protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
{
if (FormsAuthentication.CookiesSupported == true)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
try
{
//let us take out the username now
string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
string signInType = "";
if (Request.Cookies["UserCookie"] != null)
{
var cookie = Request.Cookies["UserCookie"];
signInType = ClassHashing.basicDecryption(cookie.Values["SignInType"].ToString());
}
//let us extract the roles from our own custom cookie
string roles = UserVerification.GetUserRoles(username, signInType);
//Let us set the Pricipal with our user specific details
e.User = new System.Security.Principal.GenericPrincipal(
new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
byte[] generatedSalt = ClassHashing.generateSalt();
byte[] hashPassword = ClassHashing.generateSaltedHash(txtPassword.Text, generatedSalt);
//string abc = "Salt:" + Convert.ToBase64String(generatedSalt) + "\n";
//abc = abc + "hashedPassword 1:" + Convert.ToBase64String(hashPassword) + "\n";
//abc = abc + "hashedPassword 2:" + Convert.ToBase64String(ClassHashing.generateSaltedHash(TextBox3.Text, generatedSalt));
//Button1.Text = abc;
try
{
SqlConnection conPrint;
string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
conPrint = new SqlConnection(connStr);
conPrint.Open();
string strInsert;
SqlCommand cmdInsert;
strInsert = "Insert Into Customer (CustomerName, CustomerEmail, CustomerPassword, CustomerDOB, CustomerPhoneNo, CustomerContactMethod, CustomerSalt) Values ( @CustomerName, @CustomerEmail, @CustomerPassword, @CustomerDOB, @CustomerPhoneNo, @CustomerContactMethod, @CustomerSalt)";
cmdInsert = new SqlCommand(strInsert, conPrint);
//cmdInsert.Parameters.AddWithValue("@CustomerID", TextBox6.Text); (not neccessary as database will handle with trigger)
cmdInsert.Parameters.AddWithValue("@CustomerName", txtName.Text);
cmdInsert.Parameters.AddWithValue("@CustomerEmail", txtEmail.Text);
cmdInsert.Parameters.AddWithValue("@CustomerPassword", hashPassword);
cmdInsert.Parameters.AddWithValue("@CustomerDOB", Convert.ToDateTime(txtDOB.Text));
cmdInsert.Parameters.AddWithValue("@CustomerPhoneNo", txtPhoneNumber.Text);
cmdInsert.Parameters.AddWithValue("@CustomerContactMethod", rblMethod.SelectedValue);
cmdInsert.Parameters.AddWithValue("@CustomerSalt", generatedSalt);
int n = cmdInsert.ExecuteNonQuery();
if (n > 0)
{
MessageBox.Show("Sign up done. Redirecting to homepage.", "Congratulation !!",
MessageBoxButtons.OK,
MessageBoxIcon.Exclamation,
MessageBoxDefaultButton.Button1);
//Response.Write("<script LANGUAGE='JavaScript' >alert('Register Successfully')</script>");
Response.Redirect("Login.aspx");
}
else
{
Response.Write("<script LANGUAGE='JavaScript' >alert('sign up failded')</script>");
}
conPrint.Close();
}
catch (SqlException ex)
{
Response.Write("<script LANGUAGE='JavaScript' >alert('Something gone wrong with the database.')</script>");
}
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
if (ViewState["StaffID"] != null)
{
SqlConnection conPrintDB;
string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
conPrintDB = new SqlConnection(connStr);
conPrintDB.Open();
try
{
string strUpdate;
SqlCommand cmdUpdate;
strUpdate = "Update CompanyStaff SET StaffPassword = @password ,StaffSalt = @salt WHERE StaffID = @staffID";
byte[] generatedSalt = ClassHashing.generateSalt();
byte[] hashPassword = ClassHashing.generateSaltedHash(txtPassword.Text, generatedSalt);
cmdUpdate = new SqlCommand(strUpdate, conPrintDB);
cmdUpdate.Parameters.AddWithValue("@password", hashPassword);
cmdUpdate.Parameters.AddWithValue("@salt", generatedSalt);
cmdUpdate.Parameters.AddWithValue("@staffID", ClassHashing.basicDecryption((string)ViewState["StaffID"]));
int n = cmdUpdate.ExecuteNonQuery();
if (n > 0)
{
Response.Write("<script LANGUAGE='JavaScript' >alert('Successfully activated your account. Redirecting to login page.')</script>");
Response.Redirect("Login.aspx");
}
else
{
lblMessage.Text = "Unable to update account inforation. Please try again later.";
messageHolder.Visible = true;
}
}
catch (Exception ex)
{
lblMessage.Text = "An error occured when setting the password to the account :" + ex.ToString();
messageHolder.Visible = true;
}
finally
{
conPrintDB.Close();
}
}
else
{
lblMessage.Text = "Unable to retrieve account inforation. Please try again later.";
messageHolder.Visible = true;
}
}
protected void Button2_Click(object sender, EventArgs e)
{
try
{
if (txtNewPassword.Text.Equals(txtComfirmPassword.Text))
{
byte[] generatedSalt = ClassHashing.generateSalt();
byte[] hashPassword = ClassHashing.generateSaltedHash(txtNewPassword.Text, generatedSalt);
//received customerID from forgetPassword.
string customerID = (string)(Session["CustomerID"]);
SqlConnection conPrint;
string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
conPrint = new SqlConnection(connStr);
conPrint.Open();
string strInsert;
SqlCommand cmdInsert;
strInsert = "Update Customer SET CustomerPassword = @CustomerPassword, CustomerSalt = @CustomerSalt WHERE CustomerID = @customerID";
cmdInsert = new SqlCommand(strInsert, conPrint);
cmdInsert.Parameters.AddWithValue("@CustomerPassword", hashPassword);
cmdInsert.Parameters.AddWithValue("@CustomerSalt", generatedSalt);
cmdInsert.Parameters.AddWithValue("@customerID", customerID);
int n = cmdInsert.ExecuteNonQuery();
conPrint.Close();
Response.Write("<script LANGUAGE='JavaScript' >alert('Successful ResetPassword.')</script>");
Response.Redirect("Login.aspx");
}
else
{
Response.Write("<script LANGUAGE='JavaScript' >alert('Comfirm Password invalid.')</script>");
}
}
catch {
Response.Write("<script LANGUAGE='JavaScript' >alert('Please fill in the password.')</script>");
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
try
{
if (Request.QueryString["VC"] != null)
{
string verificationCode = Request.QueryString["VC"];
string staffID = UserVerification.activateStaff(verificationCode);
if (staffID != null)
{
showPassForm();
messageHolder.Visible = false;
ViewState["StaffID"] = ClassHashing.basicEncryption(staffID);
}
else
{
lblMessage.Text = "The link is not valid. Please make sure you get the right link.";
messageHolder.Visible = true;
hidePassForm();
}
}
else
{
lblMessage.Text = "The link is not valid. Please make sure you get the right link.";
messageHolder.Visible = true;
hidePassForm();
}
} catch (Exception ex)
{
lblMessage.Text = "The link is not valid. Please make sure you get the right link.";
messageHolder.Visible = true;
hidePassForm();
}
}
}
protected void btnCompanySubmit_Click1(object sender, EventArgs e)
{
byte[] generatedSalt = ClassHashing.generateSalt();
byte[] hashPassword = ClassHashing.generateSaltedHash(txtStaffPassword.Text, generatedSalt);
//try
//{
SqlConnection conPrint;
SqlConnection conOwner;
string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
conPrint = new SqlConnection(connStr);
conOwner = new SqlConnection(connStr);
conPrint.Open();
string strInsert;
SqlCommand cmdInsert;
strInsert = "Insert Into Company (CompanyName, CompanyAddress, CompanyContactNo, CompanyEmail) Values ( @CompanyName, @CompanyAddress, @CompanyContactNo, @CompanyEmail);SELECT MAX(CompanyID) from Company where CompanyName=@CompanyName and CompanyContactNo=@CompanyContactNo ";
cmdInsert = new SqlCommand(strInsert, conPrint);
cmdInsert.Parameters.AddWithValue("@CompanyName", txtName.Text);
cmdInsert.Parameters.AddWithValue("@CompanyAddress", txtAddress.Text);
cmdInsert.Parameters.AddWithValue("@CompanyContactNo", txtContNo.Text);
cmdInsert.Parameters.AddWithValue("@CompanyEmail", txtEmail.Text);
var getCompanyId = cmdInsert.ExecuteScalar();
if (getCompanyId != null)
{
conOwner.Open();
string strOwnerInsert;
SqlCommand cmdCompanyInsert;
strOwnerInsert = "Insert Into CompanyStaff (StaffName, StaffEmail, StaffPassword, StaffNRIC, StaffDOB, StaffPhoneNo, StaffSalt, StaffRole, CompanyID) Values ( @StaffName, @StaffEmail, @StaffPassword, @StaffNRIC, @StaffDOB, @StaffPhoneNo, @StaffSalt, @StaffRole, @CompanyID)";
cmdCompanyInsert = new SqlCommand(strOwnerInsert, conOwner);
cmdCompanyInsert.Parameters.AddWithValue("@StaffName", txtStaffName.Text);
cmdCompanyInsert.Parameters.AddWithValue("@StaffEmail", txtStaffEmail.Text);
cmdCompanyInsert.Parameters.AddWithValue("@StaffPassword", hashPassword);
cmdCompanyInsert.Parameters.AddWithValue("@StaffNRIC", txtStaffNRIC.Text);
cmdCompanyInsert.Parameters.AddWithValue("@StaffDOB", Convert.ToDateTime(txtCalender.Text));
cmdCompanyInsert.Parameters.AddWithValue("@StaffPhoneNo", txtStaffPhoneNumber.Text);
cmdCompanyInsert.Parameters.AddWithValue("@StaffSalt", generatedSalt);
cmdCompanyInsert.Parameters.AddWithValue("@StaffRole", UserVerification.ROLE_ADMIN);
cmdCompanyInsert.Parameters.AddWithValue("@CompanyID", getCompanyId);
cmdCompanyInsert.ExecuteNonQuery();
conOwner.Close();
Response.Write("<script LANGUAGE='JavaScript' >alert('Login Successful')</script>");
Response.Redirect("~/Login.aspx");
}
else
{
Response.Write("<script LANGUAGE='JavaScript' >alert('sign up failded')</script>");
}
conPrint.Close();
//}
//catch (SqlException ex)
//{
// Response.Write("<script LANGUAGE='JavaScript' >alert('Something gone wrong with the database.')</script>");
//}
}
