Пример #1
0
        private void btnClick(object sender, RoutedEventArgs e)
        {
            user = txtUser.Text;
            if (txtUser.Text == "" && txtPassword.Password == "")
            {
                txtUser.Focus();
            }
            else if (txtPassword.Password == "")
            {
                MessageBox.Show("No Password input");
                txtPassword.Focus();
            }
            else if (txtUser.Text == "")
            {
                MessageBox.Show("No Username input!");
                txtUser.Focus();
            }
            else
            {
                SqlCeConnection conn = DBUtils.GetDBConnection();
                conn.Open();
                Nullable <int> loginAttempts;
                int            userLevel;

                using (SqlCeCommand cmd = new SqlCeCommand("Select loginAttempts FROM Accounts WHERE userID = @userID", conn))
                {
                    cmd.Parameters.AddWithValue("@userID", user);
                    loginAttempts = Convert.ToInt32(cmd.ExecuteScalar());
                }

                if (loginAttempts < 5)
                {
                    string un = txtUser.Text;
                    string pw = txtPassword.Password;

                    using (SqlCeCommand cmd = new SqlCeCommand("Select * from Accounts where userID = @userID AND Password = @password", conn))
                    {
                        cmd.Parameters.AddWithValue("@userID", un);
                        cmd.Parameters.AddWithValue("@password", pw);
                        SqlCeDataReader dr = cmd.ExecuteResultSet(ResultSetOptions.Scrollable);

                        if (dr.Read())
                        {
                            string lName, fName, mName;
                            lName = dr.GetString(2);
                            fName = dr.GetString(3);
                            mName = dr.GetString(4);

                            using (SqlCeCommand cmd2 = new SqlCeCommand("UPDATE Accounts SET loginAttempts = 0", conn))
                            {
                                int ordinal = 0;
                                ordinal   = dr.GetOrdinal("userLevel");
                                userLevel = dr.GetInt32(ordinal);
                                dr.Close();
                                dr.Dispose();
                                cmd2.ExecuteNonQuery();
                                MessageBox.Show("Login Successful");
                                Log = LogManager.GetLogger("userLogin");
                                Log.Info(" Account Name: " + txtUser.Text + " has logged in.");
                            }
                        }

                        else
                        {
                            using (SqlCeCommand cmd2 = new SqlCeCommand("Select userID from Accounts where userID = @userID", conn))
                            {
                                cmd2.Parameters.AddWithValue("@userID", un);
                                dr.Close();
                                dr.Dispose();
                                dr = cmd2.ExecuteReader();
                                int    ordinal = 0;
                                string value   = "";

                                if (dr.Read())
                                {
                                    ordinal = dr.GetOrdinal("userID");
                                    value   = dr.GetString(ordinal);
                                    if (value.Equals(un))
                                    {
                                        using (SqlCeCommand cmd3 = new SqlCeCommand("UPDATE Accounts SET loginAttempts = loginAttempts + 1 WHERE userID = @un", conn))
                                        {
                                            cmd3.Parameters.AddWithValue("@un", un);
                                            dr.Close();
                                            dr.Dispose();
                                            cmd3.ExecuteNonQuery();
                                            cmd3.Dispose();
                                        }
                                    }
                                }
                            }
                            MessageBox.Show("User ID or Password is invalid");
                            return;
                        }
                    }
                    Hide();
                    new Main(userLevel, un).ShowDialog();
                    txtPassword.Password = "";
                    txtUser.Text         = "";
                    ShowDialog();
                }
                else
                {
                    user = txtUser.Text;
                    string           sMessageBoxText = "Due to multiple login attempts, your account has been locked. \nPlease unlock it to continue.";
                    string           sCaption        = "Account Recovery";
                    MessageBoxButton btnMessageBox   = MessageBoxButton.YesNoCancel;
                    MessageBoxImage  icnMessageBox   = MessageBoxImage.Warning;

                    MessageBoxResult dr = MessageBox.Show(sMessageBoxText, sCaption, btnMessageBox, icnMessageBox);

                    switch (dr)
                    {
                    case MessageBoxResult.Yes:
                        SqlCeConnection cnn = DBUtils.GetDBConnection();
                        cnn.Open();
                        string question = "", answer = "";
                        int    ordinal = 0;


                        using (SqlCeCommand cmd = new SqlCeCommand("Select securityQuestion, securityAnswer from Accounts where userID = @userID", cnn))
                        {
                            cmd.Parameters.AddWithValue("@userID", user);
                            using (DbDataReader reader = cmd.ExecuteReader())
                            {
                                reader.Read();
                                ordinal  = reader.GetOrdinal("securityQuestion");
                                question = reader.GetString(ordinal);
                                ordinal  = reader.GetOrdinal("securityAnswer");
                                answer   = reader.GetString(ordinal);
                            }
                        }
                        Account_Recovery ar = new Account_Recovery(question);
                        if (ar.ShowDialog() == true)
                        {
                            string input = ar.Answer;
                            if (input.Equals(answer))
                            {
                                using (SqlCeCommand cmd2 = new SqlCeCommand("UPDATE Accounts SET loginAttempts = 0 WHERE userID = @un", conn))
                                {
                                    cmd2.Parameters.AddWithValue("@un", user);
                                    cmd2.ExecuteNonQuery();
                                }
                                MessageBoxResult cp = MessageBox.Show("Account has been unlocked. Would you like to change password ?", "Change Password", btnMessageBox, icnMessageBox);
                                switch (cp)
                                {
                                case MessageBoxResult.Yes:
                                    Hide();
                                    new ForgotPassword(user).ShowDialog();
                                    ShowDialog();
                                    break;

                                case MessageBoxResult.No:
                                    break;
                                }
                            }
                            else
                            {
                                MessageBox.Show("Your answer is incorrect, please try again.");
                            }
                        }
                        break;

                    case MessageBoxResult.No: break;
                    }
                }
            }
        }
Пример #2
0
        private void updateViolations()
        {
            SqlCeConnection conn = DBUtils.GetDBConnection();

            conn.Open();
            if (txtViolate.Text == "Departmental")
            {
                using (SqlCeCommand sql = new SqlCeCommand("Select ViolationType, ViolationName from ViolationDetails where ViolationType ='Departmental'", conn))
                {
                    using (DbDataReader reader = sql.ExecuteResultSet(ResultSetOptions.Scrollable))
                    {
                        if (reader.HasRows)
                        {
                            cmbViolationName.Items.Clear();
                            cmbViolationName.Items.Add("ALL");
                            while (reader.Read())
                            {
                                string ViolationName = reader["ViolationName"].ToString();
                                cmbViolationName.Items.Add(ViolationName);
                            }
                        }
                    }
                }
            }
            else if (txtViolate.Text == "Institutional")
            {
                using (SqlCeCommand sql = new SqlCeCommand("Select ViolationType, ViolationName from ViolationDetails where ViolationType ='Institutional'", conn))
                {
                    using (DbDataReader reader = sql.ExecuteResultSet(ResultSetOptions.Scrollable))
                    {
                        if (reader.HasRows)
                        {
                            cmbViolationName.Items.Clear();
                            cmbViolationName.Items.Add("ALL");
                            while (reader.Read())
                            {
                                string ViolationName = reader["ViolationName"].ToString();
                                cmbViolationName.Items.Add(ViolationName);
                            }
                        }
                    }
                }
            }
            else if (txtViolate.Text == "Academic")
            {
                using (SqlCeCommand sql = new SqlCeCommand("Select ViolationType, ViolationName from ViolationDetails where ViolationType ='Academic'", conn))
                {
                    using (DbDataReader reader = sql.ExecuteResultSet(ResultSetOptions.Scrollable))
                    {
                        if (reader.HasRows)
                        {
                            cmbViolationName.Items.Clear();
                            cmbViolationName.Items.Add("ALL");
                            while (reader.Read())
                            {
                                string ViolationName = reader["ViolationName"].ToString();
                                cmbViolationName.Items.Add(ViolationName);
                            }
                        }
                    }
                }
            }
            conn.Close();
        }