private void loginBtn_Click(object sender, EventArgs e) { string user = userBox.Text; string pass = customFuncs.SHA512Hash(passBox.Text); SqlConnection conn = new SqlConnection(GVars.connectionString()); string SQLlogin = "******"; string SQLuserID = "SELECT userList_ID FROM users WHERE username LIKE @username;"; string SQLType = "SELECT type FROM users WHERE username LIKE @username;"; SqlCommand cmdLog = new SqlCommand(SQLlogin, conn); SqlCommand cmdID = new SqlCommand(SQLuserID, conn); SqlCommand cmdType = new SqlCommand(SQLType, conn); cmdLog.Parameters.AddWithValue("@username", user); cmdLog.Parameters.AddWithValue("@password", pass); cmdLog.Connection = conn; cmdID.Parameters.AddWithValue("@username", user); cmdID.Connection = conn; cmdType.Parameters.AddWithValue("@username", user); cmdType.Connection = conn; conn.Open(); int temp = Convert.ToInt32(cmdID.ExecuteScalar()); GVars.setUserID(temp); DataSet ds = new DataSet(); SqlDataAdapter SQLDa = new SqlDataAdapter(cmdLog); SQLDa.Fill(ds); var typeCheck = cmdType.ExecuteScalar(); conn.Close(); bool loginSucc = ((ds.Tables.Count > 0) && (ds.Tables[0].Rows.Count > 0)); if (loginSucc) { if (typeCheck.ToString() == "Student") { Form StudentForm = new StudentForm(); StudentForm.Show(); this.Hide(); } else { Form TeacherForm = new TeacherForm(); TeacherForm.Show(); this.Hide(); } } else { MessageBox.Show("Check Credentials"); } }
public static int getDiscipData(string slct, string from, string userID) { // I know this is vulnerable to SQL injection but the user cannot influence the input of this in any way, shape or form so it's not an issue string SQL = "SELECT " + slct + " FROM " + from + " WHERE " + userID + "=" + GVars.getUserID(); SqlConnection conn = new SqlConnection(GVars.connectionString()); SqlCommand cmd = new SqlCommand(SQL, conn); conn.Open(); int temp = Convert.ToInt32(cmd.ExecuteScalar()); conn.Close(); return(temp); }
private bool checkExistingUser(string input) { try { SqlConnection conn = new SqlConnection(GVars.connectionString()); SqlCommand cmd = new SqlCommand("SELECT username FROM users WHERE username= @Username", conn); cmd.Parameters.AddWithValue("@Username", usernameBox.Text); conn.Open(); var result = cmd.ExecuteScalar(); if (result != null) { return(true); } else { return(false); } } catch (Exception err) { MessageBox.Show(err.Message); return(true); } }
private void StudentForm_Load(object sender, EventArgs e) { { SqlConnection conn = new SqlConnection(GVars.connectionString()); string spec = "SELECT Specialization FROM data WHERE userData_ID=@userID"; string year = "SELECT Year FROM data WHERE userData_ID=@userID"; string seme = "SELECT Semester FROM data WHERE userData_ID=@userID"; SqlCommand cmdSpec = new SqlCommand(spec, conn); SqlCommand cmdYear = new SqlCommand(year, conn); SqlCommand cmdSeme = new SqlCommand(seme, conn); cmdSpec.Parameters.AddWithValue("@userID", GVars.getUserID()); cmdYear.Parameters.AddWithValue("@userID", GVars.getUserID()); cmdSeme.Parameters.AddWithValue("@userID", GVars.getUserID()); conn.Open(); int tempSpec = Convert.ToInt16(cmdSpec.ExecuteScalar()); int tempYear = Convert.ToInt16(cmdYear.ExecuteScalar()); int tempSeme = Convert.ToInt16(cmdSeme.ExecuteScalar()); switch (tempSpec) { case 1: { switch (tempYear) { case 1: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 2: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 3: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 4: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } } break; } case 2: { switch (tempYear) { case 1: { switch (tempSeme) { case 1: { break; } case 2: { dis1Label.Text = "Desen Tehnic"; dis2Label.Text = "PCLP"; dis1Box.Text = Convert.ToString(DatabaseHelper.getDiscipData("Discipline1", "disciplines", "user_ID")); dis2Box.Text = Convert.ToString(DatabaseHelper.getDiscipData("Discipline2", "disciplines", "user_ID")); break; } } break; } case 2: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 3: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 4: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } } break; } case 3: { switch (tempYear) { case 1: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 2: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 3: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 4: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } } break; } case 4: { switch (tempYear) { case 1: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 2: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 3: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } case 4: { switch (tempSeme) { case 1: { break; } case 2: { break; } } break; } } break; } } } }