public static void ResetPass(string username)
 {
     using (SqlConnection conn = DBConnection.GetConnection())
     {
         conn.Open();
         string         sql         = "select Birthdate from Emplopyee where Username='******'";
         SqlCommand     command     = new SqlCommand(sql, conn);
         SqlDataAdapter dataAdapter = new SqlDataAdapter(command);
         DataTable      dt          = new DataTable();
         dataAdapter.Fill(dt);
         DateTime dob = DateTime.Parse(dt.Rows[0][0].ToString());
         string   day = dob.Day.ToString();
         if (int.Parse(day) < 10)
         {
             day = "0" + day;
         }
         string month = dob.Month.ToString();
         if (int.Parse(month) < 10)
         {
             month = "0" + month;
         }
         string password = day + month + dob.Year.ToString();
         sql     = @"UPDATE Emplopyee SET PassWord = '******' WHERE Username = '******'";
         command = new SqlCommand(sql, conn);
         command.ExecuteNonQuery();
         conn.Close();
     }
 }
 public static void AddKhach(string firstname, string lastname, string phone, string address)
 {
     using (SqlConnection conn = DBConnection.GetConnection())
     {
         conn.Open();
         string username = RandomUsername();
         string password = DBConnection.HashPassword(phone);
         string email    = username + "@gmail.com";
         string gender   = "Male";
         string day      = DBConnection.FormatDate(DateTime.Now);
         int    isNew    = 2;
         string status   = "Active";
         string sql      = "insert into Customer VALUES ('" + username + "','" + password + "','" + email + "',N'" + firstname
                           + "',N'" + lastname + "','" + gender + "','" + day + "',N'" + address + "','" + phone
                           + "','" + day + "'," + isNew + ",N'" + status + "')";
         SqlCommand command = new SqlCommand(sql, conn);
         command.ExecuteNonQuery();
         conn.Close();
     }
 }
        public static void addEmployee(Employee employee)
        {
            using (SqlConnection conn = DBConnection.GetConnection())
            {
                conn.Open();
                string   username  = employee.username;
                string   firstname = employee.firstname;
                string   lastname  = employee.lastname;
                string   gender    = employee.gender;
                string   address   = employee.address;
                int      role      = employee.role;
                DateTime dob       = employee.birthday;
                string   password  = DBConnection.HashPassword(dob.Day.ToString("dd") + dob.Month.ToString("MM") + dob.Year.ToString());
                string   joindate  = DBConnection.FormatDate(employee.joindate);

                string sql = @"INSERT INTO Emplopyee VALUES" +
                             "('" + username + "','" + password + "',N'" + firstname + "',N'" + lastname +
                             "','" + gender + "','" + DBConnection.FormatDate(dob) + "',N'" + address + "','" + joindate + "'," + role + ", 'Active')";
                SqlCommand com = new SqlCommand(sql, conn);
                com.ExecuteNonQuery();
                conn.Close();
            }
        }
 public static bool Login(string username, string password)
 {
     using (SqlConnection conn = DBConnection.GetConnection())
     {
         conn.Open();
         string         sql         = "select count(*) from Emplopyee where Username='******' and Password='******' and status = 'Active'";
         SqlCommand     com         = new SqlCommand(sql, conn);
         SqlDataAdapter dataAdapter = new SqlDataAdapter(com);
         DataTable      dt          = new DataTable();
         dataAdapter.Fill(dt);
         conn.Close();
         if (dt.Rows[0][0].ToString().Equals("1"))
         {
             return(true);
         }
         return(false);
     }
 }