private void btnlogin_Click(object sender, EventArgs e)
{
if (txtusername.Text.Equals(string.Empty) || txtpassword.Text.Equals(""))
{
label3.Text = "กรุณากรอก ชื่อผู้ใช้ และ รหัสผ่าน";
}
else
{
comUser comUser = new comUser();
enUser enUser=new enUser();
enUser.username=txtusername.Text;
enUser.password=txtpassword.Text;
string ret = comUser.checkUser(enUser);
if (!ret.Equals("false"))
{
this.Hide();
mainForm mainForm = new mainForm();
mainForm.setstatusbar(comUser.selectUserByuserID(Convert.ToInt16(ret)).Tables[0].Rows[0]["name"].ToString());
mainForm.Show();
}
else
{
label3.Text = "ชื่อผู้ใช้ หรือ รหัสผ่าน ไม่ถูกต้อง";
txtusername.Focus();
txtusername.SelectionStart = 0;
txtusername.SelectionLength=txtusername.TextLength;
}
}
}
public string checkUser(enUser enUser)
{
try
{
str = "SELECT * FROM users WHERE username=@username AND password=@password AND status=1;";
Dbcmd = db.GetSqlStringCommand(str);
db.AddInParameter(Dbcmd, "@username", DbType.String, enUser.username);
db.AddInParameter(Dbcmd, "@password", DbType.String, enUser.password);
dt = db.ExecuteDataSet(Dbcmd).Tables[0];
if (dt.Rows.Count != 0)
{
return dt.Rows[0]["userID"].ToString();
}
else
{
return "false";
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
public Boolean insertUser(enUser enUser)
{
try
{
str = "INSERT INTO users (name,lastname,username,password,status)VALUES(@name,@lastname,@username,@password,@status);";
Dbcmd = db.GetSqlStringCommand(str);
db.AddInParameter(Dbcmd, "@name", DbType.String, enUser.name);
db.AddInParameter(Dbcmd, "@lastname", DbType.String, enUser.lastname);
db.AddInParameter(Dbcmd, "@username", DbType.String, enUser.username);
db.AddInParameter(Dbcmd, "@password", DbType.String, enUser.password);
db.AddInParameter(Dbcmd, "@status", DbType.Int32, enUser.status);
db.ExecuteNonQuery(Dbcmd);
return true;
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
public Boolean updateUser(enUser enUser)
{
try
{
str = "UPDATE users SET name=@name,lastname=@lastname,username=@username,password=@password,status=@status WHERE userID=@userID;";
Dbcmd = db.GetSqlStringCommand(str);
db.AddInParameter(Dbcmd, "@name", DbType.String, enUser.name);
db.AddInParameter(Dbcmd, "@lastname", DbType.String, enUser.lastname);
db.AddInParameter(Dbcmd, "@username", DbType.String, enUser.username);
db.AddInParameter(Dbcmd, "@password", DbType.String, enUser.password);
db.AddInParameter(Dbcmd, "@status", DbType.Int32, enUser.status);
db.AddInParameter(Dbcmd, "@userID", DbType.Int32, enUser.userID);
db.ExecuteNonQuery(Dbcmd);
return true;
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
