private void button1_Click(object sender, EventArgs e) { MySqlConnection conn = new MySqlConnection(_connectionString); DateTime date = DateTime.Today; DateTime hour = DateTime.Now; try { conn.Open(); string sql = "SELECT * FROM user where login = '******' and pwd = '" + SHA.petitsha(tb_pwd.Text) + "';"; MySqlCommand cmd = new MySqlCommand(sql, conn); MySqlDataReader rdr = cmd.ExecuteReader(); rdr.Read(); if (rdr.HasRows) { id = rdr[5].ToString(); login = rdr[1].ToString(); string heureCo = hour.ToString("t"); string sql2 = "INSERT INTO connexion (login,heureDebut,Date,nom,prenom) VALUES ('" + login + "','" + heureCo + "','" + date.ToString("d") + "','" + rdr[2].ToString() + "','" + rdr[1].ToString() + "');"; rdr.Close(); MySqlCommand cmd2 = new MySqlCommand(sql2, conn); MySqlDataReader rdr2 = cmd2.ExecuteReader(); rdr2.Close(); string sql3 = "SELECT id from connexion where heureDebut = '" + heureCo + "';"; MySqlCommand cmd3 = new MySqlCommand(sql3, conn); MySqlDataReader rdr3 = cmd3.ExecuteReader(); rdr3.Read(); idco = rdr3[0].ToString(); rdr3.Close(); this.DialogResult = DialogResult.OK; } else if (echec < 2) { MessageBox.Show("Login ou mot de passe incorrect !"); echec++; rdr.Close(); } else { rdr.Close(); string erreurCo = hour.ToString("t"); string sql2 = "insert into erreurco (login,date) values ('" + tb_log.Text + "','" + DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss") + "');"; MySqlCommand cmd2 = new MySqlCommand(sql2, conn); MySqlDataReader rdr2 = cmd2.ExecuteReader(); this.DialogResult = DialogResult.Cancel; } } catch (Exception ex) { MessageBox.Show(ex.ToString()); } }
public void Save() { string sqlModif; MySqlConnection conn = new MySqlConnection(_connectionString); conn.Open(); string sqlVerif = "Select * from user where id = '" + id + "';"; MySqlCommand cmdVerif = new MySqlCommand(sqlVerif, conn); MySqlDataReader rdrVerif = cmdVerif.ExecuteReader(); rdrVerif.Read(); if (rdrVerif.HasRows) { rdrVerif.Close(); if (pwd != "") { sqlModif = "Update user SET login = '******', nom = '" + nom + "', prenom = '" + prenom + "', pwd = '" + SHA.petitsha(pwd) + "', adm = '" + admin + "' where id = '" + id + "';"; } else { sqlModif = "Update user SET login = '******', nom = '" + nom + "', prenom = '" + prenom + "', adm = '" + admin + "' where id = '" + id + "';"; } MySqlCommand cmdModif = new MySqlCommand(sqlModif, conn); cmdModif.ExecuteNonQuery(); } else { rdrVerif.Close(); string sql = "INSERT INTO `user` (`login`,nom,prenom, pwd, `adm`) VALUES ('" + login + "', '" + nom + "','" + prenom + "','" + SHA.petitsha(pwd) + "', '" + admin + "');"; MySqlCommand cmd = new MySqlCommand(sql, conn); MySqlDataReader rdr = cmd.ExecuteReader(); rdr.Close(); } conn.Close(); }