public static bool AuthUser(RequestLogin request) { using (SqlConnection con = new SqlConnection(connectionstring)) { using (SqlCommand proc = new SqlCommand("spGetUser", con) { CommandType = CommandType.StoredProcedure }) { // HASH PASSWORD request.Password = Security.SHA1(Security.SHA1(request.Password + Properties.Settings.Default.Secret)); proc.Parameters.Add("@username", SqlDbType.NVarChar).Value = request.Username; proc.Parameters.AddWithValue("@password", SqlDbType.NVarChar).Value = request.Password; try { con.Open(); Console.WriteLine("Connection Success!"); SqlDataReader dr = proc.ExecuteReader(); while (dr.Read()) { int dbUserId = Convert.ToInt32(dr["Id"]); string dbUser = Convert.ToString(dr["Username"]); string dbPassword = Convert.ToString(dr["Password"]); User.Id = dbUserId; User.Username = dbUser; User.Password = dbPassword; Console.WriteLine("Id : {0}", dbUserId); Console.WriteLine("Username : {0}", dbUser); Console.WriteLine("Password : {0}", dbPassword); if (dbPassword == request.Password) { return(true); } } return(false); } catch (SqlException) { Console.WriteLine("Connection Failure!"); return(false); } } } }
private void loginButton_Click(object sender, EventArgs e) { string username = usernameBox.Text; string passwd = passwdBox.Text; RequestLogin user = new RequestLogin(username, passwd); bool VerfiedUser = Connect.AuthUser(user); if (VerfiedUser) { this.Hide(); Main form = new Main(); form.Show(); } else { MessageBox.Show("No user found with the provided credentials."); } }