Пример #1
0
        private void btnCreateAccount_Click(object sender, EventArgs e)
        {
            if (IsValidData())
            {
                try
                {
                    //sql connection
                    SqlConnection conn    = new SqlConnection(connString);
                    SqlCommand    command = conn.CreateCommand();
                    command.CommandText = "INSERT INTO [user] (username, password) VALUES (@username, @password) ";
                    command.Parameters.AddWithValue("@username", txtUsername.Text);
                    command.Parameters.AddWithValue("@password", Utilis.hashPassword(txtPassword.Text));

                    conn.Open();

                    if (command.ExecuteNonQuery() > 0)
                    {
                        // we created the user record
                        command.CommandText = "SELECT user_id FROM [user] WHERE username = @username ";

                        int user_id = (int)command.ExecuteScalar();

                        command.CommandText = "INSERT INTO user_account (account_user_id, account_name,account_gender, account_dob, " +
                                              " account_phone,   account_type, account_notes, account_creation_date  )" +
                                              "VALUES (@user_id, @name,@account_gender, @dob, @phone, @type, @notes, @date)";

                        command.Parameters.Clear();
                        command.Parameters.AddWithValue("@user_id", user_id);
                        command.Parameters.AddWithValue("@name", txtName.Text);
                        command.Parameters.AddWithValue("@account_gender", cmbGender.SelectedItem.ToString());
                        command.Parameters.AddWithValue("@dob", dtpDOB.Value.ToString());
                        command.Parameters.AddWithValue("@phone", txtPhone.Text);
                        command.Parameters.AddWithValue("@type", cmbType.SelectedIndex);
                        command.Parameters.AddWithValue("@notes", rchNotes.Text);
                        command.Parameters.AddWithValue("@date", DateTime.Now);

                        if (command.ExecuteNonQuery() > 0)
                        {
                            //All good, account created
                            MessageBox.Show("Account was successfully created");

                            txtUsername.Clear();
                            txtPassword.Clear();
                            txtName.Clear();
                            txtPhone.Clear();
                            rchNotes.Clear();
                            //cmbType.Items.Clear();
                        }
                        else
                        {
                            MessageBox.Show("Error while creating account");
                        }
                    }
                    else
                    {
                        MessageBox.Show("Error while creating account");
                    }

                    conn.Close();

                    updateList("");
                }
                catch (Exception ex)
                {
                    MessageBox.Show(ex.Message);
                }
            }
        }
Пример #2
0
        private void btnLogin_Click_1(object sender, EventArgs e)
        {
            if (IsValidData())
            {
                using (conn = new SqlConnection(connString))
                {
                    try
                    {
                        ////dataAdapter = new SqlDataAdapter(@"SELECT account_role, account_id FROM [user_account] JOIN [user]
                        ////                                    ON [user_account].user_id = [user].user_id
                        ////                                 WHERE username='******' and password='******' ", conn);

                        SqlCommand command = conn.CreateCommand();
                        //command.CommandText = @"SELECT account_type, account_id FROM [user_account] JOIN [user]
                        //                                    ON [user_account].account_user_id = [user].user_id
                        //                                 WHERE username=@username and password=@password";

                        command.CommandText = @"SELECT user_id FROM [user] WHERE username=@username and password=@password";

                        command.Parameters.AddWithValue("@username", txtUsername.Text);
                        command.Parameters.AddWithValue("@password", Utilis.hashPassword(txtPassword.Text));
                        //command.Parameters.AddWithValue("@password", txtPassword.Text);

                        //table = new System.Data.DataTable();
                        //dataAdapter.Fill(table);

                        conn.Open();
                        var result = command.ExecuteScalar();
                        conn.Close();



                        if (result != null)
                        {
                            //Authenticate

                            if (txtUsername.Text == "admin")
                            {
                                //Admin Panel
                                Hide();
                                AdminPanel adminPanel = new AdminPanel();
                                adminPanel.ShowDialog();
                                Show();
                            }
                            else
                            {
                                conn.Open();
                                command.CommandText = "Select account_id, account_type From user_account Where account_user_id = @user_id ";
                                command.Parameters.AddWithValue("@user_id", result.ToString());
                                SqlDataReader reader = command.ExecuteReader();


                                if (reader.Read())
                                {
                                    int account_id   = reader.GetInt32(0);
                                    int account_type = reader.GetInt32(1);


                                    conn.Close();

                                    if (account_type == 0)
                                    {
                                        //Nurse Panel
                                        Hide();
                                        NursePanel nursePanel = new NursePanel(account_id);
                                        nursePanel.ShowDialog();
                                        Show();
                                        Clear();
                                    }
                                    else if (account_type == 1)
                                    {
                                        //Doctor Panel
                                        Hide();

                                        DoctorPanel doctorPanel = new DoctorPanel(account_id);
                                        doctorPanel.ShowDialog();
                                        Show();
                                        Clear();
                                    }
                                }
                            }
                        }
                        else
                        {
                            //Authentication failure
                            MessageBox.Show("Invalid Username and Password");
                            Clear();
                            txtUsername.Focus();
                        }
                    }
                    catch (Exception ex)
                    {
                        MessageBox.Show(ex.Message);
                    }
                }
            }
        }