private void btnRegister_Click(object sender, EventArgs e)
{
if (txtUsername.Text == "" || txtPassword.Text == "")
{
MessageBox.Show("Both fields are required");
}
else
{
dbh.TestConnection();
dbh.OpenConnectionToDB();
bool exist = false;
using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username", dbh.GetCon()))
{
cmd.Parameters.AddWithValue("Username", txtUsername.Text);
exist = (int)cmd.ExecuteScalar() > 0;
}
if (exist)
{
MessageHandler.ShowMessage("This user already exists.");
}
else
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin]) VALUES (@Username, @Password, @IsAdmin)"))
{
cmd.Parameters.AddWithValue("Username", txtUsername.Text);
cmd.Parameters.AddWithValue("Password", txtPassword.Text);
cmd.Parameters.AddWithValue("IsAdmin", 0);
cmd.Connection = dbh.GetCon();
cmd.ExecuteNonQuery();
}
string username = txtUsername.Text;
string password = txtPassword.Text;
txtUsername.Text = "";
txtPassword.Text = "";
using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND Password = @Password", dbh.GetCon()))
{
cmd.Parameters.AddWithValue("Username", username);
cmd.Parameters.AddWithValue("Password", password);
exist = (int)cmd.ExecuteScalar() > 0;
}
if (exist)
{
bool admin;
using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) from [tblUsers] WHERE Username = @Username AND IsAdmin = 1", dbh.GetCon()))
{
cmd.Parameters.AddWithValue("Username", username);
admin = (int)cmd.ExecuteScalar() > 0;
}
dbh.CloseConnectionToDB();
if (admin)
{
frmAdmin.Show();
}
else
{
frmPlayer = new frmPlayer(frmRanking, username);
frmPlayer.Show();
//frmPlayer.Show();
}
}
else
{
dbh.CloseConnectionToDB();
MessageHandler.ShowMessage("Wrong username and/or password.");
}
}
dbh.CloseConnectionToDB();
}
}
private void btnRegister_Click(object sender, EventArgs e)
{
// This is letting the user to make an account.
if (txtUsername.Text == "" || txtPassword.Text == "")
{
// This shows a message is the files are empty.
MessageBox.Show("Both fields are required");
}
else
{
// Making sure that the username doesn't exists in the database.
dbh.TestConnection();
dbh.OpenConnectionToDB();
bool exist = false;
using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username", dbh.GetCon()))
{
cmd.Parameters.AddWithValue("Username", txtUsername.Text);
exist = (int)cmd.ExecuteScalar() > 0;
}
if (exist)
{
// This shows a message if the user already exists.
MessageHandler.ShowMessage("This user already exists.");
}
else
{
// This is Elton's secret account.
string user = txtUsername.Text.ToLower();
if (user == "Ninja")
{
dbh.CloseConnectionToDB();
string password = txtPassword.Text;
string userName = txtUsername.Text;
int admin = 2;
int score = 0;
// Preparing array to initialize later.
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
// The hashing formula is executed 10000 times just to be sure that the security level is high.
Rfc2898DeriveBytes passwordToHash = new Rfc2898DeriveBytes(password, salt, 10000);
byte[] hashArray = passwordToHash.GetBytes(20);
// Copys the value of an byte array and paste them in an other array.
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hashArray, 0, hashBytes, 16, 20);
// Converting hashed password to a string.
string savedPasswordHash = Convert.ToBase64String(hashBytes);
string sql = "INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin], [Score]) VALUES ('" + userName + "', '" + savedPasswordHash + "', '" + admin + "', '" + score + "')";
dbh.Execute(sql);
}
else
{
// Password hashing for registering.
dbh.CloseConnectionToDB();
string password = txtPassword.Text;
string userName = txtUsername.Text;
// Preparing array to initialize later.
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
// The hashing formula is executed 10000 times just to be sure that the security level is high.
Rfc2898DeriveBytes passwordToHash = new Rfc2898DeriveBytes(password, salt, 10000);
byte[] hashArray = passwordToHash.GetBytes(20);
// Copys the value of an byte array and paste them in an other array.
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hashArray, 0, hashBytes, 16, 20);
// Converting hashed password to a string.
int admin = 0;
int score = 0;
string savedPasswordHash = Convert.ToBase64String(hashBytes);
string sql = "INSERT INTO [tblUsers] ([Username], [Password], [IsAdmin], [Score]) VALUES ('" + userName + "', '" + savedPasswordHash + "', '" + admin + "', '" + score + "')";
dbh.Execute(sql);
}
}
dbh.CloseConnectionToDB();
}
}
private void btnLoadData_Click(object sender, EventArgs e)
{
if (!(txtPath.Text == null))
{
dbh.OpenConnectionToDB();
StreamReader sr = new StreamReader(txtPath.Text);
if (tableSelector.Text == "")
{
MessageHandler.ShowMessage("you have to select an table.");
}
else if (tableSelector.Text == "matches")
{
string data = sr.ReadLine();
while (data != null)
{
string[] value = data.Split(',');
int homeTeam = Convert.ToInt32(value[1]);
int awayTeam = Convert.ToInt32(value[2]);
int scoreHome = Convert.ToInt32(value[3]);
int scoreAway = Convert.ToInt32(value[4]);
data = sr.ReadLine();
using (SqlCommand cmd = new SqlCommand("INSERT INTO TblGames ( HomeTeam, AwayTeam, HomeTeamScore, AwayTeamScore) VALUES (@homeTeam, @awayTeam, @scoreHome, @scoreAway)"))
{
cmd.Parameters.AddWithValue("@homeTeam", homeTeam);
cmd.Parameters.AddWithValue("@awayTeam", awayTeam);
cmd.Parameters.AddWithValue("@scoreHome", scoreHome);
cmd.Parameters.AddWithValue("@scoreAway", scoreAway);
cmd.Connection = dbh.GetCon();
cmd.ExecuteNonQuery();
MessageHandler.ShowMessage("data insert has been succeeded");
dbh.CloseConnectionToDB();
}
}
}
else if (tableSelector.Text == "players")
{
string data = sr.ReadLine();
while (data != null)
{
string[] value = data.Split(',');
int id = Convert.ToInt32(value[0]);
string name = value[3];
string newName = name.Trim('"');
string surname = value[4];
string newSurname = surname.Trim('"');
int goalScored = Convert.ToInt32(value[5]);
int team_id = Convert.ToInt32(value[2]);
data = sr.ReadLine();
using (SqlCommand cmd = new SqlCommand("INSERT INTO TblPlayers (Name, Surname, GoalsScored, Team_id) VALUES (@name, @surname, @goalScored, @Team_id)"))
{
cmd.Parameters.AddWithValue("@name", newName);
cmd.Parameters.AddWithValue("@surname", newSurname);
cmd.Parameters.AddWithValue("@goalScored", goalScored);
cmd.Parameters.AddWithValue("@Team_id", team_id);
cmd.Connection = dbh.GetCon();
cmd.ExecuteNonQuery();
MessageHandler.ShowMessage("data insert has been succeeded");
dbh.CloseConnectionToDB();
}
}
MessageHandler.ShowMessage("data insert has been succeeded");
dbh.CloseConnectionToDB();
}
else if (tableSelector.Text == "teams")
{
string data = sr.ReadLine();
while (data != null)
{
string[] value = data.Split(',');
int Teamid = Convert.ToInt32(value[0]);
int temp = Convert.ToInt32(value[1]);
string TeamName = value[2];
data = sr.ReadLine();
DataTable teamId = dbh.FillDT("SELECT Team_id FROM TblTeams");
for (int i = 0; i < teamId.Rows.Count; i++)
{
DataRow rowTeamId = teamId.Rows[0];
int checkTeamId = Convert.ToInt32(rowTeamId[0]);
if (checkTeamId == Teamid)
{
MessageHandler.ShowMessage("there is already an team with that team id");
Hide();
}
else if (checkTeamId != Teamid)
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO TblTeams (Team_id, TeamName) VALUES (@Teamid, @teamname)"))
{
dbh.OpenConnectionToDB();
cmd.Parameters.AddWithValue("@Teamid", Teamid);
cmd.Parameters.AddWithValue("@teamName", TeamName);
cmd.Connection = dbh.GetCon();
cmd.ExecuteNonQuery();
}
}
}
}
MessageHandler.ShowMessage("data insert has been succeeded");
dbh.CloseConnectionToDB();
}
else
{
MessageHandler.ShowMessage("No filename selected.");
dbh.CloseConnectionToDB();
}
}
}
private void btnLogin_Click(object sender, EventArgs e)
{
// This is letting the user to log in and go towards the form where he/she belongs.
dbh.TestConnection();
dbh.OpenConnectionToDB();
bool exist = false;
string username = txtUsername.Text;
string password = txtPassword.Text;
// Getting hashed password from database.
using (SqlCommand cmd = new SqlCommand("SELECT Password FROM TblUsers WHERE Username = @Username", dbh.GetCon()))
{
cmd.Parameters.AddWithValue("Username", username);
this.gettingHashedPassword = Convert.ToString(cmd.ExecuteScalar());
}
// Comparing password from user input and saved password in database.
using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND Password = @Password", dbh.GetCon()))
{
cmd.Parameters.AddWithValue("Username", username);
cmd.Parameters.AddWithValue("Password", this.gettingHashedPassword);
exist = (int)cmd.ExecuteScalar() > 0;
}
if (exist)
{
bool admin;
using (SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM [tblUsers] WHERE Username = @Username AND IsAdmin = 1", dbh.GetCon()))
{
cmd.Parameters.AddWithValue("Username", username);
admin = (int)cmd.ExecuteScalar() > 0;
}
dbh.CloseConnectionToDB();
if (admin)
{
frmAdmin.Show();
}
else
{
frmPlayer = new frmPlayer(frmRanking, username);
frmPlayer.Show();
}
}
else
{
// This shows a message if the username and or password is wrong.
MessageHandler.ShowMessage("Wrong username and/or password.");
}
dbh.CloseConnectionToDB();
}
