private void btnLogin_Click(object sender, EventArgs e)
{
Main mn = new Main();
string user, pass;
user = txtUser.Text;
pass = txtPass.Text;
if (txtUser.Text == "" && txtPass.Text == "")
{
txtUser.Focus();
MessageBox.Show("No input!");
}
else if (txtPass.Text == "")
{
MessageBox.Show("No Password input");
txtPass.Focus();
}
else if (txtUser.Text == "")
{
MessageBox.Show("No Username input!");
txtUser.Focus();
}
else
{
SqlConnection conn = DBUtils.GetDBConnection();
conn.Open();
Nullable <int> loginAttempts;
int userLevel;
using (SqlCommand cmd = new SqlCommand("Select loginAttempts FROM Accounts WHERE userID = @userID", conn))
{
cmd.Parameters.AddWithValue("@userID", user);
loginAttempts = Convert.ToInt32(cmd.ExecuteScalar());
}
if (loginAttempts < 5)
{
string un = txtUser.Text;
string pw = txtPass.Text;
using (SqlCommand cmd = new SqlCommand("Select * from Accounts where userID = @userID AND Password = @password", conn))
{
cmd.Parameters.AddWithValue("@userID", un);
cmd.Parameters.AddWithValue("@password", pw);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
string lName, fName, mName;
dr.Read();
lName = dr.GetString(2);
fName = dr.GetString(3);
mName = dr.GetString(4);
SqlCommand cmd2 = new SqlCommand("UPDATE Accounts SET loginAttempts = 0", conn);
int ordinal = 0;
//dr.Read();
ordinal = dr.GetOrdinal("userLevel");
userLevel = dr.GetInt32(ordinal);
dr.Close();
dr.Dispose();
cmd2.ExecuteNonQuery();
MessageBox.Show("Login Successful");
using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"C:\Logs\ActivityLogs.txt", true))
{
string time = DateTime.Now.ToString();
file.WriteLine(time + " Account Name: " + lName + ", " + fName + " " + mName + " has logged in.");
}
}
else
{
using (SqlCommand cmd2 = new SqlCommand("Select userID from Accounts where userID = @userID", conn))
{
cmd2.Parameters.AddWithValue("@userID", un);
dr.Close();
dr.Dispose();
dr = cmd2.ExecuteReader();
int ordinal = 0;
string value = "";
if (dr.Read())
{
ordinal = dr.GetOrdinal("userID");
value = dr.GetString(ordinal);
if (value.Equals(un))
{
SqlCommand cmd3 = new SqlCommand("UPDATE Accounts SET loginAttempts += 1 WHERE userID = @un", conn);
cmd3.Parameters.AddWithValue("@un", un);
dr.Close();
dr.Dispose();
cmd3.ExecuteNonQuery();
cmd3.Dispose();
}
}
}
MessageBox.Show("User ID or Password is invalid");
return;
}
}
txtPass.Text = "";
txtUser.Text = "";
mn.Activated += new EventHandler(mn_Activated);
mn.FormClosed += new FormClosedEventHandler(mn_FormClosed);
if (userLevel == 2)
{
mn.permission = false;
}
else
{
mn.permission = true;
}
mn.Show();
}
else
{
DialogResult dr = MessageBox.Show("Due to multiple login attempts, your account has been locked. \nWould you like to unlock it?", "Account Recovery", MessageBoxButtons.YesNo);
switch (dr)
{
case DialogResult.Yes:
SqlConnection cnn = DBUtils.GetDBConnection();
cnn.Open();
string question = "", answer = "";
int ordinal = 0;
using (SqlCommand cmd = new SqlCommand("Select * from Accounts where userID = @userID", cnn))
{
cmd.Parameters.AddWithValue("@userID", txtUser.Text);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
ordinal = reader.GetOrdinal("securityQuestion");
question = reader.GetString(ordinal);
ordinal = reader.GetOrdinal("securityAnswer");
answer = reader.GetString(ordinal);
}
reader.Close();
}
string input = Interaction.InputBox(question, "Account Recovery", "");
if (input.Equals(answer))
{
SqlCommand cmd2 = new SqlCommand("UPDATE Accounts SET loginAttempts = 0 WHERE userID = @un", cnn);
cmd2.Parameters.AddWithValue("@un", txtUser.Text);
cmd2.ExecuteNonQuery();
cmd2.Dispose();
MessageBox.Show("Account has been unlocked");
}
else
{
MessageBox.Show("Your answer is wrong");
}
break;
case DialogResult.No: break;
}
}
//Validation codes END
}
}