private void login_button_Click(object sender, EventArgs e) { string user = textBox1.Text; string pass = textBox2.Text; connection.Open(); string cmd = "select _username, _password, _pin, _ballance, _hash, _phoneNr from Users where _username=@user"; SqlCommand command = new SqlCommand(cmd, connection); command.Parameters.AddWithValue("@user", user); SqlDataReader reader = command.ExecuteReader(); if (reader.Read()) { acc.user_name = reader["_username"].ToString(); acc.pass = reader["_password"].ToString(); int p; int.TryParse(reader["_pin"].ToString(), out p); acc.pin = p; long b; long.TryParse(reader["_ballance"].ToString(), out b); acc.ballance = b; acc.hash = reader["_hash"].ToString(); acc.phone = reader["_phoneNr"].ToString(); } reader.Close(); connection.Close(); if (acc.user_name != null) { string passDecripted = Cripting.Decrypt(acc.pass, acc.hash); if (passDecripted == pass) { isLoggedIn = 1; if (checkPhoneverification(acc.phone, Cripting.GetRandomAlphanumericString(4))) { status_label.Text = " Login successful"; Form2 f2 = new Form2(acc); f2.Show(); this.Hide(); } else { status_label.Text = "message code incorrect"; } } else { status_label.Text = "username or password incorrect"; } } }
public void createAccount() { string username = "******"; string password = "******"; string pin = "1234"; string phone = "+1234567890"; string hash = username.GetHashCode().ToString() + password.GetHashCode().ToString(); string passEncripted = Cripting.Encrypt(password, hash); SqlConnection connection = new SqlConnection("Data Source = DESKTOP ; Initial Catalog = bankAccounts ; Integrated Security=True"); connection.Open(); string comm = "Insert into Users values ('" + username + "', '" + passEncripted + "', " + pin + ", 0, '" + hash + "', '" + phone + "')"; SqlCommand commandCreate = new SqlCommand(comm, connection); commandCreate.ExecuteNonQuery(); connection.Close(); }