//Changes the password of a user
public bool ChangePassword(int nID, string sPass)
{
if (sPass.Length == 0)
{
return(false);
}
LiteCollection <UserStructDb> aDBValues = m_db.GetCollection <UserStructDb>("users");
UserStructDb results = aDBValues.FindOne(x => x.Id == nID);
if (results == null)
{
return(false);
}
//Create new password
byte[] plaintext = Encoding.ASCII.GetBytes(sPass + sUserSalt);
// Generate additional entropy (will be used as the Initialization vector)
byte[] entropy = new byte[15];
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
rng.GetBytes(entropy);
byte[] ciphertext = ProtectedData.Protect(plaintext, entropy, DataProtectionScope.LocalMachine);
results.entropy = entropy;
results.ciphertext = ciphertext;
aDBValues.Update(results);
return(true);
}
//Store the userdatabase
public bool AddUserName(string sUser, string sPass)
{
//Do not add zero length items
if (sUser.Length == 0 || sPass.Length == 0)
{
return(false);
}
//Encrypt password
byte[] plaintext = Encoding.ASCII.GetBytes(sPass + sUserSalt);
byte[] entropy = new byte[15];
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(entropy);
}
byte[] ciphertext = ProtectedData.Protect(plaintext, entropy, DataProtectionScope.LocalMachine);
UserStructDb aUser = new UserStructDb
{
Username = sUser,
ciphertext = ciphertext,
entropy = entropy,
DisplayName = sUser
};
LiteCollection <UserStructDb> aDBValues = m_db.GetCollection <UserStructDb>("users");
// Use Linq to query documents
var results = aDBValues.FindOne(x => x.Username == sUser);
if (results != null) //If username exists, return
{
return(false); //Already exist
}
else //Add new user
{
aDBValues.EnsureIndex(x => x.Username);
aDBValues.Insert(aUser);
}
return(true);
}
//Removes a user based on the ID
public bool RemoveUser(int nID)
{
LiteCollection <UserStructDb> aDBValues = m_db.GetCollection <UserStructDb>("users");
UserStructDb results = aDBValues.FindOne(x => x.Id == nID);
if (results == null)
{
return(false);
}
//If there is only 1 user left, then ignore the delete
if (aDBValues.Count() == 1)
{
return(false);
}
//Remove the data at given ID
aDBValues.Delete(results.Id);
return(true);
}
//=====================================
//Public functions here
public bool UsernameAndPasswordMatch(string sUser, string sPass)
{
LiteCollection <UserStructDb> aDBValues = m_db.GetCollection <UserStructDb>("users");
UserStructDb results = aDBValues.FindOne(x => x.Username == sUser);
if (results == null)
{
return(false);
}
byte[] plaintext = ProtectedData.Unprotect(results.ciphertext, results.entropy, DataProtectionScope.LocalMachine);
string sDecodedPassword = Encoding.ASCII.GetString(plaintext);
//Password is case sensitive and must match exact...
if (sDecodedPassword == sPass + sUserSalt)
{
return(true);
}
else
{
return(false);
}
}