private void btnLoginAuthentication_Click(object sender, EventArgs e) { //Check for empty field if (!string.IsNullOrEmpty(txtCode.Text)) { //Check if unique code matche if (uniqueCode == txtCode.Text) { //Check if 5 minutes have passed since the code was created if (DateTime.Now.Minute > (dateTimeCode.Minute + 5)) { //Notify user - code expired MessageBox.Show("The unique code is no longer valid. \n Authentication failed!"); } else { //Create main form Form_Main mainForm = new Form_Main(user); //Hide this form Hide(); //Show main form mainForm.ShowDialog(); //Close this form Close(); } } else { MessageBox.Show("Invalid code."); } } else { MessageBox.Show("No code has been added!"); } }
private void btnLogin_Click(object sender, EventArgs e) { //Check input validation if (!ValidationError()) { //Check for sql injection if (!SqlInjectionDetected()) { //Check if email is valid if (emailChecker.CheckEmail(txtEmail.Text)) { //Create query to selecte the user's info string query = "SELECT * FROM users WHERE email = @email and password = @password"; //Create table to store the data from database DataTable dt = db.QueryReader(query, p => { p.Add("@email", DbType.String).Value = encrypt.EncryptData(txtEmail.Text); p.Add("@password", DbType.String).Value = encrypt.EncryptData(txtPassword.Text); }); //Check for result (empty returns means there is no row) if (dt.Rows.Count != 0) { //Store the data from datatabase string dbEmail = dt.Rows[0]["email"].ToString(); string dbPassword = dt.Rows[0]["password"].ToString(); string dbId = dt.Rows[0]["ID"].ToString(); string dbFirstName = dt.Rows[0]["first_name"].ToString(); string dbLastName = dt.Rows[0]["last_name"].ToString(); bool dbMultiFactorAuth = (bool)dt.Rows[0]["two_factor_authentication"]; //Check for second time if email and password are correct if (encrypt.DecryptData(dbEmail) == txtEmail.Text && encrypt.DecryptData(dbPassword) == txtPassword.Text) { //Check if user object is created if (user == null) { //Create user object user = new User(); } //Initialise all properties with the data from database user.Id = Convert.ToInt32(dbId); user.FirstName = dbFirstName; user.LastName = dbLastName; user.Email = dbEmail; user.Password = dbPassword; user.MultiFactorAuthentication = dbMultiFactorAuth; if (!user.MultiFactorAuthentication) { //Create main form Form_Main mainForm = new Form_Main(user); //Hide this form Hide(); //Show main form mainForm.ShowDialog(); //Close this form Close(); } else { panelEmail.Visible = true; lblMauthTile.Text = "Authentication code"; lblMsgMauth.Visible = false; txtCode.Visible = true; //Create a random code uniqueCode = CreateRandomCode(10); //Create a time to determinate when the code was created dateTimeCode = DateTime.Now; //Create a query to insert the code into database query = "Update unique_codes SET code = @code, time = @time WHERE user_id = @userID"; //Query the database. add parameters db.NonQuery(query, p => { p.Add("@userID", DbType.Int32).Value = user.Id; p.Add("@code", DbType.String).Value = uniqueCode; p.Add("@time", DbType.DateTime).Value = dateTimeCode; }); Task.Run(() => { //Send email to the user with the created code emailServices.SendEmail(encrypt.DecryptData(user.Email), uniqueCode); }); MessageBox.Show("Multi factor authentication is enabled. An email has been send with a validation code."); } } else { //Notify user whne passowrd or email is wrong from second check (databse result) MessageBox.Show("Email or password is wrong!"); } } else { //Notify user whne passowrd or email is wrong from first check (user's input) MessageBox.Show("Email or password is wrong!"); } } else { //Notifiy user- invalid email MessageBox.Show("Invalid email"); } } } else { //Notify user when is empty field MessageBox.Show("You must complete all fields"); } }