/// <summary>
/// Creates a new user and saves their username in session.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="role"></param>
/// <returns></returns>
public void Register(string username, string password, string role)
{
HashProvider hashProvider = new HashProvider();
HashedPassword passwordHash = hashProvider.HashPassword(password);
User user = new User
{
Username = username,
Password = passwordHash.Password,
Salt = passwordHash.Salt,
Role = role
};
userDAO.CreateUser(user);
Session.SetString(SessionKey, user.Username);
}
/// <summary>
/// Changes the current user's password.
/// </summary>
/// <param name="existingPassword"></param>
/// <param name="newPassword"></param>
/// <returns></returns>
public bool ChangePassword(string existingPassword, string newPassword)
{
HashProvider hashProvider = new HashProvider();
User user = GetCurrentUser();
// Confirm existing password match
if (user != null && hashProvider.VerifyPasswordMatch(user.Password, existingPassword, user.Salt))
{
// Hash new password
HashedPassword newHash = hashProvider.HashPassword(newPassword);
user.Password = newHash.Password;
user.Salt = newHash.Salt;
// Save into the db
userDAO.UpdateUser(user);
return(true);
}
return(false);
}