/// <summary> /// Resolve Sign Up button event in the Account Setting Module: /// Update new account information to the database /// </summary> private void FormSignUp_buttonSignUp_Click(object sender, EventArgs e) { if (formSignUp.ValidateSignUp(username)) { using (SQLiteConnection database = new SQLiteConnection("Data Source = Database.sqlite; Version = 3;")) { database.Open(); sql = "UPDATE ACCOUNTS " + "SET Password = @Password " + "WHERE AccountID = @AccountID;"; using (SQLiteCommand command = new SQLiteCommand(sql, database)) { command.Parameters.AddRange(new SQLiteParameter[] { new SQLiteParameter("@Username", DbType.String) { Value = formSignUp.textBoxUsername.Text }, new SQLiteParameter("@Password", DbType.String) { Value = new MD5Hashing().Encrypt(formSignUp.textBoxPassword.Text) }, new SQLiteParameter("@AccountID", DbType.Int32) { Value = accountID } }); command.ExecuteNonQuery(); } sql = "UPDATE " + accountType + "S " + "SET Forename = @Forename, " + " Surname = @Surname, " + " DateOfBirth = @DateOfBirth, " + " Email = @Email, " + " School = @School " + "WHERE AccountID = @AccountID;"; using (SQLiteCommand command = new SQLiteCommand(sql, database)) { command.Parameters.AddRange(new SQLiteParameter[] { new SQLiteParameter("@Forename", DbType.String) { Value = formSignUp.textBoxForename.Text }, new SQLiteParameter("@Surname", DbType.String) { Value = formSignUp.textBoxSurname.Text }, new SQLiteParameter("@DateOfBirth", DbType.String) { Value = formSignUp.textBoxDateOfBirth.Text }, new SQLiteParameter("@Email", DbType.String) { Value = formSignUp.textBoxEmail.Text }, new SQLiteParameter("@School", DbType.String) { Value = formSignUp.textBoxSchool.Text }, new SQLiteParameter("@AccountID", DbType.Int32) { Value = accountID } }); command.ExecuteNonQuery(); this.labelAccountName.Text = command.Parameters["@Forename"].Value.ToString() + " " + command.Parameters["@Surname"].Value.ToString(); } } formSignUp.Close(); } }
// Hashing (Group A) is implemented here private void FormSignUp_buttonSignUp_Click(object sender, EventArgs e) { if (formSignUp.ValidateSignUp("")) { int accountID; string accountType; if (formSignUp.radioButtonTeacher.Checked) { accountType = "TEACHER"; } else { accountType = "STUDENT"; } using (SQLiteConnection database = new SQLiteConnection("Data Source = Database.sqlite; Version = 3;")) { database.Open(); // Insert new account credential record sql = "INSERT INTO ACCOUNTS (Username, Password, AccountType) " + "VALUES (@Username, @Password, @AccountType);"; using (SQLiteCommand command = new SQLiteCommand(sql, database)) { command.Parameters.AddRange(new SQLiteParameter[] { new SQLiteParameter("@Username", DbType.String) { Value = formSignUp.textBoxUsername.Text }, new SQLiteParameter("@Password", DbType.String) { Value = new MD5Hashing().Encrypt(formSignUp.textBoxPassword.Text) }, new SQLiteParameter("@AccountType", DbType.String) { Value = accountType } }); command.ExecuteNonQuery(); } // Retrieve AccountID from the newly inserted account credential record sql = "SELECT AccountID FROM ACCOUNTS " + "WHERE Username = @Username;"; using (SQLiteCommand command = new SQLiteCommand(sql, database)) { command.Parameters.Add(new SQLiteParameter("@Username", DbType.String) { Value = formSignUp.textBoxUsername.Text }); using (SQLiteDataReader reader = command.ExecuteReader()) { reader.Read(); accountID = Convert.ToInt32(reader["AccountID"]); } } // Insert new personal information record, with consistent foreign key value (AccountID) sql = "INSERT INTO " + accountType + "S (Forename, Surname, DateOfBirth, Email, School, AccountID) " + "VALUES (@Forename, @Surname, @DateOfBirth, @Email, @School, @AccountID);"; using (SQLiteCommand command = new SQLiteCommand(sql, database)) { command.Parameters.AddRange(new SQLiteParameter[] { new SQLiteParameter("@Forename", DbType.String) { Value = formSignUp.textBoxForename.Text }, new SQLiteParameter("@Surname", DbType.String) { Value = formSignUp.textBoxSurname.Text }, new SQLiteParameter("@DateOfBirth", DbType.String) { Value = formSignUp.textBoxDateOfBirth.Text }, new SQLiteParameter("@Email", DbType.String) { Value = formSignUp.textBoxEmail.Text }, new SQLiteParameter("@School", DbType.String) { Value = formSignUp.textBoxSchool.Text }, new SQLiteParameter("@AccountID", DbType.Int32) { Value = accountID } }); command.ExecuteNonQuery(); } } foreach (Control control in formSignUp.Controls) { if (control is TextBox || control.Name.Contains("labelErrorMessage")) { control.ResetText(); } } formSignUp.Close(); this.Enabled = true; this.Show(); } }