private void Login_Request(object sender, RoutedEventArgs e) { String username = UsernameBox.Text; String password = passwordBox.Password; if (Validate_Credentials(username, password)) { String inputOTP = ""; InputDialogBox inputDialog = new InputDialogBox("Enter Your OTP Code:"); if (inputDialog.ShowDialog() == true) { inputOTP = inputDialog.Answer; } if (Validate_OTP(inputOTP, username)) { Messenger.Default.Send <string>("GrantedView"); } } }
private void getTOTP(string fullname) { SQLiteConnection connection = OpenConnection(); string cmdString = ""; string middlename = ""; string lastname = ""; fullname = fullname.Remove(0, fullname.IndexOf(" ") + 1); var names = fullname.Split(' '); string firstname = names[0]; if (names.Length == 2) { lastname = names[1]; cmdString = @"SELECT COUNT(*) FROM Accounts WHERE Firstname = @fname AND Lastname = @lname"; } else { middlename = names[1]; lastname = names[2]; cmdString = @"SELECT COUNT(*) FROM Accounts WHERE Firstname = @fname AND Middlename = @mname AND Lastname = @lname"; } SQLiteCommand cmd = new SQLiteCommand(cmdString, connection); cmd.Prepare(); cmd.Parameters.Add("@fname", DbType.String).Value = firstname; if (names.Length == 3) { cmd.Parameters.Add("@mname", DbType.String).Value = middlename; } cmd.Parameters.Add("@lname", DbType.String).Value = lastname; int userRecords = Convert.ToInt32(cmd.ExecuteScalar()); if (userRecords > 1) { string username = ""; MessageBox.Show("More than 1 Account was found with these credentials. Please type in the username of the account to confirm.", "Caution! Attention Required!"); bool foundAccount = false; while (!foundAccount) { InputDialogBox inputDialog = new InputDialogBox("Enter The Account Username:"******"SELECT COUNT(*) FROM Accounts WHERE Username = @user AND Firstname = @fname" + ((!string.IsNullOrEmpty(middlename) ? " AND Middlename = @mname" : "")) + " AND Lastname = @lname", connection); cmd.Prepare(); cmd.Parameters.Add("@user", DbType.String).Value = username; cmd.Parameters.Add("@fname", DbType.String).Value = firstname; if (!string.IsNullOrEmpty(middlename)) { cmd.Parameters.Add("@mname", DbType.String).Value = middlename; } cmd.Parameters.Add("@lname", DbType.String).Value = lastname; int userExists = Convert.ToInt32(cmd.ExecuteScalar()); if (userExists == 1) { foundAccount = true; } else { MessageBox.Show("User not found. Confirm username of the account and try again later.", "Error!"); return; } } cmd = new SQLiteCommand(@"SELECT OTP_Token FROM Accounts WHERE Username = @Username", connection); cmd.Prepare(); cmd.Parameters.Add("@Username", DbType.String).Value = username; string totpToken = cmd.ExecuteScalar().ToString(); ShowQRWindow showQR = new ShowQRWindow(totpToken, username); showQR.Show(); this.Close(); } else { cmdString = cmdString.Replace("COUNT(*)", "OTP_Token, Username"); cmd = new SQLiteCommand(cmdString, connection); cmd.Prepare(); cmd.Parameters.Add("@fname", DbType.String).Value = firstname; if (names.Length == 3) { cmd.Parameters.Add("@mname", DbType.String).Value = middlename; } cmd.Parameters.Add("@lname", DbType.String).Value = lastname; SQLiteDataReader reader = cmd.ExecuteReader(); string totpToken = ""; string username = ""; while (reader.Read()) { totpToken = reader[0].ToString(); username = reader[1].ToString(); } ShowQRWindow showQR = new ShowQRWindow(totpToken, username); showQR.Show(); this.Close(); } connection.Close(); }