This project was my coursework for A2 Software Systems Development, the application is a system for managing bookings on a campsite, the system is potentially multi-user however as the specification did not specify it must be this has not been tested.

The project was thousands of line of code long with the main framework class containing 3134 lines. This was my first experience of using SQL, the application written in C# (WinForms) connected to a Microsoft SQL Server database.

Code Snippets

The application had a feature where if it was running for the first time (in a given directory) that it would look for files needed to run and extract them if they did not exist, these files were stored in the program as embedded resources. The following code shows how this check was completed.

C#
public void Initialize() { ExtractDLL(); ExtractDB(); try { SqlConnection.ClearAllPools(); } catch { } } /// <summary> /// Extracts all necessary DLL libraries from a zip file stored as an embedded resource. /// </summary> public void ExtractDLL() { if (!File.Exists("System.Windows.Forms.Calendar.dll") || !File.Exists("Wilkie.dll") || !File.Exists("System.Windows.Forms.Ribbon35.dll")) { try { if (File.Exists("System.Windows.Forms.Calendar.dll")) { File.Delete("System.Windows.Forms.Calendar.dll"); } if (File.Exists("Wilkie.dll")) { File.Delete("Wilkie.dll"); } if (File.Exists("System.Windows.Forms.Ribbon35.dll")) { File.Delete("System.Windows.Forms.Ribbon35.dll"); } if (File.Exists("System.Reports.dll")) { File.Delete("System.Reports.dll"); } byte[] b = Properties.Resources.DLL; using (FileStream fs = new FileStream("DLL.zip", FileMode.Create)) { for (int i = 0; i < b.Length; i++) { fs.WriteByte(b[i]); } } ZipFile.ExtractToDirectory("DLL.zip", Directory.GetCurrentDirectory()); } catch { MessageBox.Show("An error occurred extracting necessary DLL libraries.", "Error"); } if (File.Exists("DLL.zip")) { File.Delete("DLL.zip"); } } } /// <summary> /// Extracts a blank copy of the DB from a zip file stored as an embedded resource. /// </summary> public void ExtractDB() { try { if (!File.Exists("DB.mdf") || !File.Exists("DB_log.ldf")) { if (File.Exists("DB.mdf")) { File.Delete("DB.mdf"); } if (File.Exists("DB_log.ldf")) { File.Delete("DB_log.ldf"); } byte[] b = Properties.Resources.DB; using (FileStream("DB.zip", FileMode.Create)) { for (int i = 0; i < b.Length; i++) { fs.WriteByte(b[i]); } } ZipFile.ExtractToDirectory("DB.zip", Directory.GetCurrentDirectory()); } if (File.Exists("DB.zip")) { File.Delete("DB.zip"); } } catch { MessageBox.Show("An error occurred extracting the DB.", "Error"); } }

The following code snippet shows how passwords are stored, using SHA256 encryption.

C#
using System.Security.Cryptography; /// <summary> /// Hashes password using SHA256 encryption, using the first 4 characters of their username as a salt. /// </summary> /// <param name="username"></param> /// <param name="password"></param> static string SHA256(string username, string password) { if (username.Length >= 4) { SHA256 encrypt = SHA256Managed.Create(); byte[] hashedData = encrypt.ComputeHash(Encoding.Unicode.GetBytes(string.Format("{0}{1}", username.Substring(0, 4), password))); StringBuilder sb = new StringBuilder(hashedData.Length * 2); foreach (byte b in hashedData) { sb.AppendFormat("{0:x2}", b); } return sb.ToString(); } else { return string.Empty; } }

The following code demonstrates how commands are executed on the database, in this example it is a SELECT statement however most queries are executed in a similar way.

C#
/// <summary> /// Returns a boolean value whether an Employee record exists. /// </summary> public bool Exists(int ID) { using (SqlConnection dbConnection = new SqlConnection(DB.Connection)) { using (SqlCommand dbCommand = new SqlCommand("SELECT * FROM [dbo].[Employee] WHERE ID = @id AND Active = 1", dbConnection)) { dbCommand.Parameters.AddWithValue("@id", ID); using (SqlDataAdapter dbAdapter = new SqlDataAdapter(dbCommand)) { using (DataTable dbTable = new DataTable()) { try { dbConnection.Open(); dbAdapter.Fill(dbTable); return dbTable.Rows.Count > 0; } catch { return false; } } } } } }