "" || confirmpass == "")
                {
                    MessageBox.Show("Fields Can\'t be blank!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                }
                else
                {
                    if (currpass == Variable.algopass)
                    {
                        if (newpass == confirmpass)
                        {
                            if (dbhelper.openConnection())
                            {
                                string       query = "UPDATE tblaccount set password = @newpass WHERE AccountID=@id";
                                MySqlCommand cmd   = new MySqlCommand(query, dbhelper.getConnection());
                                cmd.Parameters.AddWithValue("newpass", MD5Hasher.GetMd5Hash(newpass));
                                cmd.Parameters.AddWithValue("id", Variable.algoid);
                                cmd.ExecuteNonQuery();
                                dbhelper.closeConnection();
                            }
                            MessageBox.Show("You have successfully changed your password!", "Succes", MessageBoxButtons.OK, MessageBoxIcon.Information);
                            Passwordtxt.Text  = "";
                            CPasswordtxt.Text = "";
                            NPasswordtxt.Text = "";
                            this.Close();
                            MainForm Form = new MainForm();
                            Form.BringToFront();
                        }
                        else
                        {
                            MessageBox.Show("New password mismatched! Please Retype your new password!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                        }
                    }
                    else
                    {
                        MessageBox.Show("Current password mismatched! Please Retype your current password!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                    }
                }
            }
        }
コード例 #2
0
 private void Editbtn_Click(object sender, EventArgs e)
 {
     if (txtanswer.Text == answer)
     {
         if (txtpassword.Text == txtnewpassword.Text)
         {
             if (txtpassword.Text != "")
             {
                 if (dbhelper.openConnection())
                 {
                     try
                     {
                         string       query = "UPDATE tblaccount SET password = @pass WHERE username = @user";
                         MySqlCommand cmd   = new MySqlCommand(query, dbhelper.getConnection());
                         cmd.Parameters.AddWithValue("user", txtusername.Text);
                         cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(txtnewpassword.Text));
                         cmd.ExecuteNonQuery();
                         MessageBox.Show("Your password is changed!", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
                     }
                     catch (Exception ex)
                     {
                         MessageBox.Show(ex.Message);
                     }
                 }
             }
             else
             {
                 MessageBox.Show("New password cant\'t be blank!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Warning);
             }
         }
         else
         {
             MessageBox.Show("New password mismatched!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Warning);
         }
         dbhelper.closeConnection();
     }
     else
     {
         MessageBox.Show("Answer mismatched!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Warning);
     }
 }
コード例 #3
0
        private void Login_btn_Click(object sender, EventArgs e)
        {
            string user = Login_txt.Text;    //variable for Username
            string pass = Password_Txt.Text; //variable for Password

            if (user == "Enter Username" || pass == "Enter Password")
            {
                MessageBox.Show("Username / Password can't be blank!", "Warning", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            else
            {
                if (trials == 0 || trials <= 0)
                {
                    MessageBox.Show("You have used all your trials!, Please restart the application!", "Login Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
                    this.Close();
                }
                else
                {
                    Variable.userlogged = Login_txt.Text;
                    Variable.userpass   = Password_Txt.Text;
                    if (dbconnection.openConnection())
                    {
                        try
                        {
                            string       query = "SELECT UserStatus, AccountID FROM tblaccount WHERE username = @user AND password = @pass";
                            MySqlCommand cmd   = new MySqlCommand(query, dbconnection.getConnection());
                            cmd.Parameters.AddWithValue("@user", Login_txt.Text);
                            cmd.Parameters.AddWithValue("@pass", MD5Hasher.GetMd5Hash(Password_Txt.Text));
                            MySqlDataReader reader = cmd.ExecuteReader();
                            int             count  = 0;

                            while (reader.Read())
                            {
                                count++;
                                Variable.userStatus = reader["UserStatus"].ToString();
                                Variable.userid     = reader["AccountID"].ToString();
                            }

                            dbconnection.closeConnection();
                            if (count == 1)
                            {
                                trials = 3;
                                if (Variable.userStatus == "Staff")
                                {
                                    registerToLogHistory(Variable.userid);
                                }
                                else if (Variable.userStatus == "Admin")
                                {
                                    registerToLogHistory(Variable.userid);
                                    MainForm admin = new MainForm();
                                    admin.ShowDialog();
                                }
                                else if (Variable.userStatus == "Manager")
                                {
                                    registerToLogHistory(Variable.userid);
                                }
                                else if (Variable.userStatus == "Cashier")
                                {
                                    registerToLogHistory(Variable.userid);
                                }

                                Login_txt.Text    = "Enter Username";
                                Password_Txt.Text = "Enter Password";
                            }
                            else if (count == 0)
                            {
                                MessageBox.Show("Incorrect Login Credentials", "Error", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                                trials--;
                                if (trials == 0 || trials <= 0)
                                {
                                    MessageBox.Show("You have used all your trials!, Please restart the application!", "Login Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
                                    this.Close();
                                }
                            }
                        }
                        catch (MySqlException ex)
                        {
                            MessageBox.Show(ex.Message);
                        }
                    }

                    dbconnection.closeConnection();
                }
            }
        }
コード例 #4
0
        private void Add_btn_Click(object sender, EventArgs e)
        {
            if (Add_btn.ButtonText == "Edit")
            {
                if (AccTypecmb.Text == "" || Usernametxt.Text == "" || Passwordtxt.Text == "" || Fnametxt.Text == "" || Mnametxt.Text == "" || Lnametxt.Text == "" || Enametxt.Text == "" || EmailAddtxt.Text == "" || Contactnotxt.Text == "" || Securityquescmb.Text == "" || Answertxt.Text == "")
                {
                    MessageBox.Show("Fields Can't be blank!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                }
                else
                {
                    if (dbhelper.openConnection())
                    {
                        string query = "Update tblaccount set Username = @user, Password = @pass, UserStatus = @type, DateRegistered = @now WHERE AccountID=@id;" +
                                       "Update tbluserinfo set U_Fname =  @fname, U_Mname =  @mname, U_Lname =  @lname, U_Suffix = @ename, U_EmailAdd = @emailadd, U_ContactNo = @contactno WHERE AccountID=@id;" +
                                       "Update tblanswer set QuestionID = (SELECT tblquestion.QuestionID FROM tblquestion WHERE Question = CONVERT(@question USING utf8)), Answer = @answer WHERE AccountID = @id";
                        MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
                        cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
                        cmd.Parameters.AddWithValue("user", Usernametxt.Text);
                        cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
                        cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
                        cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
                        cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
                        cmd.Parameters.AddWithValue("ename", Enametxt.Text);
                        cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
                        cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
                        cmd.Parameters.AddWithValue("question", Securityquescmb.Text);
                        cmd.Parameters.AddWithValue("answer", Answertxt.Text);
                        cmd.Parameters.AddWithValue("now", DateTime.Now);
                        cmd.Parameters.AddWithValue("id", Variable.algoid);
                        cmd.ExecuteNonQuery();
                    }

                    dbhelper.closeConnection();
                    MessageBox.Show("Updated new Account!");
                    this.Close();
                    MainForm Form = new MainForm();
                    Form.BringToFront();
                }
            }
            else if (Add_btn.ButtonText == "Add User")
            {
                if (Passwordtxt.Text == CPasswordtxt.Text)
                {
                    string           query1 = "Select * From tblaccount where Username ='******'";
                    MySqlCommand     cmd1   = new MySqlCommand(query1, dbhelper.getConnection());
                    MySqlDataAdapter da     = new MySqlDataAdapter(cmd1);
                    da.Fill(ds);
                    int i = ds.Tables[0].Rows.Count;
                    if (i > 0)
                    {
                        MessageBox.Show("Username " + Usernametxt.Text + " Already Exists");
                        ds.Clear();
                    }
                    else if (AccTypecmb.Text == "" || Usernametxt.Text == "" || Passwordtxt.Text == "" || Fnametxt.Text == "" || Mnametxt.Text == "" || Lnametxt.Text == "" || Enametxt.Text == "" || EmailAddtxt.Text == "" || Contactnotxt.Text == "" || Securityquescmb.Text == "" || Answertxt.Text == "")
                    {
                        MessageBox.Show("Fields Can't be blank!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                    }
                    else
                    {
                        dbhelper.openConnection();
                        if (AccTypecmb.Text == "Cashier")
                        {
                            string       query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";
                            MySqlCommand cmd   = new MySqlCommand(query, dbhelper.getConnection());
                            cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
                            cmd.Parameters.AddWithValue("user", Usernametxt.Text);
                            cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
                            cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
                            cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
                            cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
                            cmd.Parameters.AddWithValue("ename", Enametxt.Text);
                            cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
                            cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
                            cmd.Parameters.AddWithValue("now", DateTime.Now);
                            cmd.ExecuteNonQuery();
                        }
                        else if (AccTypecmb.Text == "Admin")
                        {
                            string query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";


                            MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
                            cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
                            cmd.Parameters.AddWithValue("user", Usernametxt.Text);
                            cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
                            cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
                            cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
                            cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
                            cmd.Parameters.AddWithValue("ename", Enametxt.Text);
                            cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
                            cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
                            cmd.Parameters.AddWithValue("now", DateTime.Now);
                            cmd.ExecuteNonQuery();
                        }
                        else if (AccTypecmb.Text == "Staff")
                        {
                            string query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";


                            MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
                            cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
                            cmd.Parameters.AddWithValue("user", Usernametxt.Text);
                            cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
                            cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
                            cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
                            cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
                            cmd.Parameters.AddWithValue("ename", Enametxt.Text);
                            cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
                            cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
                            cmd.Parameters.AddWithValue("now", DateTime.Now);
                            cmd.ExecuteNonQuery();
                        }

                        else if (AccTypecmb.Text == "Manager")
                        {
                            string query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";


                            MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
                            cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
                            cmd.Parameters.AddWithValue("user", Usernametxt.Text);
                            cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
                            cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
                            cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
                            cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
                            cmd.Parameters.AddWithValue("ename", Enametxt.Text);
                            cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
                            cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
                            cmd.Parameters.AddWithValue("now", DateTime.Now);
                            cmd.ExecuteNonQuery();
                        }

                        string       query2 = "INSERT INTO tblanswer(AccountID, QuestionID, Answer) VALUES (LAST_INSERT_ID(), (SELECT tblquestion.QuestionID FROM tblquestion WHERE Question=CONVERT(@question USING utf8)), @answer)";
                        MySqlCommand cmd2   = new MySqlCommand(query2, dbhelper.getConnection());
                        cmd2.Parameters.AddWithValue("question", Securityquescmb.Text);
                        cmd2.Parameters.AddWithValue("answer", Answertxt.Text);
                        cmd2.ExecuteNonQuery();


                        dbhelper.closeConnection();
                        MessageBox.Show("Added new Account!");
                        this.Close();
                        MainForm Form = new MainForm();
                        Form.BringToFront();
                    }
                }
                else
                {
                    MessageBox.Show("Password do not match!", "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
                }
            }
        }