public void InsertUserAcc(User tempUser)
        {
            if (tempUser.Email != null)
            {
                tempUser.Email.ToLower();
            }
            var DB = new Database();

            using (MySqlConnection conn = new MySqlConnection(DB.GetConnString()))
            {
                using (MySqlCommand comm = conn.CreateCommand())
                {
                    MessageSalt msalt = new MessageSalt(tempUser.Password, tempUser.Salt);
                    msalt.GenerateHash();
                    tempUser.Password = msalt.message;
                    tempUser.Salt     = msalt.salt;
                    comm.CommandText  = "INSERT INTO user_information(email, hashed_password, salt, fname, lname, account_type, account_status) " +
                                        "VALUES(@email, @hashed_password, @salt, @fname, @lname, @account_type, @account_status)";
                    //comm.Parameters.AddWithValue("@userID", tempUser.SystemID);//TODO: this should have gone away by now...
                    comm.Parameters.AddWithValue("@email", tempUser.Email);
                    comm.Parameters.AddWithValue("@hashed_password", tempUser.Password);
                    comm.Parameters.AddWithValue("@salt", tempUser.Salt);
                    comm.Parameters.AddWithValue("@fname", tempUser.FirstName);
                    comm.Parameters.AddWithValue("@lname", tempUser.LastName);
                    comm.Parameters.AddWithValue("@account_type", tempUser.AccountType);
                    if (tempUser.AccountStatus)
                    {
                        comm.Parameters.AddWithValue("@account_status", 1);
                    }
                    else
                    {
                        comm.Parameters.AddWithValue("@account_status", 0);
                    }

                    conn.Open();
                    comm.ExecuteNonQuery();
                    comm.Parameters.Clear();

                    tempUser.SystemID = GetUserInfo(tempUser.Email).SystemID;

                    msalt.message = tempUser.SystemID.ToString();
                    msalt.GenerateHash();
                    tempUser.Password = msalt.message;

                    comm.CommandText = "INSERT INTO userid(userID, hashedUserID) " +
                                       "VALUES(@userID, @hashedUserID)";
                    comm.Parameters.AddWithValue("@userID", tempUser.SystemID);
                    comm.Parameters.AddWithValue("@hashedUserID", msalt.message);
                    comm.ExecuteNonQuery();
                    comm.Parameters.Clear();
                    conn.Close();
                }
            }
        }
Example #2
0
        public bool ComparePasswords(string email, string password)
        {
            DatabaseQuery databaseQuery = new DatabaseQuery();
            User          user          = databaseQuery.GetUserInfo(email);
            MessageSalt   messageSalt   = new MessageSalt(password, user.Salt);

            messageSalt.GenerateHash();
            if (messageSalt.message == user.Password)
            {
                return(true);
            }
            return(false);
        }
Example #3
0
        /// <summary>
        /// used to update user table values
        /// </summary>
        ///
        /// <param name="user">
        /// User to edit, has the changed values
        /// </param>
        ///
        /// <param passwordCheck="passwordCheck">
        /// do a password security check.
        /// </param>
        ///
        /// <returns></returns>
        public bool UpdateUserPass(User user, bool passwordCheck)
        {
            //TODO: for this the authentication module's GetHashedPassword() method needs to be fixed for this to work.

            bool idFound = CheckIDExistence(user.SystemID);

            if (!idFound)
            {
                user.ErrorMessage = "System ID not found";
                return(false);
            }
            else
            {
                if (passwordCheck)
                {
                    StringCheckerService sc = new StringCheckerService(user.Password);
                    // Password is secured
                    if (sc.isSecurePassword())
                    {
                        DatabaseQuery dq    = new DatabaseQuery();
                        MessageSalt   msalt = new MessageSalt(user.Password, user.Salt);
                        msalt.GenerateHash();
                        user.Password = msalt.message;
                        user.Salt     = msalt.salt;
                        dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString());
                        dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString());
                        return(true);
                    }
                    else
                    {
                        user.ErrorMessage = "Password is not secured";
                        return(false);
                    }
                }
                else
                {
                    DatabaseQuery dq    = new DatabaseQuery();
                    MessageSalt   msalt = new MessageSalt(user.Password, user.Salt);
                    msalt.GenerateHash();
                    user.Password = msalt.message;
                    user.Salt     = msalt.salt;
                    dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString());
                    dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString());
                    return(true);
                }
            }
        }