private void btRegister_Click(object sender, EventArgs e)
{
using (var sConn = new SqlConnection(sConnStr))
{
sConn.Open();
var sCommand = new SqlCommand
{
Connection = sConn,
CommandText = @"INSERT INTO Users(Login, Password, Salt, RegistrationDate, AccessType)
VALUES (@Login, @Password, @Salt, @RegistrationDate, @AccessType)"
};
var hashManaged = new HashManaged();
var salt = hashManaged.GetNewSalt();
sCommand.Parameters.AddWithValue("@Login", tbLogin.Text);
sCommand.Parameters.AddWithValue("@Password", hashManaged.ComputeHash(tbPassword.Text + salt));
sCommand.Parameters.AddWithValue("@Salt", salt);
sCommand.Parameters.AddWithValue("@RegistrationDate", DateTime.Now);
sCommand.Parameters.AddWithValue("@AccessType", "Operator");
if (sCommand.ExecuteNonQuery() == 1)
{
MessageBox.Show("Регистрация прошла успешно!");
}
else
{
DialogResult = DialogResult.Abort;
MessageBox.Show("Ошибка регистрации.");
}
}
}
public FormInsertUpdate(FormType formType, string oldLogin)
{
InitializeComponent();
FormStyle = formType;
OldLogin = oldLogin;
switch (FormStyle)
{
case FormType.Insert:
{
this.Text = "Добавление пользователя";
btOK.Text = "Добавить";
var hashManaged = new HashManaged();
Salt = hashManaged.GetNewSalt();
tbPassword.Enabled = true;
NewPassword = true;
btNewPassword.Enabled = false;
btNewSalt.Enabled = true;
btOldPassword.Enabled = false;
break;
}
case FormType.Update:
{
this.Text = "Редактирование пользователя";
btOK.Text = "Изменить";
tbPassword.Enabled = false;
NewPassword = false;
btNewSalt.Enabled = false;
btOldPassword.Enabled = true;
break;
}
}
}
public static void Edit(ListView lvData) // изменение пользователя
{
foreach (ListViewItem selectedItem in lvData.SelectedItems)
{
var selectedLogin = selectedItem.Tag;
var formUserUpdate = new FormInsertUpdate(FormInsertUpdate.FormType.Update, (string)selectedLogin)
{
Login = selectedItem.SubItems[0].Text,
Password = selectedItem.SubItems[1].Text,
Salt = selectedItem.SubItems[2].Text,
RegistrationDate = DateTime.Parse(selectedItem.SubItems[3].Text),
UserAccessType = (AccessType)Enum.Parse(typeof(AccessType), selectedItem.SubItems[4].Text)
};
if (formUserUpdate.ShowDialog() == DialogResult.OK)
{
using (var sConn = new SqlConnection(sConnStr))
{
sConn.Open();
var sCommand = new SqlCommand
{
Connection = sConn,
CommandText = @"UPDATE [dbo].[Users]
SET [Login] = @NewLogin
,[Password] = @Password
,[Salt] = @Salt
,[RegistrationDate] = @RegistrationDate
,[AccessType] = @AccessType
WHERE Login = @OldLogin"
};
sCommand.Parameters.AddWithValue("NewLogin", formUserUpdate.Login);
if (formUserUpdate.NewPassword)
{
var hashManaged = new HashManaged();
var password = hashManaged.ComputeHash(formUserUpdate.Password + formUserUpdate.Salt);
sCommand.Parameters.AddWithValue("Password", password);
selectedItem.SubItems[1].Text = password;
}
else
{
sCommand.Parameters.AddWithValue("Password", formUserUpdate.Password);
selectedItem.SubItems[1].Text = formUserUpdate.Password;
}
sCommand.Parameters.AddWithValue("Salt", formUserUpdate.Salt);
sCommand.Parameters.AddWithValue("RegistrationDate", formUserUpdate.RegistrationDate);
sCommand.Parameters.AddWithValue("OldLogin", selectedLogin);
sCommand.Parameters.AddWithValue("AccessType", formUserUpdate.UserAccessType.ToString());
sCommand.ExecuteNonQuery();
selectedItem.SubItems[0].Text = formUserUpdate.Login;
selectedItem.SubItems[2].Text = formUserUpdate.Salt;
selectedItem.SubItems[3].Text = formUserUpdate.RegistrationDate.ToLongDateString();
selectedItem.SubItems[4].Text = formUserUpdate.UserAccessType.ToString();
selectedItem.Tag = formUserUpdate.Login;
}
}
}
lvData.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
lvData.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
public static void Insert(ListView lvData) // вставка нового пользователя
{
var formUserInsert = new FormInsertUpdate(FormInsertUpdate.FormType.Insert, null)
{
UserAccessType = AccessType.None
};
if (formUserInsert.ShowDialog() == DialogResult.OK)
{
using (var sConn = new SqlConnection(sConnStr))
{
sConn.Open();
var sCommand = new SqlCommand
{
Connection = sConn,
CommandText = @"INSERT INTO [dbo].[Users]
([Login]
,[Password]
,[Salt]
,[RegistrationDate]
,[AccessType])
OUTPUT inserted.Login
VALUES
(@Login
,@Password
,@Salt
,@RegistrationDate
,@AccessType)"
};
sCommand.Parameters.AddWithValue("Login", formUserInsert.Login);
var hashManaged = new HashManaged();
var password = hashManaged.ComputeHash(formUserInsert.Password + formUserInsert.Salt);
sCommand.Parameters.AddWithValue("Password", password);
sCommand.Parameters.AddWithValue("Salt", formUserInsert.Salt);
sCommand.Parameters.AddWithValue("RegistrationDate", formUserInsert.RegistrationDate);
sCommand.Parameters.AddWithValue("AccessType", Enum.GetName(typeof(AccessType), formUserInsert.UserAccessType));
var login = sCommand.ExecuteScalar();
var lvItem = new ListViewItem(new[]
{
formUserInsert.Login,
password,
formUserInsert.Salt,
formUserInsert.RegistrationDate.ToLongDateString(),
formUserInsert.UserAccessType.ToString()
});
lvItem.Tag = login;
lvData.Items.Add(lvItem);
}
}
lvData.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
lvData.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
private void btAuthorization_Click(object sender, EventArgs e) // вносим данные в текстбокс
{
using (var sConn = new SqlConnection(sConnStr)) // open data base
{
sConn.Open();
var sCommand = new SqlCommand()
{
Connection = sConn,
CommandText = @"SELECT Salt 'Salt', Password 'Password', AccessType 'AccessType' FROM Users WHERE login = @currentLogin"
};
sCommand.Parameters.AddWithValue("@currentLogin", tbLogin.Text);
var reader = sCommand.ExecuteReader(); // будет лежать те данные, которые определяются введенным логином
if (reader.Read()) //если есть, что считать
{
var hashManaged = new HashManaged();
var saltFromTable = (string)reader["Salt"];
var passwordFromTable = (string)reader["Password"];
var accessType = (string)reader["AccessType"];
if (passwordFromTable == hashManaged.ComputeHash(tbPassword.Text + saltFromTable))
{
MessageBox.Show(@"Авторизация прошла успешно!");
UserAccessType = (AccessType)Enum.Parse(typeof(AccessType), accessType);
Dispose();
}
else
{
MessageBox.Show(@"Неверный логин или пароль!");
}
}
else
{
MessageBox.Show("Несуществующий логин");
}
}
}
private void btNewSalt_Click(object sender, EventArgs e)
{
var hashManaged = new HashManaged();
Salt = hashManaged.GetNewSalt();
}