public int usernameExists(int flag, database copy)
{
/*
* Checks whether the username exists within database, and sets flag condition to display the correct error message.
*/
database temp = copy;
string userSearch = "SELECT count (*) FROM Users WHERE Users.username=@Username";
temp.myCommand.CommandText = userSearch;
temp.myCommand.Parameters.AddWithValue("@Username", username.Text.ToUpper());
Boolean test = (int)temp.myCommand.ExecuteScalar() > 0;
if (test == true)
{
datab.myCommand.Parameters.AddWithValue("user", DBNull.Value);
return(flag = 3);
}
return(flag);
}
public Profile(database temp)
{
InitializeComponent();
datab = temp;
}
public clientRentals(database data)
{
InitializeComponent();
this.data = data;
}
public Report(database data)
{
InitializeComponent();
this.data = data;
}
public AdminLandingPage(database data)
{
InitializeComponent();
this.data = data;
}
public RegisterClient(database temp)
{
InitializeComponent();
datab = temp;
}
public ProcessReturns(database data)
{
InitializeComponent();
this.data = data;
dataString = new string[carData.Columns.Count];
}
public clientLandingPage(database temp)
{
InitializeComponent();
datab = temp;
user = datab.usr;
}
public addVehicle(database temp)
{
InitializeComponent();
data = temp;
}
private void LoginButton_Click(object sender, EventArgs e)
{
/*
* datab will have all the necessary information for the connection, what it does not handle is user input for either query commands or inserting
*/
//try
//{
datab = new database(username.Text);
/*
* The following parameter block denies SQL injection, by splitting the input into parameters, which will account for random apostrophes '
*/
datab.myCommand.CommandText = "Select role from Users Where username=@User " + "and password=@Pass;";
datab.myCommand.Parameters.AddWithValue("User", username.Text.ToUpper());
datab.myCommand.Parameters.AddWithValue("Pass", password.Text);
SqlDataAdapter sda = new SqlDataAdapter(datab.myCommand);
//SqlDataAdapter sda = new SqlDataAdapter("Select role from Users Where username='******' and password='******' ", datab.myConnection);
DataTable dt = new System.Data.DataTable();
sda.Fill(dt);
datab.myCommand.Parameters.Clear();
if (dt.Rows.Count == 1)
{
switch (dt.Rows[0]["role"] as string)
{
/*
* This switch statement controls which forms are shown to the user depending on whether their role in the database is a "Client" or an "Admin". There is a default
* case included just in case an unexpected role is encountered.
*/
case ("Admin"):
case ("admin"):
{
/*
* Admin form flow handled here
*/
this.Hide();
//MessageBox.Show("This is an Admin", "ADMIN");
AdminLandingPage ALP = new AdminLandingPage(datab);
ALP.ShowDialog();
Application.Exit();
break;
}
case ("client"):
case "Client":
{
/*
* Client form flow handled here
*/
this.Hide();
clientLandingPage CLP = new clientLandingPage(datab);
CLP.ShowDialog();
Application.Exit();
break;
}
default:
{
// ... handle unexpected roles here..
MessageBox.Show("EXCEPTION: Role is neither 'Client' or 'Admin'. This is either a new Role, or an Error altogether", "EXCEPTION");
break;
}
}
}
if (dt.Rows.Count == 0)
{
MessageBox.Show("Failed to Login", "ERROR");
//Application.Exit();
}
//}
//catch
//{
//MessageBox.Show("An error has been encountered. Please try again", "ERROR");
//}
}
