Exemplo n.º 1
0
        private void btn_login_Click(object sender, EventArgs e)
        {
            string nameInput     = txtbx_username.Text;
            string passwordInput = txtbx_password.Text;
            int    roleIndex     = cmbx_roles.SelectedIndex + 1;

            sqlConnection.Open();
            string        query         = @"SELECT s.Name, s.RoleId FROM Staff  as s 
                            WHERE s.Name='" + nameInput + "' AND Password='******' AND s.RoleId=" + roleIndex;
            SqlCommand    sqlCommand    = new SqlCommand(query, sqlConnection);
            SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();

            if (!sqlDataReader.HasRows)
            {
                MessageBox.Show("Login failed");
                txtbx_username.Clear();
                txtbx_password.Clear();
            }

            while (sqlDataReader.Read())
            {
                if (roleIndex == 1)
                {
                    MessageBox.Show("Login is successful");
                    this.Hide();
                    OfficiantForm officiantForm = new OfficiantForm(this, txtbx_username.Text);
                    officiantForm.Show();
                }
                else if (roleIndex == 2)
                {
                    MessageBox.Show("Login is successful");
                    this.Hide();
                    ManagerForm managerForm = new ManagerForm(this);
                    managerForm.Show();
                }
                else
                {
                    MessageBox.Show("Login is successful");
                }
            }
            sqlConnection.Close();
            sqlCommand.Dispose();
            sqlDataReader.Close();
        }
Exemplo n.º 2
0
        // The manager response is similar to the login for normal employees, but this time we
        // are looking for a passcode / challenge instead of employeeID and password.
        // The manager is the only one that will have a passcode so the switch statement below
        // must match up with the manager role as well...a dumbed-down, simplistic 2-in-1 validation.
        // Upon meeting the challenge, the manager form will launch. All this should prevent
        // normal users from doing things they shouldn't unless they steal the manager's phone too.

        public void ManagerResponse(int passcode)
        {
            try
            {
                SqlConnection con = new SqlConnection();
                con.ConnectionString = "Server=cis1.actx.edu;Database=project2;User Id=db2;Password = db20;";
                con.Open();

                using (SqlCommand readEmployeeRecords = con.CreateCommand())
                {
                    readEmployeeRecords.CommandText = "select * from dbo.Employee where Passcode = @Passcode;";
                    var pass = new SqlParameter("passcode", passcode);
                    readEmployeeRecords.Parameters.Add(pass);


                    using (SqlDataReader reader = readEmployeeRecords.ExecuteReader())
                    {
                        string rec = "";
                        while (reader.Read())
                        {
                            rec = reader.GetString(5);
                        }

                        switch (rec)
                        {
                        case "Manager":
                            ManagerForm man = new ManagerForm();
                            man.Show();
                            break;
                        }
                    }
                }
                con.Close();
            }

            catch (Exception err)
            {
                MessageBox.Show(err.Message);
            }
        }