private void SignIn_Load(object sender, EventArgs e)
{
try
{
connLogin = new OleDbConnection(connLoginString); //Make a connection to the database using the connection string
connLogin.Open(); //Open the new connection
}
catch (Exception ex)
{
throw new ApplicationException("Could not open database connection: ", ex);
}
txtPass.MaxLength = 12; //Set the maximum input for the password box
txtPass.PasswordChar = '*'; //Hide the user's password with *
currentUser = Environment.UserName; //Pull the user's windows login ID
try
{
OleDbCommand check_User_Name = new OleDbCommand("SELECT COUNT(*) FROM Accounts WHERE (UserID ='" + @currentUser + "')", connLogin); //Check to see if the user's ID is in the database by pulling the count
int UserExist = (int)check_User_Name.ExecuteScalar(); //Run the sql and convert the query results into an int
if (UserExist == 1) //If the query we ran is = 1, user exists, enter their name into the user text box
{
txtUser.Text = Environment.UserName;
}
else
{
MessageBox.Show("Your user does not exist within the database.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
}
catch (Exception ex)
{
throw new ApplicationException("There was an issue checking your username in the database: ", ex);
}
try
{
OleDbCommand checkReset = new OleDbCommand("SELECT Reset FROM Login WHERE UserID = '" + currentUser + "'", connLogin); //Query to check and see if the user needs a password reset
bool userReset = (bool)checkReset.ExecuteScalar();
if (userReset) //if the user does need a reset, this will load the reset form
{
PasswordReset pwForm = new PasswordReset(connLogin, currentUser);
pwForm.Owner = this;
pwForm.Show();
}
PasswordVerifier pwResetCheck = new PasswordVerifier(); //make a new password verifier object
bool verifiedPW = pwResetCheck.ExpirationReset(connLogin, currentUser, out errorMessage); //Pass the connection, current user and take back any error message
if (verifiedPW && errorMessage != null) //if the error message does not come back as null, shows the warning.
{
MessageBox.Show(errorMessage, "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
Show();
}
else if (!verifiedPW) //if verified password comes back false, show the error and make user reset password
{
DialogResult resultOK = MessageBox.Show(errorMessage, "Password has expired", MessageBoxButtons.OK, MessageBoxIcon.Error);
if (resultOK == DialogResult.OK)
{
PasswordReset pwForm = new PasswordReset(connLogin, currentUser); //pass login and user variables to the password form
pwForm.Owner = this; //bring the password form up front by making it the owner.
pwForm.Show();
}
}
}
catch (Exception ex)
{
throw new ApplicationException("Application encountered an error while attempting to extract the password reset information from database: ", ex);
}
}
private void btnOK_Click(object sender, EventArgs e)
{
if (txtNewPW.Text == txtRetypePW.Text) //Checks to make sure that the user entered two identical passwords
{
try
{
string errorMessage;
PasswordVerifier pwVerifier = new PasswordVerifier(); //New password verifier object
bool verifiedPW = pwVerifier.ValidatePassword(connlogin, currentuser, txtNewPW.Text,
txtOldPW.Text, out errorMessage); //Send the connection, user, and new/old password inputs to the validate password method and return an errorMessage
if (verifiedPW) //If the password is verified without error
{
string newPWHashed;
PasswordHasher newPWHasher = new PasswordHasher();
newPWHasher.passwordHasher(txtNewPW.Text, out newPWHashed); //Send the newly entered password to be salted and hashed
OleDbCommand updatePW = new OleDbCommand("UPDATE Login SET [Password] = '" + @newPWHashed + "' WHERE [UserID] = '" +
@currentuser + "'", connlogin); //Query to update the password
updatePW.ExecuteScalar();
OleDbCommand updateReset = new OleDbCommand("UPDATE Login SET [Reset] = False WHERE [UserID] = '"
+ @currentuser + "'", connlogin); //Query to update the Needs a Reset flag
updateReset.ExecuteScalar();
var addToday = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss");
OleDbCommand updateLastPWReset = new OleDbCommand("UPDATE Accounts SET [LastReset] = '" +
@addToday + "' WHERE [UserID] = '" + @currentuser + "'", connlogin); //Query to update the Last Reset date/time
updateLastPWReset.ExecuteScalar();
OleDbCommand historyQuery = new OleDbCommand("SELECT Password FROM PasswordHistory WHERE UserID = '" +
@currentuser + "'", connlogin); // Query to update the password history
OleDbDataAdapter historyAdapter = new OleDbDataAdapter(historyQuery); //The adapter to translate the information from the query
DataTable historyTable = new DataTable();
historyAdapter.Fill(historyTable); //Add the information from the adapter to the table
int totalRows = historyTable.Rows.Count; //Count the total rows in the returned table
if (totalRows >= 5) //Only saving 5 passwords in the history per person
{
OleDbCommand updateQuery = new OleDbCommand("SELECT MIN(UpdateDate) FROM PasswordHistory WHERE UserID = '" +
@currentuser + "'", connlogin); //Query to select the oldest update reset date
var oldestPW = updateQuery.ExecuteScalar();
OleDbCommand deleteOldest = new OleDbCommand("DELETE FROM PasswordHistory WHERE UpdateDate = '" +
@oldestPW + "'", connlogin); //Query to delete the oldest date that we just pulled
deleteOldest.ExecuteNonQuery();
var updateTime = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss"); //This is the current time down to seconds for when the
//new Password History entry was made
string pwIDGen = DateTime.Now.ToString("yyMMddHHmmss"); //Using this date time string as the password ID.
OleDbCommand insertNewPW = new OleDbCommand("INSERT INTO PasswordHistory VALUES (@pwIDGen, @currentuser, @hashedPass, @updateTime)",
connlogin); //Query to add a new Password History entry
//The following commands update the @ values in the query with the variables being attached
insertNewPW.Parameters.AddWithValue("@pwIDGen", pwIDGen);
insertNewPW.Parameters.AddWithValue("@currentuser", currentuser);
insertNewPW.Parameters.AddWithValue("@hashedPass", newPWHashed);
insertNewPW.Parameters.AddWithValue("@updateTime", updateTime);
insertNewPW.ExecuteNonQuery();
}
else
{
//If the password history doesnt have 5 entries, just add the new entry without deleting anything
var updateTime = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss");
string pwIDGen = DateTime.Now.ToString("yyMMddHHmmss");
OleDbCommand insertNewPW = new OleDbCommand("INSERT INTO PasswordHistory VALUES (@pwIDGen, @currentuser, @hashedPass, @updateTime)", connlogin);
insertNewPW.Parameters.AddWithValue("@pwIDGen", pwIDGen);
insertNewPW.Parameters.AddWithValue("@currentuser", currentuser);
insertNewPW.Parameters.AddWithValue("@hashedPass", newPWHashed);
insertNewPW.Parameters.AddWithValue("@updateTime", updateTime);
insertNewPW.ExecuteNonQuery();
}
Close();
}
else
{
MessageBox.Show(errorMessage, "Password Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
catch (Exception ex)
{
throw new ApplicationException("There was an error while updating your password: "******"Passwords Do Not Match.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
