/// <summary>
/// Event handler to click to save the new password into the database
/// </summary>
/// <param name="sender">The parameter is not used.</param>
/// <param name="e">The parameter is not used.</param>
private void BtnSaveNewPasswordClick(object sender, EventArgs e)
{
try
{
using (var context = new db_sft_2172Entities())
{
var userQuery = from u in context.Users
where u.UserID.Equals(Program.CurrentUser)
select u;
var userResult = userQuery.FirstOrDefault();
if (SaltedHash.Verify(userResult.PasswordSalt, userResult.Password, this.txtCurrentPassword.Text))
{
if (!string.IsNullOrEmpty(this.txtNewPassword.Text) ||
!string.IsNullOrEmpty(this.txtConfirmPassword.Text))
{
if (this.txtNewPassword.Text == this.txtConfirmPassword.Text)
{
// Generate salt and salted hash
SaltedHash sh = new SaltedHash(this.txtNewPassword.Text);
userResult.Password = sh.Hash;
userResult.PasswordSalt = sh.Salt;
userResult.ResetPassword = null;
context.SaveChanges();
this.txtCurrentPassword.Text = string.Empty;
this.txtNewPassword.Text = string.Empty;
this.txtConfirmPassword.Text = string.Empty;
MessageBox.Show(@"Your passsword has been saved!");
this.Close();
}
else
{
MessageBox.Show(@"Passwords do not match!");
}
}
else
{
MessageBox.Show(@"New password or confirm password is empty!");
}
}
else
{
MessageBox.Show(@"Your current password is incorrect!");
}
}
}
catch (SqlException sqlEx)
{
MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
/// <summary>
/// Event handler to set temporary access code
/// </summary>
/// <param name="sender">The parameter is not used.</param>
/// <param name="e">The parameter is not used.</param>
private void BtnUpdateClick(object sender, EventArgs e)
{
// Verify that the two entered passwords match
if (!this.txtTempCode.Text.Equals(this.txtConfirmTempCode.Text))
{
MessageBox.Show(@"Sorry, the temporary passwords do not match. Please try again!");
// Clear the password boxes
this.txtTempCode.Text = string.Empty;
this.txtConfirmTempCode.Text = string.Empty;
this.txtTempCode.Focus();
}
else if (this.txtTempCode.Text.Equals(string.Empty))
{
MessageBox.Show(@"Please enter a temporary password.");
// Clear the password boxes
this.txtTempCode.Text = string.Empty;
this.txtConfirmTempCode.Text = string.Empty;
this.txtTempCode.Focus();
}
else
{
// Find current user, then update password in database
try
{
using (var context = new db_sft_2172Entities())
{
// Run query to get user data
var userQuery = from users in context.Users
where users.UserID.Equals(this.CurrentUserId)
select users;
User currentUser = userQuery.FirstOrDefault();
if (currentUser != null)
{
// Generate salt and salted hash
SaltedHash sh = new SaltedHash(this.txtTempCode.Text);
currentUser.Password = sh.Hash;
currentUser.PasswordSalt = sh.Salt;
currentUser.ResetPassword = "******";
context.SaveChanges();
// Show confirmation if save is successful
MessageBox.Show(@"Temporary password updated successfully!");
}
}
}
catch (SqlException sqlEx)
{
MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
// Close the form when finished
this.Close();
}
}
/// <summary>
/// Method to match password with the database (using salted hash), then login and load the role form
/// </summary>
/// <param name="username">The username string entered by the user</param>
/// <param name="password">The password string entered by the user</param>
private void Login(string username, string password)
{
try
{
using (db_sft_2172Entities context = new db_sft_2172Entities())
{
var userQuery = from u in context.Users
where u.UserID.Equals(username)
select u;
if (userQuery.Any())
{
var userResult = userQuery.FirstOrDefault();
// Determine whether user is active. If not, display a message and Logout.
if (!userResult.IsActive)
{
MessageBox.Show(
@"Sorry, this user is inactive. Please contact an administrator if you need to reactivate your account.");
Program.Logout();
return;
}
/*************************************************************/
/** Applying salted hash technique to verify password **/
/** **/
/** If you wish to use a non-encrypted password, uncomment **/
/** the first "if" statement below **/
/** Otherwise, uncomment the second "if" to use encryption. **/
/*************************************************************/
if (SaltedHash.Verify(userResult.PasswordSalt, userResult.Password, password))
{
// Update static variable containing User ID
Program.CurrentUser = userResult.UserID;
// If flag is set to reset password, load the Change Password form.
if (userResult.ResetPassword != null)
{
MessageBox.Show(
@"Your password is outdated and needs to be changed. Please reset your password now.");
ResetMyPassword changePassword = new ResetMyPassword();
changePassword.ShowDialog();
}
else
{
// If any of these three values are true, update static variables
if (userResult.IsSupervisor)
{
Program.IsSupervisor = true;
}
if (userResult.IsAdmin)
{
Program.IsAdmin = true;
}
// Close window once finished
this.Close();
}
}
else
{
MessageBox.Show(@"Sorry, invalid username or password. Please try again!");
this.txtUsername.Text = string.Empty;
this.txtPassword.Text = string.Empty;
this.txtUsername.Focus();
}
}
else
{
MessageBox.Show(@"Sorry, invalid username or password. Please try again!");
this.txtUsername.Text = string.Empty;
this.txtPassword.Text = string.Empty;
this.txtUsername.Focus();
}
}
}
catch (SqlException sqlEx)
{
MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
