public int usernameExists(int flag, database copy) { /* * Checks whether the username exists within database, and sets flag condition to display the correct error message. */ database temp = copy; string userSearch = "SELECT count (*) FROM Users WHERE Users.username=@Username"; temp.myCommand.CommandText = userSearch; temp.myCommand.Parameters.AddWithValue("@Username", username.Text.ToUpper()); Boolean test = (int)temp.myCommand.ExecuteScalar() > 0; if (test == true) { datab.myCommand.Parameters.AddWithValue("user", DBNull.Value); return(flag = 3); } return(flag); }
public Profile(database temp) { InitializeComponent(); datab = temp; }
public clientRentals(database data) { InitializeComponent(); this.data = data; }
public Report(database data) { InitializeComponent(); this.data = data; }
public AdminLandingPage(database data) { InitializeComponent(); this.data = data; }
public RegisterClient(database temp) { InitializeComponent(); datab = temp; }
public ProcessReturns(database data) { InitializeComponent(); this.data = data; dataString = new string[carData.Columns.Count]; }
public clientLandingPage(database temp) { InitializeComponent(); datab = temp; user = datab.usr; }
public addVehicle(database temp) { InitializeComponent(); data = temp; }
private void LoginButton_Click(object sender, EventArgs e) { /* * datab will have all the necessary information for the connection, what it does not handle is user input for either query commands or inserting */ //try //{ datab = new database(username.Text); /* * The following parameter block denies SQL injection, by splitting the input into parameters, which will account for random apostrophes ' */ datab.myCommand.CommandText = "Select role from Users Where username=@User " + "and password=@Pass;"; datab.myCommand.Parameters.AddWithValue("User", username.Text.ToUpper()); datab.myCommand.Parameters.AddWithValue("Pass", password.Text); SqlDataAdapter sda = new SqlDataAdapter(datab.myCommand); //SqlDataAdapter sda = new SqlDataAdapter("Select role from Users Where username='******' and password='******' ", datab.myConnection); DataTable dt = new System.Data.DataTable(); sda.Fill(dt); datab.myCommand.Parameters.Clear(); if (dt.Rows.Count == 1) { switch (dt.Rows[0]["role"] as string) { /* * This switch statement controls which forms are shown to the user depending on whether their role in the database is a "Client" or an "Admin". There is a default * case included just in case an unexpected role is encountered. */ case ("Admin"): case ("admin"): { /* * Admin form flow handled here */ this.Hide(); //MessageBox.Show("This is an Admin", "ADMIN"); AdminLandingPage ALP = new AdminLandingPage(datab); ALP.ShowDialog(); Application.Exit(); break; } case ("client"): case "Client": { /* * Client form flow handled here */ this.Hide(); clientLandingPage CLP = new clientLandingPage(datab); CLP.ShowDialog(); Application.Exit(); break; } default: { // ... handle unexpected roles here.. MessageBox.Show("EXCEPTION: Role is neither 'Client' or 'Admin'. This is either a new Role, or an Error altogether", "EXCEPTION"); break; } } } if (dt.Rows.Count == 0) { MessageBox.Show("Failed to Login", "ERROR"); //Application.Exit(); } //} //catch //{ //MessageBox.Show("An error has been encountered. Please try again", "ERROR"); //} }