// Button 'Save'
// Validate input and insert into database
private void buttonNewUserConfirm_Click(object sender, EventArgs e)
{
Boolean existingid = false;
string adminid = textBoxUsername.Text;
string firstname = textBoxFirstname.Text;
string lastname = textBoxLastname.Text;
string password = textBoxPassword.Text;
int superuser = 0;
if (checkBoxSuperuser.Checked)
{
superuser = 1;
}
// Check for null or empty input
if (string.IsNullOrWhiteSpace(adminid))
{
MessageBox.Show("Username field is not filled in");
}
if (string.IsNullOrWhiteSpace(firstname))
{
MessageBox.Show("Firstname field is not filled in");
}
if (string.IsNullOrWhiteSpace(lastname))
{
MessageBox.Show("Lastname field is not filled in");
}
if (string.IsNullOrWhiteSpace(password))
{
MessageBox.Show("Password field is not filled in");
}
// Check if username is already taken
if (DBGetData.GetLoginUsername(adminid) > 0)
{
existingid = true;
}
if (existingid)
{
MessageBox.Show("Username already exists, please choose a different one.");
}
// Execute save
if (!existingid && !string.IsNullOrWhiteSpace(adminid) && !string.IsNullOrWhiteSpace(firstname) && !string.IsNullOrWhiteSpace(lastname) && !string.IsNullOrWhiteSpace(password))
{
// Generate new salt and hash password
PasswordHasher pwHasher = new PasswordHasher();
HashResult hashedPassword = pwHasher.HashNewSalt(password, 20, SHA512.Create());
string salt = hashedPassword.Salt;
string passwordHash = hashedPassword.Digest;
DBSetData.UserAdd(adminid, firstname, lastname, passwordHash, salt, superuser);
// Close form
this.Close();
userForm.LoadDataUser();
userForm.Refresh();
new StatusMessage("User with login " + adminid + " is added to the database.");
}
}
// Fetches a valid users stored salt and makes a hash with the salt and password input
// Checks database for username/password combination match
private void CheckLogin()
{
string uid = textBoxUsername.Text;
string upw = textBoxPassword.Text;
// Check for input
if (!string.IsNullOrWhiteSpace(uid) && !string.IsNullOrWhiteSpace(upw))
{
Boolean validLogin = false;
string salt;
int su;
// Fetch salt and superuser status for user
MySqlDataReader getValues = DBGetData.GetLoginData(uid);
if (getValues.Read())
{
salt = getValues.GetString(0);
su = getValues.GetInt32(1);
// Hash password with salt
PasswordHasher pwHasher = new PasswordHasher();
HashResult hashedPassword = pwHasher.HashStoredSalt(upw, salt, SHA512.Create());
if (DBGetData.GetLoginMatch(uid, hashedPassword.Digest) == 1)
{
validLogin = true;
}
// Check for login match
if (validLogin)
{
// Save user information in static variables through the UserInfo class
UserInfo.AdminID = uid;
UserInfo.SuperUser = su;
// Open main program and hide login screen
UserInterface UIForm = new UserInterface();
UIForm.Show();
this.Hide();
}
}
// No login match
else
{
this.labelStatus.Text = "Username or password incorrect, try again.";
}
getValues.Dispose();
}
// No textfield input
else
{
this.labelStatus.Text = "Username or password field empty, try again.";
}
}
// Button 'Reset'
private void buttonEditPasswordConfirm_Click(object sender, EventArgs e)
{
Boolean passwordMatch = false;
string password = textBoxPassword.Text;
string passwordConfirm = textBoxPasswordConfirm.Text;
// Check for null or empty input
if (string.IsNullOrWhiteSpace(password))
{
MessageBox.Show("Password field is not filled in");
}
if (string.IsNullOrWhiteSpace(passwordConfirm))
{
MessageBox.Show("Password confirmation field is not filled in");
}
// Check that confirmation field is equal to password field
if (password.Equals(passwordConfirm))
{
passwordMatch = true;
}
// Execute save
if (passwordMatch && !string.IsNullOrWhiteSpace(adminid) && !string.IsNullOrWhiteSpace(password) && !string.IsNullOrWhiteSpace(passwordConfirm))
{
// Generate new salt and hash password
PasswordHasher pwHasher = new PasswordHasher();
HashResult hashedPassword = pwHasher.HashNewSalt(password, 20, SHA512.Create());
string salt = hashedPassword.Salt;
string passwordHash = hashedPassword.Digest;
DBSetData.UserPasswordChange(adminid, passwordHash, salt);
// Close form
this.Close();
userForm.LoadDataUser();
new StatusMessage("Password for user with login " + adminid + " is updated in the database.");
}
}
