0

Wondering how to tweek my code to first check if an account is marked active before login. I have an SQL table with column header "Active". The data type is Bool. Here is an example of table data(see image) table

When user clicks login, the code needs to check if user is Active. If "Active" is "False", > MessageBox.Show"Account Locked"

I am a new to C#, so not sure how to go about this...Here is the login code.

 private void btnlogin_Click(object sender, EventArgs e)
    {
        if (cmbusertype.SelectedItem == null)
        {
            MessageBox.Show("Please select User Type to continue...");
            cmbusertype.Focus();
            return;
        }
        if (txtuserid.Text == "")
        {
            MessageBox.Show("Please enter your UserID...");
            txtuserid.Focus();
            return;
        }
        if (txtpassword.Text == "")
        {
            MessageBox.Show("Please enter your password...");
            txtpassword.Focus();
            return;
        }
            try
        {
            SqlConnection con = new SqlConnection(@"Data Source = (LocalDB)\MSSQLlocaldb; Initial Catalog = AdminAuthentication; Integrated Security = True"); ;
            con.Open();
            SqlCommand cmd = new SqlCommand("select * from UserRegistration where userID='" + txtuserid.Text + "' and password='" + txtpassword.Text + "'", con);
            SqlDataAdapter sda = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            sda.Fill(dt);
            string cmbItemValue = cmbusertype.SelectedItem.ToString();
                                             
            
            if (dt.Rows.Count > 0)
            {
                for (int i = 0; i < dt.Rows.Count; i++)
                {

                    if ((dt.Rows[i]["UserType"].ToString() == cmbItemValue) && (cmbusertype.SelectedIndex == 0)) //you can use 2 instead of usertype in that index because usertype column is in 2 index
                    {
                        MessageBox.Show("You are logged in as " + dt.Rows[i][6]);
                        MessageBox.Show("Displaying Admin Dashboard");
                        this.Hide();
                        AdminPanel ap = new AdminPanel();
                        ap.Show();
                    }
                   

                    else
                    {
                        MessageBox.Show("You are logged in as " + dt.Rows[i][6]);
                        MessageBox.Show("Displaying Exam Options.Good Luck!");
                        this.Hide();
                        StartTest st = new StartTest();
                        st.Show();
                    }
                    
                }
            }
            else
            {
                MessageBox.Show("Invalid username and/or Password.Please try again. \nAttempts: " + attempts + "out of 3");
                txtpassword.Clear();
                attempts++;
            }

            if (attempts == 4)
            {
                MessageBox.Show("You have reached maximum login attempts. Click 'Forgot Password' below to reset it.");
                btnlogin.Enabled = false;

            }
        }


        catch (Exception ex)
        {
            MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
    }
Joel Bwana
  • 43
  • 6
  • 2
    Do not store passwords as a plain text due to security reasons! – Maciej Los Jul 17 '20 at 12:52
  • 2
    Also parameterize your inputs to avoid SQL injection. – Nathan Champion Jul 17 '20 at 12:53
  • https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection – mjwills Jul 17 '20 at 13:02
  • You've already identified how to get values from a datarow. Why can't you just check the Active column? Something like this: `if ((bool)dt[0]["Active"] == false) { MessageBox.Show("Account Locked"); }` – WSC Jul 17 '20 at 15:16
  • Seeing SqlConnection and TextBox code in the same method......please try to put in the most basic of layering...............see https://learn.microsoft.com/en-us/dotnet/architecture/modern-web-apps-azure/common-web-application-architectures – granadaCoder Jul 17 '20 at 15:23
  • Thanks. It worked after I introduced dt.rows to your suggested solution above. – Joel Bwana Jul 17 '20 at 17:02

0 Answers0