private void VerifyLogin()
{
//verify that user account exists
if (userNameTextBox.Text.Length > 0 && passwordTextBox.Text.Length > 0)
// query table for user
using (OdbcConnection conn = new OdbcConnection(connectionString))
{
conn.Open();
string query = "SELECT userId, shotpeenRead, magRead, edmRead, stressRelieveRead, role, shotpeenWrite, magWrite, edmWrite, stressRelieveWrite, password\n" +
"FROM ATIDelivery.dbo.CertUserLogIns\n" +
"WHERE userID = '" + userNameTextBox.Text.Trim().ToLower() + "' AND status = 'Active'";
OdbcCommand com = new OdbcCommand(query, conn);
OdbcDataReader reader = com.ExecuteReader();
if (reader.Read())
{
byte[] enteredPasswordHashByes = System.Text.Encoding.Default.GetBytes(reader.GetString(10));
PasswordHash hash = new PasswordHash(enteredPasswordHashByes);
if (hash.Verify(passwordTextBox.Text))
{
this.Hide();
Form mainForm = new MainWindow(reader.GetString(0),
reader.GetFieldType(1) == typeof(bool) ? reader.GetBoolean(1) : Convert.ToBoolean(reader.GetByte(1)),
reader.GetFieldType(2) == typeof(bool) ? reader.GetBoolean(2) : Convert.ToBoolean(reader.GetByte(2)),
reader.GetFieldType(3) == typeof(bool) ? reader.GetBoolean(3) : Convert.ToBoolean(reader.GetByte(3)),
reader.GetFieldType(4) == typeof(bool) ? reader.GetBoolean(4) : Convert.ToBoolean(reader.GetByte(4)),
reader.GetString(5).Equals("admin"),
reader.GetFieldType(6) == typeof(bool) ? reader.GetBoolean(6) : Convert.ToBoolean(reader.GetByte(6)),
reader.GetFieldType(7) == typeof(bool) ? reader.GetBoolean(7) : Convert.ToBoolean(reader.GetByte(7)),
reader.GetFieldType(8) == typeof(bool) ? reader.GetBoolean(8) : Convert.ToBoolean(reader.GetByte(8)),
reader.GetFieldType(9) == typeof(bool) ? reader.GetBoolean(9) : Convert.ToBoolean(reader.GetByte(9)));
mainForm.FormClosed += (s, args) => this.Close();
mainForm.Show();
}
else
MessageBox.Show("Invalid password and/or username\nMake user that user account is currently active.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
MessageBox.Show("Invalid password and/or username\nMake user that user account is currently active.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
MessageBox.Show("Username and password fields cannnot be empty", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
private void SubmitForm()
{
// check that textboxes aren't empty
if (userNameTextBox.Text.Length == 0 || passwordTextBox.Text.Length == 0)
{
MessageBox.Show("Username and password cannot have length 0", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
// check that username doesn't already exist
using (OdbcConnection conn = new OdbcConnection(connectionString))
{
conn.Open();
string query = "SELECT *\n" +
"FROM ATIDelivery.dbo.CertUserLogIns\n" +
"WHERE userID = '" + userNameTextBox.Text.Trim().ToLower() + "';";
OdbcCommand com = new OdbcCommand(query, conn);
OdbcDataReader reader = com.ExecuteReader();
// if a row exists then username is already taken
if (reader.Read())
{
MessageBox.Show("Username already exists. Please select a different username", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
// convert passwords
PasswordHash hash = new PasswordHash(passwordTextBox.Text);
byte[] password = hash.ToArray();
// else submit userdata
query = "INSERT INTO ATIDelivery.dbo.CertUserLogIns\n" +
"VALUES (\n" +
"'" + userNameTextBox.Text + "',\n" +
"'" + System.Text.Encoding.Default.GetString(password).ToString() + "',\n" +
"'Active',\n" +
"'operator',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[0].Cells[0].Value) + "',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[1].Cells[0].Value) + "',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[2].Cells[0].Value) + "',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[3].Cells[0].Value) + "',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[0].Cells[1].Value) + "',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[1].Cells[1].Value) + "',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[2].Cells[1].Value) + "',\n" +
"'" + Convert.ToByte(dataGridView1.Rows[3].Cells[1].Value) + "'\n" +
");";
com = new OdbcCommand(query, conn);
if (com.ExecuteNonQuery() == 1)
MessageBox.Show("User has been succesfully registered!", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
else
MessageBox.Show("Cannot commit user to database. Please contact IT support for help.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
this.Close();
}
