public static void ResetPassword(int userId, string password)
{
string salt = GetUserSalt(userId);
string passwordHash = HashManager.HashSha256(password + salt);
string query = "UPDATE users " +
$"SET password = '******' " +
$"WHERE id = {userId}";
DbManager.InsertUpdateDelete(query);
}
public static void ChangePassword(int userId, string newPassword)
{
string salt = GetUserSalt(userId);
string passwordHash = HashManager.HashSha256(newPassword + salt);
const string query = "UPDATE users " +
"SET password = @password " +
"WHERE id = @id";
DbManager.PrepareQuery(query);
DbManager.BindValue("@password", passwordHash);
DbManager.BindValue("@id", userId);
DbManager.ExecutePreparedInsertUpdateDelete();
}
public (bool Result, User User) IsValid(string username, string password)
{
User user = UserManager.GetUser(username);
if (user == null)
{
return(false, null);
}
string salt = UserManager.GetUserSalt(username);
string passwordHash = HashManager.HashSha256(password + salt);
return(passwordHash == user.PasswordHash ? (true, user) : (false, null));
}
public static int CreateUser(string username, string password, int minUsernameLength, int maxUsernameLength)
{
if (GetUser(username) != null)
{
throw new UserAlreadyExitsException();
}
if (username.Length < minUsernameLength)
{
throw new UsernameTooShortException();
}
if (username.Length > maxUsernameLength)
{
throw new UsernameTooLongException();
}
string salt = HashManager.GenerateSecureRandomToken();
string passwordHash = HashManager.HashSha256(password + salt);
string query = "INSERT INTO users (username, password) VALUES " +
"(@username, @password)";
DbManager.PrepareQuery(query);
DbManager.BindValue("@username", username.ToLower());
DbManager.BindValue("@password", passwordHash);
DbManager.ExecutePreparedInsertUpdateDelete();
int userId = DbManager.GetLastId();
query = "INSERT INTO user_salt (userID, salt) VALUES " +
$"({userId}, '{salt}')";
DbManager.InsertUpdateDelete(query);
return(userId);
}