private void button11_Click(object sender, EventArgs e) { ChangePassword s = new ChangePassword(); s.Show(); }
private void LoginButton_Click(object sender, EventArgs e) { if (UserIdTextBox.Text == "") { MessageBox.Show("Please enter User Name", "No input", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); UserIdTextBox.Focus(); } else { if (PasswordTextBox.Text == "") { MessageBox.Show("Please enter Password", "No input", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); PasswordTextBox.Focus(); } else { if (UserIdTextBox.Text == "/customer") { if (PasswordTextBox.Text == "customer") { //MessageBox.Show("customer", "customer"); CustomerMain cusMain = new CustomerMain(); this.Hide(); cusMain.Show(); } else { MessageBox.Show("Invalid password !", "Invalid input", MessageBoxButtons.OK, MessageBoxIcon.Exclamation); PasswordTextBox.Text = ""; PasswordTextBox.Focus(); } } else { SqlConnection newConnection = new SqlConnection(); newConnection.ConnectionString = "Data Source=MAKS-PC;Initial Catalog=PressWiz;Integrated Security=True"; SqlCommand myCommand = new SqlCommand("SELECT * FROM [UserAccounts] WHERE UserId = '" + UserIdTextBox.Text + "' ", newConnection); SqlDataReader myReader; try { newConnection.Open(); myReader = myCommand.ExecuteReader(); int count = 0; while (myReader.Read()) { count++; } myReader.Close(); newConnection.Close(); if (count == 1) { SqlCommand myCommand2 = new SqlCommand("SELECT * FROM [UserAccounts] WHERE admin = 1 AND UserId = '" + UserIdTextBox.Text + "' AND Password = '******'", newConnection); SqlDataReader myReader2; newConnection.Open(); myReader2 = myCommand2.ExecuteReader(); int count2 = 0; string First_Name = ""; while (myReader2.Read()) { count2++; First_Name = (myReader2["First_Name"].ToString()); } myReader2.Close(); newConnection.Close(); if (count2 == 1) { SqlCommand myCommand21 = new SqlCommand("UPDATE UserAccounts SET ip ='" + hostName + "' WHERE admin = 1 AND UserId = '" + UserIdTextBox.Text + "' AND Password = '******'", newConnection); newConnection.Open(); myCommand21.ExecuteNonQuery(); newConnection.Close(); //MessageBox.Show("admin", First_Name); if (PasswordTextBox.Text == "00000") { this.Hide(); ChangePassword changePW = new ChangePassword(First_Name); changePW.Show(); } else { this.Hide(); Main main = new Main(true, First_Name); main.Show(); } } else { SqlCommand myCommand3 = new SqlCommand("SELECT * FROM [UserAccounts] WHERE admin = 0 AND UserId = '" + UserIdTextBox.Text + "' AND Password = '******'", newConnection); SqlDataReader myReader3; newConnection.Open(); myReader3 = myCommand3.ExecuteReader(); int count3 = 0; while (myReader3.Read()) { count3++; First_Name = (myReader3["First_Name"].ToString()); } myReader3.Close(); newConnection.Close(); if (count3 == 1) { SqlCommand myCommand31 = new SqlCommand("UPDATE UserAccounts SET ip ='" + hostName + "' WHERE admin = 0 AND UserId = '" + UserIdTextBox.Text + "' AND Password = '******'", newConnection); newConnection.Open(); myCommand31.ExecuteNonQuery(); newConnection.Close(); //MessageBox.Show("staff", First_Name); if (PasswordTextBox.Text == "00000") { this.Hide(); ChangePassword changePW = new ChangePassword(First_Name); changePW.Show(); } else { this.Hide(); Main main = new Main(true, First_Name); main.Show(); } } else { MessageBox.Show("Invalid Password", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); PasswordTextBox.Text = ""; PasswordTextBox.Focus(); } } } else { MessageBox.Show("Invalid UserName", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); UserIdTextBox.Text = ""; PasswordTextBox.Text = ""; UserIdTextBox.Focus(); } } catch (InvalidOperationException ioe) { MessageBox.Show(ioe.ToString(), "Connection Error !", MessageBoxButtons.OK, MessageBoxIcon.Error); LoginButton.Focus(); } catch (SqlException se) { MessageBox.Show(se.ToString(), "Connection Error !", MessageBoxButtons.OK, MessageBoxIcon.Error); LoginButton.Focus(); } } } } }