Пример #1
0
        private void buttonChange_Click(object sender, EventArgs e)
        {
            if (textBoxNew.Text == textBoxNewConfirm.Text)
            {
                MySqlConnection connection = Database.GetConnection();
                connection.Open();
                string       sql     = "SELECT passwordHash FROM tbl_staff WHERE username = @username;";
                MySqlCommand command = new MySqlCommand(sql, connection);
                command.Parameters.AddWithValue("@username", username);
                MySqlDataReader data = command.ExecuteReader();
                data.Read();

                if (isAdmin || (Passwords.Verify(textBoxOld.Text, data.GetString(data.GetOrdinal("passwordHash")))))
                {
                    data.Close();

                    sql     = "UPDATE tbl_staff SET passwordHash = @passwordHash WHERE username = @username;";
                    command = new MySqlCommand(sql, connection);
                    command.Parameters.AddWithValue("@username", username);
                    command.Parameters.AddWithValue("@passwordHash", Passwords.GetHash(textBoxNew.Text));
                    command.ExecuteNonQuery();
                    MessageBox.Show("Password Changed");
                    this.Close();
                }
                else
                {
                    data.Close();
                    MessageBox.Show("Incorrect current password, please try again");
                    textBoxOld.Text = "";
                }
                connection.Close();
            }
            else
            {
                MessageBox.Show("The two new passwords do not match, please try again");
                textBoxNew.Text        = "";
                textBoxNewConfirm.Text = "";
            }
        }
Пример #2
0
        private void buttonAdd_Click(object sender, EventArgs e)
        {
            string message;

            if (isUsernameValid(out message))
            {
                if (isPasswordValid(out message))
                {
                    MySqlConnection connection = Database.GetConnection();
                    connection.Open();

                    string       sql     = "INSERT INTO tbl_staff (username, passwordHash, isAdmin) VALUES (@username, @passwordHash, @isAdmin);";
                    MySqlCommand command = new MySqlCommand(sql, connection);
                    command.Parameters.AddWithValue("@username", textBoxUsername.Text);
                    command.Parameters.AddWithValue("@passwordHash", Passwords.GetHash(textBoxPassword.Text));
                    command.Parameters.AddWithValue("@isAdmin", Database.BoolToDatabase(checkBoxIsAdmin.Checked));

                    if (command.ExecuteNonQuery() == 1) //If the addition was a success
                    {
                        MessageBox.Show("User " + textBoxUsername.Text + " added successfully.", "Success");
                        shouldPopUp = false;
                        this.Close();
                    }
                    else
                    {
                        MessageBox.Show("Error: User not added", "Error");
                    }
                }
                else
                {
                    MessageBox.Show(message, "Password");
                }
            }
            else
            {
                MessageBox.Show(message, "Username");
            }
        }