protected void changePasswordButton_Click(object sender, EventArgs e) { string pass = enterNewPasswordTB.Text; // This is where the database password change would be made InputValidation iv = new InputValidation(); bool vPass = iv.VAlphaNum(pass); if (pass != confirmNewPasswordTB.Text) { errorPassU1.Text = "The passwords do not match"; } else if (pass == String.Empty) { errorPassU1.Text = "All fields are required"; } else if (pass.Length < 6) { errorPassU1.Text = "Password must be at least 6 characters"; } else if (!vPass) { errorPassU1.Text = "a-Z and 0-9 only"; } else if (pass.Length > 6 && vPass && pass == confirmNewPasswordTB.Text) { ShowNewUser(); string constr = ConfigurationManager.ConnectionStrings["CS414_FasTestConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(constr)) { using (SqlCommand cmd = new SqlCommand("Update_Password")) { // Pass the values entered to the database procedure cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@pUserID", ViewState["userID"]); cmd.Parameters.AddWithValue("@pSalt", CryptoService.GenerateSalt()); cmd.Parameters.AddWithValue("@pNewPassword", CryptoService.ComputePasswordHash(pass)); cmd.Connection = con; con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } errorPassU1.Text = string.Empty; ShowNewUser(); } }
protected void btnAddNewUser_Click(object sender, EventArgs e) { string pass = tbPassword.Text; string fName = tbFirstName.Text; string lName = tbLastName.Text; InputValidation iv = new InputValidation(); bool vPass = iv.VAlphaNum(pass); bool vfName = iv.VAlpha(fName); bool vlName = iv.VAlpha(lName); if (pass == String.Empty || fName == String.Empty || lName == String.Empty || pass.Length < 6) { if (pass == String.Empty || fName == String.Empty || lName == String.Empty) { error1.Text = "All fields are required"; } else if (pass.Length < 6) { error3.Text = "Password must be at least 6 characters"; } } else if (!vPass || vfName || vlName) { if (vPass) { error3.Text = string.Empty; } else if (!vPass) { error3.Text = "a-Z and 0-9 only"; } if (vfName) { error1.Text = "Names can only be alphabetic"; } if (vlName) { error1.Text = "Names can only be alphabetic"; } } else if (vPass && !vlName && !vfName) { string constr = ConfigurationManager.ConnectionStrings["CS414_FasTestConnectionString"].ConnectionString; using (SqlConnection con = new SqlConnection(constr)) { using (SqlCommand cmd = new SqlCommand("Add_User")) { // Pass the values entered to the database procedure cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@pPassword", CryptoService.ComputePasswordHash(pass)); cmd.Parameters.AddWithValue("@pSalt", CryptoService.GenerateSalt()); int credentialLevel = Convert.ToInt32(sctCredentialLevel.SelectedValue); cmd.Parameters.AddWithValue("@pCredentialLevel", credentialLevel); cmd.Parameters.AddWithValue("@pFirstName", fName); cmd.Parameters.AddWithValue("@pLastName", lName); cmd.Connection = con; con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } error1.Text = String.Empty; Response.Redirect("Users.aspx"); } else { error1.Text = "Alpha numeric characters only"; } }