private void btnDelete_Click(object sender, RoutedEventArgs e) { if (txtUsername.Text == "" || txtFirstName.Text == "" || txtLastName.Text == "") { MessageBox.Show("Please fill up the missing fields!"); } else { string sMessageBoxText = "Do you want to delete this account?"; string sCaption = "Delete Account"; MessageBoxButton btnMessageBox = MessageBoxButton.YesNoCancel; MessageBoxImage icnMessageBox = MessageBoxImage.Warning; MessageBoxResult dr = MessageBox.Show(sMessageBoxText, sCaption, btnMessageBox, icnMessageBox); switch (dr) { case MessageBoxResult.Yes: SqlCeConnection conn = DBUtils.GetDBConnection(); conn.Open(); SqlCeCommand command = new SqlCeCommand("Delete from Accounts where userID='" + txtUsername.Text + "'", conn); int count = command.ExecuteNonQuery(); if (count == 1) { MessageBox.Show("User has been deleted!"); } else { MessageBox.Show("User does not exist!"); return; } Log = LogManager.GetLogger("DeleteAccount"); Log.Info("Account: " + txtUsername.Text + " has been deleted from the database!"); emptyTextbox(); emptyComboBox(); conn.Close(); conn.Dispose(); break; case MessageBoxResult.No: break; } } }
private void btnRegister_Click(object sender, RoutedEventArgs e) { SqlCeConnection conn = DBUtils.GetDBConnection(); conn.Open(); string gName = txtFirstName.Text; string mName = txtMiddleName.Text; string lName = txtLastName.Text; string un = txtUsername.Text; string pw = txtPassword.Password; string cp = txtConfirm.Password; string sq = cmbQuestion.Text; string sa = txtAnswer.Text; int userLevel = 0; if (cmbUserLevel.Text.Equals("Administrator")) { userLevel = 1; } else if (cmbUserLevel.Text.Equals("Student Assistant")) { userLevel = 2; } int loginAttempts = 0; if (String.IsNullOrEmpty(txtLastName.Text) || String.IsNullOrEmpty(txtFirstName.Text) || String.IsNullOrEmpty(txtMiddleName.Text) || String.IsNullOrEmpty(txtUsername.Text) || String.IsNullOrEmpty(txtPassword.Password) || String.IsNullOrEmpty(txtConfirm.Password) || String.IsNullOrEmpty(cmbQuestion.Text) || String.IsNullOrEmpty(txtAnswer.Text) || String.IsNullOrEmpty(cmbUserLevel.Text)) { MessageBox.Show("Please fill up all the missing fields"); return; } if (txtPassword.Password.Equals(txtConfirm.Password)) { using (SqlCeCommand cmd = new SqlCeCommand("INSERT INTO Accounts VALUES (@userID, @Password, @LastName, @firstName, @MiddleName, @securityQuestion, @securityAnswer, @userLevel, @loginAttempts)", conn)) { cmd.Parameters.AddWithValue("@userID", un); cmd.Parameters.AddWithValue("@Password", pw); cmd.Parameters.AddWithValue("@LastName", lName); cmd.Parameters.AddWithValue("@firstName", gName); cmd.Parameters.AddWithValue("@MiddleName", mName); cmd.Parameters.AddWithValue("@securityQuestion", sq); cmd.Parameters.AddWithValue("@securityAnswer", sa); cmd.Parameters.AddWithValue("@userLevel", userLevel); cmd.Parameters.AddWithValue("@loginAttempts", loginAttempts); try { cmd.ExecuteNonQuery(); MessageBox.Show("Registered successfully"); Log = LogManager.GetLogger("registerAccount"); Log.Info("Account: " + txtUsername.Text + " has been added to database!"); } catch (SqlException) { MessageBox.Show("Error: A user with the same User ID already exists."); } } } else { MessageBox.Show("Your password and confirmation password do not match."); } }
private void btnClick(object sender, RoutedEventArgs e) { user = txtUser.Text; if (txtUser.Text == "" && txtPassword.Password == "") { txtUser.Focus(); } else if (txtPassword.Password == "") { MessageBox.Show("No Password input"); txtPassword.Focus(); } else if (txtUser.Text == "") { MessageBox.Show("No Username input!"); txtUser.Focus(); } else { SqlCeConnection conn = DBUtils.GetDBConnection(); conn.Open(); Nullable <int> loginAttempts; int userLevel; using (SqlCeCommand cmd = new SqlCeCommand("Select loginAttempts FROM Accounts WHERE userID = @userID", conn)) { cmd.Parameters.AddWithValue("@userID", user); loginAttempts = Convert.ToInt32(cmd.ExecuteScalar()); } if (loginAttempts < 5) { string un = txtUser.Text; string pw = txtPassword.Password; using (SqlCeCommand cmd = new SqlCeCommand("Select * from Accounts where userID = @userID AND Password = @password", conn)) { cmd.Parameters.AddWithValue("@userID", un); cmd.Parameters.AddWithValue("@password", pw); SqlCeDataReader dr = cmd.ExecuteResultSet(ResultSetOptions.Scrollable); if (dr.Read()) { string lName, fName, mName; lName = dr.GetString(2); fName = dr.GetString(3); mName = dr.GetString(4); using (SqlCeCommand cmd2 = new SqlCeCommand("UPDATE Accounts SET loginAttempts = 0", conn)) { int ordinal = 0; ordinal = dr.GetOrdinal("userLevel"); userLevel = dr.GetInt32(ordinal); dr.Close(); dr.Dispose(); cmd2.ExecuteNonQuery(); MessageBox.Show("Login Successful"); Log = LogManager.GetLogger("userLogin"); Log.Info(" Account Name: " + txtUser.Text + " has logged in."); } } else { using (SqlCeCommand cmd2 = new SqlCeCommand("Select userID from Accounts where userID = @userID", conn)) { cmd2.Parameters.AddWithValue("@userID", un); dr.Close(); dr.Dispose(); dr = cmd2.ExecuteReader(); int ordinal = 0; string value = ""; if (dr.Read()) { ordinal = dr.GetOrdinal("userID"); value = dr.GetString(ordinal); if (value.Equals(un)) { using (SqlCeCommand cmd3 = new SqlCeCommand("UPDATE Accounts SET loginAttempts = loginAttempts + 1 WHERE userID = @un", conn)) { cmd3.Parameters.AddWithValue("@un", un); dr.Close(); dr.Dispose(); cmd3.ExecuteNonQuery(); cmd3.Dispose(); } } } } MessageBox.Show("User ID or Password is invalid"); return; } } Hide(); new Main(userLevel, un).ShowDialog(); txtPassword.Password = ""; txtUser.Text = ""; ShowDialog(); } else { user = txtUser.Text; string sMessageBoxText = "Due to multiple login attempts, your account has been locked. \nPlease unlock it to continue."; string sCaption = "Account Recovery"; MessageBoxButton btnMessageBox = MessageBoxButton.YesNoCancel; MessageBoxImage icnMessageBox = MessageBoxImage.Warning; MessageBoxResult dr = MessageBox.Show(sMessageBoxText, sCaption, btnMessageBox, icnMessageBox); switch (dr) { case MessageBoxResult.Yes: SqlCeConnection cnn = DBUtils.GetDBConnection(); cnn.Open(); string question = "", answer = ""; int ordinal = 0; using (SqlCeCommand cmd = new SqlCeCommand("Select securityQuestion, securityAnswer from Accounts where userID = @userID", cnn)) { cmd.Parameters.AddWithValue("@userID", user); using (DbDataReader reader = cmd.ExecuteReader()) { reader.Read(); ordinal = reader.GetOrdinal("securityQuestion"); question = reader.GetString(ordinal); ordinal = reader.GetOrdinal("securityAnswer"); answer = reader.GetString(ordinal); } } Account_Recovery ar = new Account_Recovery(question); if (ar.ShowDialog() == true) { string input = ar.Answer; if (input.Equals(answer)) { using (SqlCeCommand cmd2 = new SqlCeCommand("UPDATE Accounts SET loginAttempts = 0 WHERE userID = @un", conn)) { cmd2.Parameters.AddWithValue("@un", user); cmd2.ExecuteNonQuery(); } MessageBoxResult cp = MessageBox.Show("Account has been unlocked. Would you like to change password ?", "Change Password", btnMessageBox, icnMessageBox); switch (cp) { case MessageBoxResult.Yes: Hide(); new ForgotPassword(user).ShowDialog(); ShowDialog(); break; case MessageBoxResult.No: break; } } else { MessageBox.Show("Your answer is incorrect, please try again."); } } break; case MessageBoxResult.No: break; } } } }
private void txtUsername_KeyDown(object sender, KeyEventArgs e) { if (e.Key == Key.Enter) { if (txtUsername.Text == "") { MessageBox.Show("Please input username!"); txtUsername.Text = ""; emptyComboBox(); emptyTextbox(); } else { SqlCeConnection conn = DBUtils.GetDBConnection(); conn.Open(); using (SqlCeCommand cmd = new SqlCeCommand("Select COUNT(1) from Accounts where userID = @userID", conn)) { cmd.Parameters.AddWithValue("@userID", txtUsername.Text); int userCount; userCount = (int)cmd.ExecuteScalar(); if (userCount > 0) { string username = txtUsername.Text; using (SqlCeCommand cmd1 = new SqlCeCommand("Select * from Accounts where userID = @username", conn)) { cmd1.Parameters.AddWithValue("@username", username); cmd1.Connection = conn; using (SqlCeDataReader reader = cmd1.ExecuteResultSet(ResultSetOptions.Scrollable)) { if (reader.HasRows) { reader.Read(); //0 string user = reader.GetValue(1).ToString(); //1 int gNameIndex = reader.GetOrdinal("FirstName"); string fName = Convert.ToString(reader.GetValue(gNameIndex)); //2 int mNameIndex = reader.GetOrdinal("middleName"); string mName = Convert.ToString(reader.GetValue(mNameIndex)); //3 int lNameIndex = reader.GetOrdinal("lastName"); string lName = Convert.ToString(reader.GetValue(lNameIndex)); //4 int securityIndex = reader.GetOrdinal("securityQuestion"); string securityQuestion = Convert.ToString(reader.GetValue(securityIndex)); //5 int userIndex = reader.GetOrdinal("userLevel"); int userLevel = Convert.ToInt32(reader.GetValue(userIndex)); string userLvl = ""; switch (userLevel) { case 1: userLvl = "Administrator"; break; case 2: userLvl = "Student Assistant"; break; } txtUsername.Text = user; txtFirstName.Text = fName; txtMiddleName.Text = mName; txtLastName.Text = lName; cmbQuestion.Text = securityQuestion; cmbUserLevel.Text = userLvl; } else { MessageBox.Show("There is no record of that user!"); emptyComboBox(); emptyTextbox(); } } } } } conn.Close(); } } }
private void updateViolations() { SqlCeConnection conn = DBUtils.GetDBConnection(); conn.Open(); if (txtViolate.Text == "Departmental") { using (SqlCeCommand sql = new SqlCeCommand("Select ViolationType, ViolationName from ViolationDetails where ViolationType ='Departmental'", conn)) { using (DbDataReader reader = sql.ExecuteResultSet(ResultSetOptions.Scrollable)) { if (reader.HasRows) { cmbViolationName.Items.Clear(); cmbViolationName.Items.Add("ALL"); while (reader.Read()) { string ViolationName = reader["ViolationName"].ToString(); cmbViolationName.Items.Add(ViolationName); } } } } } else if (txtViolate.Text == "Institutional") { using (SqlCeCommand sql = new SqlCeCommand("Select ViolationType, ViolationName from ViolationDetails where ViolationType ='Institutional'", conn)) { using (DbDataReader reader = sql.ExecuteResultSet(ResultSetOptions.Scrollable)) { if (reader.HasRows) { cmbViolationName.Items.Clear(); cmbViolationName.Items.Add("ALL"); while (reader.Read()) { string ViolationName = reader["ViolationName"].ToString(); cmbViolationName.Items.Add(ViolationName); } } } } } else if (txtViolate.Text == "Academic") { using (SqlCeCommand sql = new SqlCeCommand("Select ViolationType, ViolationName from ViolationDetails where ViolationType ='Academic'", conn)) { using (DbDataReader reader = sql.ExecuteResultSet(ResultSetOptions.Scrollable)) { if (reader.HasRows) { cmbViolationName.Items.Clear(); cmbViolationName.Items.Add("ALL"); while (reader.Read()) { string ViolationName = reader["ViolationName"].ToString(); cmbViolationName.Items.Add(ViolationName); } } } } } conn.Close(); }