private void changePassword(string currpass, string newpass, string confirmpass)
{
DialogResult dr = MessageBox.Show("Are you sure you want to change your password?", "Question", MessageBoxButtons.YesNo, MessageBoxIcon.Question);
if (dr == DialogResult.Yes)
{
if (currpass == "" || newpass == "" || confirmpass == "")
{
MessageBox.Show("Fields Can\'t be blank!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
else
{
if (currpass == Variable.algopass)
{
if (newpass == confirmpass)
{
if (dbhelper.openConnection())
{
string query = "UPDATE tblaccount set password = @newpass WHERE AccountID=@id";
MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
cmd.Parameters.AddWithValue("newpass", MD5Hasher.GetMd5Hash(newpass));
cmd.Parameters.AddWithValue("id", Variable.algoid);
cmd.ExecuteNonQuery();
dbhelper.closeConnection();
}
MessageBox.Show("You have successfully changed your password!", "Succes", MessageBoxButtons.OK, MessageBoxIcon.Information);
Passwordtxt.Text = "";
CPasswordtxt.Text = "";
NPasswordtxt.Text = "";
this.Close();
MainForm Form = new MainForm();
Form.BringToFront();
}
else
{
MessageBox.Show("New password mismatched! Please Retype your new password!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
else
{
MessageBox.Show("Current password mismatched! Please Retype your current password!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
}
}
private void Editbtn_Click(object sender, EventArgs e)
{
if (txtanswer.Text == answer)
{
if (txtpassword.Text == txtnewpassword.Text)
{
if (txtpassword.Text != "")
{
if (dbhelper.openConnection())
{
try
{
string query = "UPDATE tblaccount SET password = @pass WHERE username = @user";
MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
cmd.Parameters.AddWithValue("user", txtusername.Text);
cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(txtnewpassword.Text));
cmd.ExecuteNonQuery();
MessageBox.Show("Your password is changed!", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
else
{
MessageBox.Show("New password cant\'t be blank!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
else
{
MessageBox.Show("New password mismatched!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
dbhelper.closeConnection();
}
else
{
MessageBox.Show("Answer mismatched!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
private void Login_btn_Click(object sender, EventArgs e)
{
string user = Login_txt.Text; //variable for Username
string pass = Password_Txt.Text; //variable for Password
if (user == "Enter Username" || pass == "Enter Password")
{
MessageBox.Show("Username / Password can't be blank!", "Warning", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (trials == 0 || trials <= 0)
{
MessageBox.Show("You have used all your trials!, Please restart the application!", "Login Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
this.Close();
}
else
{
Variable.userlogged = Login_txt.Text;
Variable.userpass = Password_Txt.Text;
if (dbconnection.openConnection())
{
try
{
string query = "SELECT UserStatus, AccountID FROM tblaccount WHERE username = @user AND password = @pass";
MySqlCommand cmd = new MySqlCommand(query, dbconnection.getConnection());
cmd.Parameters.AddWithValue("@user", Login_txt.Text);
cmd.Parameters.AddWithValue("@pass", MD5Hasher.GetMd5Hash(Password_Txt.Text));
MySqlDataReader reader = cmd.ExecuteReader();
int count = 0;
while (reader.Read())
{
count++;
Variable.userStatus = reader["UserStatus"].ToString();
Variable.userid = reader["AccountID"].ToString();
}
dbconnection.closeConnection();
if (count == 1)
{
trials = 3;
if (Variable.userStatus == "Staff")
{
registerToLogHistory(Variable.userid);
}
else if (Variable.userStatus == "Admin")
{
registerToLogHistory(Variable.userid);
MainForm admin = new MainForm();
admin.ShowDialog();
}
else if (Variable.userStatus == "Manager")
{
registerToLogHistory(Variable.userid);
}
else if (Variable.userStatus == "Cashier")
{
registerToLogHistory(Variable.userid);
}
Login_txt.Text = "Enter Username";
Password_Txt.Text = "Enter Password";
}
else if (count == 0)
{
MessageBox.Show("Incorrect Login Credentials", "Error", MessageBoxButtons.OK, MessageBoxIcon.Warning);
trials--;
if (trials == 0 || trials <= 0)
{
MessageBox.Show("You have used all your trials!, Please restart the application!", "Login Failed", MessageBoxButtons.OK, MessageBoxIcon.Error);
this.Close();
}
}
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
}
}
dbconnection.closeConnection();
}
}
}
private void Add_btn_Click(object sender, EventArgs e)
{
if (Add_btn.ButtonText == "Edit")
{
if (AccTypecmb.Text == "" || Usernametxt.Text == "" || Passwordtxt.Text == "" || Fnametxt.Text == "" || Mnametxt.Text == "" || Lnametxt.Text == "" || Enametxt.Text == "" || EmailAddtxt.Text == "" || Contactnotxt.Text == "" || Securityquescmb.Text == "" || Answertxt.Text == "")
{
MessageBox.Show("Fields Can't be blank!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
else
{
if (dbhelper.openConnection())
{
string query = "Update tblaccount set Username = @user, Password = @pass, UserStatus = @type, DateRegistered = @now WHERE AccountID=@id;" +
"Update tbluserinfo set U_Fname = @fname, U_Mname = @mname, U_Lname = @lname, U_Suffix = @ename, U_EmailAdd = @emailadd, U_ContactNo = @contactno WHERE AccountID=@id;" +
"Update tblanswer set QuestionID = (SELECT tblquestion.QuestionID FROM tblquestion WHERE Question = CONVERT(@question USING utf8)), Answer = @answer WHERE AccountID = @id";
MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
cmd.Parameters.AddWithValue("user", Usernametxt.Text);
cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
cmd.Parameters.AddWithValue("ename", Enametxt.Text);
cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
cmd.Parameters.AddWithValue("question", Securityquescmb.Text);
cmd.Parameters.AddWithValue("answer", Answertxt.Text);
cmd.Parameters.AddWithValue("now", DateTime.Now);
cmd.Parameters.AddWithValue("id", Variable.algoid);
cmd.ExecuteNonQuery();
}
dbhelper.closeConnection();
MessageBox.Show("Updated new Account!");
this.Close();
MainForm Form = new MainForm();
Form.BringToFront();
}
}
else if (Add_btn.ButtonText == "Add User")
{
if (Passwordtxt.Text == CPasswordtxt.Text)
{
string query1 = "Select * From tblaccount where Username ='******'";
MySqlCommand cmd1 = new MySqlCommand(query1, dbhelper.getConnection());
MySqlDataAdapter da = new MySqlDataAdapter(cmd1);
da.Fill(ds);
int i = ds.Tables[0].Rows.Count;
if (i > 0)
{
MessageBox.Show("Username " + Usernametxt.Text + " Already Exists");
ds.Clear();
}
else if (AccTypecmb.Text == "" || Usernametxt.Text == "" || Passwordtxt.Text == "" || Fnametxt.Text == "" || Mnametxt.Text == "" || Lnametxt.Text == "" || Enametxt.Text == "" || EmailAddtxt.Text == "" || Contactnotxt.Text == "" || Securityquescmb.Text == "" || Answertxt.Text == "")
{
MessageBox.Show("Fields Can't be blank!", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
else
{
dbhelper.openConnection();
if (AccTypecmb.Text == "Cashier")
{
string query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";
MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
cmd.Parameters.AddWithValue("user", Usernametxt.Text);
cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
cmd.Parameters.AddWithValue("ename", Enametxt.Text);
cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
cmd.Parameters.AddWithValue("now", DateTime.Now);
cmd.ExecuteNonQuery();
}
else if (AccTypecmb.Text == "Admin")
{
string query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";
MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
cmd.Parameters.AddWithValue("user", Usernametxt.Text);
cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
cmd.Parameters.AddWithValue("ename", Enametxt.Text);
cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
cmd.Parameters.AddWithValue("now", DateTime.Now);
cmd.ExecuteNonQuery();
}
else if (AccTypecmb.Text == "Staff")
{
string query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";
MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
cmd.Parameters.AddWithValue("user", Usernametxt.Text);
cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
cmd.Parameters.AddWithValue("ename", Enametxt.Text);
cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
cmd.Parameters.AddWithValue("now", DateTime.Now);
cmd.ExecuteNonQuery();
}
else if (AccTypecmb.Text == "Manager")
{
string query = "Insert into tblaccount(Username, Password, UserStatus, DateRegistered) VALUES (@user, @pass, @type,@now);Insert into tbluserinfo(AccountID, U_Fname, U_Mname, U_Lname, U_Suffix, U_EmailAdd, U_ContactNo) VALUES (LAST_INSERT_ID(), @fname , @mname, @lname , @ename, @emailadd, @contactno)";
MySqlCommand cmd = new MySqlCommand(query, dbhelper.getConnection());
cmd.Parameters.AddWithValue("type", AccTypecmb.Text);
cmd.Parameters.AddWithValue("user", Usernametxt.Text);
cmd.Parameters.AddWithValue("pass", MD5Hasher.GetMd5Hash(Passwordtxt.Text));
cmd.Parameters.AddWithValue("fname", Fnametxt.Text);
cmd.Parameters.AddWithValue("mname", Mnametxt.Text);
cmd.Parameters.AddWithValue("lname", Lnametxt.Text);
cmd.Parameters.AddWithValue("ename", Enametxt.Text);
cmd.Parameters.AddWithValue("emailadd", EmailAddtxt.Text);
cmd.Parameters.AddWithValue("contactno", Contactnotxt.Text);
cmd.Parameters.AddWithValue("now", DateTime.Now);
cmd.ExecuteNonQuery();
}
string query2 = "INSERT INTO tblanswer(AccountID, QuestionID, Answer) VALUES (LAST_INSERT_ID(), (SELECT tblquestion.QuestionID FROM tblquestion WHERE Question=CONVERT(@question USING utf8)), @answer)";
MySqlCommand cmd2 = new MySqlCommand(query2, dbhelper.getConnection());
cmd2.Parameters.AddWithValue("question", Securityquescmb.Text);
cmd2.Parameters.AddWithValue("answer", Answertxt.Text);
cmd2.ExecuteNonQuery();
dbhelper.closeConnection();
MessageBox.Show("Added new Account!");
this.Close();
MainForm Form = new MainForm();
Form.BringToFront();
}
}
else
{
MessageBox.Show("Password do not match!", "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
}