//to create new user private void BtnCreate_Click(object sender, EventArgs e) { DB database = new DB(); HashTech hash = new HashTech(); string username = tbUser.Text; string salt = null; string password = hash.GeneratePasswordHash(tbPassword.Text, out salt); //if the password and confirm password is match if (tbPassword.Text != tbConfirmPassword.Text) { lblMessage.Text = "Password not match"; } else { DataTable table = new DataTable(); MySqlDataAdapter adapter = new MySqlDataAdapter(); MySqlCommand command = new MySqlCommand("SELECT * FROM `usertable` WHERE `username` = @user", database.GetConn()); command.Parameters.Add("@user", MySqlDbType.VarChar).Value = username; adapter.SelectCommand = command; adapter.Fill(table); //if there is no same username, create new user if (table.Rows.Count == 0) { DataTable table2 = new DataTable(); MySqlDataAdapter adapter2 = new MySqlDataAdapter(); MySqlCommand command2 = new MySqlCommand("INSERT INTO `usertable`(`Username`, `Password`,`salt`) VALUES (@user2,@password,@salt)", database.GetConn()); command2.Parameters.Add("@user2", MySqlDbType.VarChar).Value = username; command2.Parameters.Add("@password", MySqlDbType.VarChar).Value = password; command2.Parameters.Add("@salt", MySqlDbType.VarChar).Value = salt; adapter2.SelectCommand = command2; adapter2.Fill(table2); MessageBox.Show("Sucessfully create new user."); this.Hide(); MusicPlayerForm MusicPlayerForm = new MusicPlayerForm(tbUser.Text); MusicPlayerForm.Show(); } else { lblMessage.Text = "The user already exist"; } } }
//to log in user private void BtnLogin_Click(object sender, EventArgs e) { DB database = new DB(); HashTech hash = new HashTech(); //get the input string string username = tbUser.Text; string password = tbPassword.Text; database.OpenConnection(); //get the password and username MySqlCommand command = new MySqlCommand("SELECT `password`,`salt` FROM `usertable` WHERE `username` = @user", database.GetConn()); command.Parameters.Add("@user", MySqlDbType.VarChar).Value = username; MySqlDataReader login = command.ExecuteReader(); if (login.Read()) { string resultPassword = login.GetString("password"); string resultSalt = login.GetString("salt"); bool isMatch = hash.IsPasswordMatch(password, resultSalt, resultPassword); //if the hash password is match if (isMatch) { string user = tbUser.Text; this.Hide(); MusicPlayerForm MusicPlayerForm = new MusicPlayerForm(user); MusicPlayerForm.Show(); } else { lblMessage.Text = "Incorrect"; } } }