public static bool AuthUser(RequestLogin request)
{
using (SqlConnection con = new SqlConnection(connectionstring)) {
using (SqlCommand proc = new SqlCommand("spGetUser", con)
{
CommandType = CommandType.StoredProcedure
}) {
// HASH PASSWORD
request.Password = Security.SHA1(Security.SHA1(request.Password + Properties.Settings.Default.Secret));
proc.Parameters.Add("@username", SqlDbType.NVarChar).Value = request.Username;
proc.Parameters.AddWithValue("@password", SqlDbType.NVarChar).Value = request.Password;
try {
con.Open();
Console.WriteLine("Connection Success!");
SqlDataReader dr = proc.ExecuteReader();
while (dr.Read())
{
int dbUserId = Convert.ToInt32(dr["Id"]);
string dbUser = Convert.ToString(dr["Username"]);
string dbPassword = Convert.ToString(dr["Password"]);
User.Id = dbUserId;
User.Username = dbUser;
User.Password = dbPassword;
Console.WriteLine("Id : {0}", dbUserId);
Console.WriteLine("Username : {0}", dbUser);
Console.WriteLine("Password : {0}", dbPassword);
if (dbPassword == request.Password)
{
return(true);
}
}
return(false);
} catch (SqlException) {
Console.WriteLine("Connection Failure!");
return(false);
}
}
}
}
private void loginButton_Click(object sender, EventArgs e)
{
string username = usernameBox.Text;
string passwd = passwdBox.Text;
RequestLogin user = new RequestLogin(username, passwd);
bool VerfiedUser = Connect.AuthUser(user);
if (VerfiedUser)
{
this.Hide();
Main form = new Main();
form.Show();
}
else
{
MessageBox.Show("No user found with the provided credentials.");
}
}