Ejemplo n.º 1
0
        // populates the main user object field at the top of this class
        public string loadMainUserFromDb(string username, string password)
        {
            User user1 = new User();

            user1.userName = username;

            // making sure user exists in database
            if (db.isObjectNameInDb(user1, username))
            {
                user1 = (User)db.getObjectFromDbByName(user1, username);

                // making sure user has the correct password
                bool authenticPassword = SaltingHashing.AuthenticPass(password, user1.userPass, user1.userSalt);
                if (authenticPassword)
                {
                    // setting main user
                    mainUser = user1;
                    return("Login successful.");
                }
                else
                {
                    return("Our records do not show a user with the username and/or password entered.");
                }
            }
            else
            {
                return("Our records do not show a user with the username and/or password entered.");
            }
        }
Ejemplo n.º 2
0
        // resets user password to a random password
        public string resetPassword(string username)
        {
            // checking to see if user exists
            if (db.isObjectNameInDb(new User(), username))
            {
                User user1 = (User)db.getObjectFromDbByName(new User(), username);

                // blank string for password to concatenate with
                string tempPass = "";

                // strings to hold potential password chars
                string alphaNums = "abcdefghijklmnopqrstuvwxyz0123456789";
                string alphaCaps = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
                string specials  = "!@#$%^&*";

                Random rand = new Random();

                // concatenating password string with random picks making sure to include one uppercase and one special character
                tempPass += alphaCaps[rand.Next(0, alphaCaps.Length - 1)];
                tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
                tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
                tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
                tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
                tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)];
                tempPass += specials[rand.Next(0, specials.Length - 1)];

                // SaltingHashing is used to encrypt the password
                // First variable in CreateSaltHash can be changed to increase or decrease length of hash
                SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, tempPass);
                string         passwordHash = userHashSalt.passHash;
                string         passwordSalt = userHashSalt.passSalt;

                user1.userPass = userHashSalt.passHash;
                user1.userSalt = userHashSalt.passSalt;

                // saving user
                db.updateDbFromObjectByName(user1);

                // email informing of change
                sendEmail(user1.userEmail, "Venzi: Password Reset", "Your password has been reset to " +
                          tempPass + ". If you did not reset it yourself please contact the administrator.");

                return("A temporary password has been sent to your email.");
            }
            else
            {
                return("Our records do not show a user with this username.");
            }
        }
Ejemplo n.º 3
0
        // creates a hashed password of the passed in length and creates a salt for the password
        public static SaltingHashing CreateSaltHash(int size, string password)
        {
            var saltSize = new byte[size];
            var provider = new RNGCryptoServiceProvider();

            provider.GetNonZeroBytes(saltSize);
            var salt = Convert.ToBase64String(saltSize);

            var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltSize, 10000);
            var rawHash            = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));

            SaltingHashing hashSalt = new SaltingHashing {
                passHash = rawHash.ToString(), passSalt = salt.ToString()
            };

            return(hashSalt);
        }
Ejemplo n.º 4
0
        // creates a new user, returns string indicating success or type of error
        public string createNewUser(string username, string firstName, string lastName, string password, string usertype, string email)
        {
            // flags for each condition
            bool upper   = false;
            bool lower   = false;
            bool special = false;
            bool spaces  = false;

            // validating user entry lengths
            if (valEntry(password, PASSWORDMIN, DEFAULTMAX) && valEntry(username, USERNAMEMIN, DEFAULTMAX) &&
                valEntry(email, DEFAULTMIN, DEFAULTMAX) && valEntry(firstName, DEFAULTMIN, DEFAULTMAX) &&
                valEntry(lastName, DEFAULTMIN, DEFAULTMAX))
            {
                // for every char in password check to see if it meets each condition
                foreach (char ch in password)
                {
                    if (Char.IsUpper(ch))
                    {
                        upper = true;
                    }

                    if (Char.IsLower(ch))
                    {
                        lower = true;
                    }

                    if (!Char.IsLetterOrDigit(ch))
                    {
                        special = true;
                    }
                }

                if (upper && lower && special)
                {
                    // making sure username does not contain spaces
                    foreach (char ch in username)
                    {
                        if (Char.IsWhiteSpace(ch))
                        {
                            spaces = true;
                        }
                    }

                    if (!spaces)
                    {
                        // validating email address
                        if (sendEmail(email, "Venzi: Test", "This is a test email to validate your email address.")
                            == "The email has been sent successfully")
                        {
                            // SaltingHashing is used to encrypt the password
                            // First variable in CreateSaltHash can be changed to increase or decrease length of hash
                            SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, password);
                            string         passwordHash = userHashSalt.passHash;
                            string         passwordSalt = userHashSalt.passSalt;

                            // creating new user object
                            User newUser = new User();
                            newUser.userName      = username;
                            newUser.userFirstName = firstName;
                            newUser.userLastName  = lastName;
                            newUser.userPass      = passwordHash;
                            newUser.userTypeName  = usertype;
                            newUser.userEmail     = email;
                            newUser.userSalt      = passwordSalt;

                            // making sure email is unique
                            if (!db.isObjectNameInDb(newUser, username))
                            {
                                bool        doesEmailAlreadyExist = false;
                                List <User> allUsers = db.getAllFromTable(new User()).Cast <User>().ToList();
                                foreach (User i in allUsers)
                                {
                                    if (i.userEmail.ToString() == newUser.userEmail)
                                    {
                                        doesEmailAlreadyExist = true;
                                    }
                                }

                                // if email is unique
                                if (!doesEmailAlreadyExist)
                                {
                                    // getting new user's type to check permissions
                                    UserType newUsersType = (UserType)ApplicationManager.i.getObjectFromDbByName(new UserType(), newUser.userTypeName);

                                    string returnMessage;

                                    // if the user is attempting to pick a user type with permissions above a 2
                                    // it must be sent for approval. in the meantime it will be created as a Basic user
                                    if (newUsersType.userPermissionsLevel == 3 || newUsersType.userPermissionsLevel == 4)
                                    {
                                        UserTypeRequest request = new UserTypeRequest();
                                        request.userTypeName = newUser.userTypeName;

                                        newUser.userTypeName = "Basic";
                                        db.insertObjectIntoDb(newUser);
                                        newUser = (User)db.getObjectFromDbByName(newUser, username);

                                        request.userID = newUser.userID;
                                        db.insertObjectIntoDb(request);

                                        returnMessage = "The user has been created successfully. The user type selected requires " +
                                                        "special permission from the administrator. A request has been made. In the meantime events " +
                                                        "can be viewed under our basic user type. Please check your email for the result of the request.";
                                    }
                                    else
                                    {
                                        // if the user is attempting to pick a user type with permissions of 1 or 2 then let them
                                        db.insertObjectIntoDb(newUser);
                                        newUser = (User)db.getObjectFromDbByName(newUser, username);

                                        returnMessage = "The user has been created successfully.";
                                    }

                                    db.createItinerary(newUser);

                                    // send welcome email
                                    sendEmail(newUser.userEmail, "Venzi: Welcome",
                                              "Welcome! You will find our app to be the go-to software for planning and running a convention. " +
                                              "If you are a convention attendee you will find our app is great for scheduling " +
                                              "your own convention experience. " +
                                              "We hope you have a wonderful time.");

                                    return(returnMessage);
                                }
                                else
                                {
                                    return("This email address is already in use.");
                                }
                            }
                            else
                            {
                                return("This username already exists.");
                            }
                        }
                        else
                        {
                            return("A valid email address must be used.");
                        }
                    }
                    else
                    {
                        return("The username cannot contain spaces.");
                    }
                }
                else
                {
                    return("The password does not meet criteria.");
                }
            }
            else
            {
                return("The username, password, or email is not the correct length");
            }
        }