// populates the main user object field at the top of this class
public string loadMainUserFromDb(string username, string password)
{
User user1 = new User();
user1.userName = username;
// making sure user exists in database
if (db.isObjectNameInDb(user1, username))
{
user1 = (User)db.getObjectFromDbByName(user1, username);
// making sure user has the correct password
bool authenticPassword = SaltingHashing.AuthenticPass(password, user1.userPass, user1.userSalt);
if (authenticPassword)
{
// setting main user
mainUser = user1;
return("Login successful.");
}
else
{
return("Our records do not show a user with the username and/or password entered.");
}
}
else
{
return("Our records do not show a user with the username and/or password entered.");
}
}
// resets user password to a random password
public string resetPassword(string username)
{
// checking to see if user exists
if (db.isObjectNameInDb(new User(), username))
{
User user1 = (User)db.getObjectFromDbByName(new User(), username);
// blank string for password to concatenate with
string tempPass = "";
// strings to hold potential password chars
string alphaNums = "abcdefghijklmnopqrstuvwxyz0123456789";
string alphaCaps = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
string specials = "!@#$%^&*";
Random rand = new Random();
// concatenating password string with random picks making sure to include one uppercase and one special character
tempPass += alphaCaps[rand.Next(0, alphaCaps.Length - 1)];
tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
tempPass += specials[rand.Next(0, specials.Length - 1)];
// SaltingHashing is used to encrypt the password
// First variable in CreateSaltHash can be changed to increase or decrease length of hash
SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, tempPass);
string passwordHash = userHashSalt.passHash;
string passwordSalt = userHashSalt.passSalt;
user1.userPass = userHashSalt.passHash;
user1.userSalt = userHashSalt.passSalt;
// saving user
db.updateDbFromObjectByName(user1);
// email informing of change
sendEmail(user1.userEmail, "Venzi: Password Reset", "Your password has been reset to " +
tempPass + ". If you did not reset it yourself please contact the administrator.");
return("A temporary password has been sent to your email.");
}
else
{
return("Our records do not show a user with this username.");
}
}
// creates a hashed password of the passed in length and creates a salt for the password
public static SaltingHashing CreateSaltHash(int size, string password)
{
var saltSize = new byte[size];
var provider = new RNGCryptoServiceProvider();
provider.GetNonZeroBytes(saltSize);
var salt = Convert.ToBase64String(saltSize);
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltSize, 10000);
var rawHash = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
SaltingHashing hashSalt = new SaltingHashing {
passHash = rawHash.ToString(), passSalt = salt.ToString()
};
return(hashSalt);
}
// creates a new user, returns string indicating success or type of error
public string createNewUser(string username, string firstName, string lastName, string password, string usertype, string email)
{
// flags for each condition
bool upper = false;
bool lower = false;
bool special = false;
bool spaces = false;
// validating user entry lengths
if (valEntry(password, PASSWORDMIN, DEFAULTMAX) && valEntry(username, USERNAMEMIN, DEFAULTMAX) &&
valEntry(email, DEFAULTMIN, DEFAULTMAX) && valEntry(firstName, DEFAULTMIN, DEFAULTMAX) &&
valEntry(lastName, DEFAULTMIN, DEFAULTMAX))
{
// for every char in password check to see if it meets each condition
foreach (char ch in password)
{
if (Char.IsUpper(ch))
{
upper = true;
}
if (Char.IsLower(ch))
{
lower = true;
}
if (!Char.IsLetterOrDigit(ch))
{
special = true;
}
}
if (upper && lower && special)
{
// making sure username does not contain spaces
foreach (char ch in username)
{
if (Char.IsWhiteSpace(ch))
{
spaces = true;
}
}
if (!spaces)
{
// validating email address
if (sendEmail(email, "Venzi: Test", "This is a test email to validate your email address.")
== "The email has been sent successfully")
{
// SaltingHashing is used to encrypt the password
// First variable in CreateSaltHash can be changed to increase or decrease length of hash
SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, password);
string passwordHash = userHashSalt.passHash;
string passwordSalt = userHashSalt.passSalt;
// creating new user object
User newUser = new User();
newUser.userName = username;
newUser.userFirstName = firstName;
newUser.userLastName = lastName;
newUser.userPass = passwordHash;
newUser.userTypeName = usertype;
newUser.userEmail = email;
newUser.userSalt = passwordSalt;
// making sure email is unique
if (!db.isObjectNameInDb(newUser, username))
{
bool doesEmailAlreadyExist = false;
List <User> allUsers = db.getAllFromTable(new User()).Cast <User>().ToList();
foreach (User i in allUsers)
{
if (i.userEmail.ToString() == newUser.userEmail)
{
doesEmailAlreadyExist = true;
}
}
// if email is unique
if (!doesEmailAlreadyExist)
{
// getting new user's type to check permissions
UserType newUsersType = (UserType)ApplicationManager.i.getObjectFromDbByName(new UserType(), newUser.userTypeName);
string returnMessage;
// if the user is attempting to pick a user type with permissions above a 2
// it must be sent for approval. in the meantime it will be created as a Basic user
if (newUsersType.userPermissionsLevel == 3 || newUsersType.userPermissionsLevel == 4)
{
UserTypeRequest request = new UserTypeRequest();
request.userTypeName = newUser.userTypeName;
newUser.userTypeName = "Basic";
db.insertObjectIntoDb(newUser);
newUser = (User)db.getObjectFromDbByName(newUser, username);
request.userID = newUser.userID;
db.insertObjectIntoDb(request);
returnMessage = "The user has been created successfully. The user type selected requires " +
"special permission from the administrator. A request has been made. In the meantime events " +
"can be viewed under our basic user type. Please check your email for the result of the request.";
}
else
{
// if the user is attempting to pick a user type with permissions of 1 or 2 then let them
db.insertObjectIntoDb(newUser);
newUser = (User)db.getObjectFromDbByName(newUser, username);
returnMessage = "The user has been created successfully.";
}
db.createItinerary(newUser);
// send welcome email
sendEmail(newUser.userEmail, "Venzi: Welcome",
"Welcome! You will find our app to be the go-to software for planning and running a convention. " +
"If you are a convention attendee you will find our app is great for scheduling " +
"your own convention experience. " +
"We hope you have a wonderful time.");
return(returnMessage);
}
else
{
return("This email address is already in use.");
}
}
else
{
return("This username already exists.");
}
}
else
{
return("A valid email address must be used.");
}
}
else
{
return("The username cannot contain spaces.");
}
}
else
{
return("The password does not meet criteria.");
}
}
else
{
return("The username, password, or email is not the correct length");
}
}