Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- protected override bool ProcessCmdKey(ref Message msg, Keys keyData)
- {
- if (keyData == (Keys.Control | Keys.V))
- {
- errorProviderLogin.SetError(txtUsername, "Pasting is not allowed");
- MessageBox.Show("Pasting is not allowed...", "CTRL +V",
- MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
- errorProviderLogin.Clear();
- return true;
- }
- else
- return base.ProcessCmdKey(ref msg, keyData);
- }
- private void frmLogin_Load(object sender, EventArgs e)
- {
- txtUsername.Clear();
- txtPassword.Clear();
- }
- private void txtUsername_KeyPress(object sender, KeyPressEventArgs e)
- {
- byte num = Convert.ToByte(e.KeyChar);
- if(num == 13)
- {
- SendKeys.Send("{Tab}");
- e.Handled = true;
- }
- else if((num == 39) || (num == 34) || (num == 59))
- {
- e.Handled = true;
- }
- }
- private void txtPassword_KeyPress(object sender, KeyPressEventArgs e)
- {
- if (e.KeyChar.ToString() == "\r")
- {
- SendKeys.Send("{Tab}");
- e.Handled = true;
- }
- }
- private void btnOkay_Click(object sender, EventArgs e)
- {
- //establish connection
- SqlConnection cn = new SqlConnection();
- if (cn.State == ConnectionState.Closed)
- {
- cn.ConnectionString = "Data Source=" +
- stcSalesInv.myServer + ";Initial Catalog=" +
- stcSalesInv.myDataBase + ";Integrated Security=" +
- stcSalesInv.myIntSec + "; User ID =" + stcSalesInv.myUserID +
- "; Password =" + stcSalesInv.myPassword + ";";
- cn.Open();
- }
- SqlCommand cmd = new SqlCommand();
- SqlDataReader reader;
- //validate
- if (txtUsername.Text == "")
- {
- MessageBox.Show("Please type your username.");
- txtUsername.Focus();
- return;
- }
- else if (txtPassword.Text == "")
- {
- MessageBox.Show("Please type your password.");
- txtPassword.Focus();
- return;
- }
- //SQL Injection
- if((Regex.IsMatch(txtUsername.Text, "[\'\"\\/*-;{}()]_")== true) ||
- (Regex.IsMatch(txtUsername.Text, "[xp_]")==true ))
- {
- MessageBox.Show("The Username contains characters that may override the system.",
- "SQL INJECTION", MessageBoxButtons.OK, MessageBoxIcon.Error);
- return;
- }
- //check username and password
- try
- {
- cmd.CommandType = CommandType.Text;
- //cmd.CommandText = "SELECT Username, UserLevel " +
- //"FROM Users2 WHERE Username '" + txtUsername.Text + "' AND Password = '" + EncDec.Encrypt(txtPassword.Text, "secret") +
- // "'";
- cmd.Parameters.Add("@username", txtUsername.Text);
- cmd.Parameters.Add("@password", EncDec.Encrypt(txtPassword.Text, "secret"));
- cmd.CommandText = "SELECT Username, UserLevel " +
- " FROM Users2 WHERE Username = @username " +
- " AND Password = @password";
- cmd.Connection = cn;
- reader = cmd.ExecuteReader();
- if (reader.HasRows == false)
- {
- //stcSalesInv.ShowBar = false;
- MessageBox.Show("Please use valid username and type correct passowrd");
- return;
- }
- stcSalesInv.ShowBar = true;
- while (reader.Read())
- {
- stcSalesInv.UserName = reader.GetValue(0).ToString();
- stcSalesInv.UserLevel = reader.GetValue(1).ToString();
- }
- cn.Close();
- reader.Close();
- this.Hide();
- stcSalesInv.NewMDI.Show();
- stcSalesInv.NewMDI.Focus();
- stcSalesInv.NewMDI.Refresh();
- }
- catch (Exception errMsg)
- {
- MessageBox.Show(errMsg.Message);
- }
- }
- private void btnCancel_Click(object sender, EventArgs e)
- {
- this.Close();
- }
- private void txtUsername_MouseDown(object sender, MouseEventArgs e)
- {
- if(e.Button == MouseButtons.Right)
- {
- errorProviderLogin.SetError(txtUsername, "Right-click is not allowed");
- MessageBox.Show("Right-click is not allowed...", "MOUSE BUTTON",
- MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
- errorProviderLogin.Clear();
- return;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
