protected void checkMaximumPasswordAge()
{
SITConnect.UserProfile up = new SITConnect.UserProfile();
TimeSpan ts = DateTime.Now - Convert.ToDateTime(up.getLastPasswordChange());
if (ts.TotalMinutes >= maximumPasswordAge)
{
System.Diagnostics.Debug.WriteLine("Password past maximum password age! Need to change password to continue.");
Session["passwordError"] = "Your password has expired past the maximum password age! Please change your password to continue...";
Response.Redirect("~/ChangePassword", false);
}
System.Diagnostics.Debug.WriteLine("Minutes since last password change: " + ts.TotalMinutes.ToString());
}
protected void btn_submit_click(object sender, EventArgs e)
{
if (Session["UserID"] != null)
{
SITConnect.UserProfile up = new SITConnect.UserProfile();
string userid = Session["UserID"].ToString();
string pwd = HttpUtility.HtmlEncode(tb_PreviousPassword.Text.ToString().Trim());
string new_pwd = HttpUtility.HtmlEncode(tb_NewPassword.Text.ToString().Trim());
string confirm_new_pwd = HttpUtility.HtmlEncode(tb_NewPasswordConfirm.Text.ToString().Trim());
if (pwd == new_pwd)
{
Session["passwordError"] = "Your new password cannot be same as current password. Please try again...";
}
else
{
// Check if new passwords match
if (new_pwd == confirm_new_pwd)
{
// Check if new password meets password requirements
if (up.validatePassword(new_pwd))
{
string dbHash = up.getDBHash(userid);
string dbSalt = up.getDBSalt(userid);
try
{
if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0)
{
SHA512Managed hashing = new SHA512Managed();
string pwdWithSalt = pwd + dbSalt;
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
string currentPassHash = Convert.ToBase64String(hashWithSalt);
// SUCCESSFUL LOGIN
if (currentPassHash.Equals(dbHash))
{
// Create new password hash with salt
string new_pwdWithSalt = new_pwd + dbSalt;
byte[] new_hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(new_pwdWithSalt));
string newPassHash = Convert.ToBase64String(new_hashWithSalt);
// Check if new password hash matches 2 prior passwords (PasswordHistory)
// New password matches prior passwords, deny change of password and return error msg
if (newPassHash == up.getPasswordHistory("1") || newPassHash == up.getPasswordHistory("2"))
{
Session["passwordError"] = "Your new password must not be the same as any of your recent passwords. Please try again...";
}
// New password doesnt match prior passwords, safe to change password
else
{
try
{
using (SqlConnection con = new SqlConnection(MYDBConnectionString))
{
using (SqlCommand cmd = new SqlCommand("UPDATE Account SET PasswordHash=@PasswordHash WHERE Email=@UserID"))
{
using (SqlDataAdapter sda = new SqlDataAdapter())
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@UserID", Session["UserID"].ToString());
cmd.Parameters.AddWithValue("@PasswordHash", newPassHash);
cmd.Connection = con;
con.Open();
cmd.ExecuteNonQuery();
con.Close();
// save current passwordhash to PasswordHistory
up.savePasswordHistory(currentPassHash);
up.saveLastPasswordChange();
Logout();
}
}
}
}
catch (Exception ex)
{
//throw new Exception(ex.ToString());
//Response.Redirect("~/CustomError/Error500", true);
Response.StatusCode = 500;
Response.Flush();
Response.End();
}
}
}
else
{
Session["passwordError"] = "Something went wrong while changing your password. Please try again...";
}
}
}
catch (Exception ex)
{
//throw new Exception(ex.ToString());
//Response.Redirect("~/CustomError/Error500", true);
Response.StatusCode = 500;
Response.Flush();
Response.End();
}
}
else
{
Session["passwordError"] = "Your new password does not meet the password requirements. Please try again...";
}
}
else
{
Session["passwordError"] = "Your new passwords do not match. Please try again...";
}
}
}
if (Session["UserID"] != null)
{
Response.Redirect("~/ChangePassword", false);
}
else
{
Response.Redirect("~/Login", false);
}
}
