public bool SavePassForg([FromBody] UserRowLogId pc) { /* * Saves new password when user forgets it */ List <PassChanger> pcList = new List <PassChanger>(); string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { string selectQuarry = "select * from del_Users where del_ID = " + pc.User; SqlCommand cmd = new SqlCommand(selectQuarry, con); con.Open(); SqlDataReader rdr = cmd.ExecuteReader(); while (rdr.Read()) { PassChanger fc = new PassChanger(); fc.User = rdr["del_User"].ToString(); pcList.Add(fc); } con.Close(); } if (pcList.Count == 1) { //pc has raw current password and raw new password //pcList[0] has user email and encripted password //match them: StringBuilder gpReal = new StringBuilder(); gpReal.Append(pcList[0].User); gpReal.Append(pc.idCall); gpReal.Append(pc.idCall); //Create pass that will be stored in the database string passForDB; using (MD5 md5HashReal = MD5.Create()) { passForDB = GetMd5Hash(md5HashReal, gpReal.ToString()); } //Update password based on user id using (SqlConnection con = new SqlConnection(CS)) { string updateQuarry = "update del_Users set del_Pass = @del_Pass where del_ID = @del_ID"; SqlCommand cmd = new SqlCommand(updateQuarry, con); SqlParameter del_ID = new SqlParameter("@del_ID", pc.User); cmd.Parameters.Add(del_ID); SqlParameter del_Pass = new SqlParameter("@del_Pass", passForDB); cmd.Parameters.Add(del_Pass); con.Open(); cmd.ExecuteNonQuery(); con.Close(); return(true); } } return(true); }
public List <PassChanger> PassForget([FromBody] UserRowLogId urlid) { /* * Send new password when user forgets it */ List <PassChanger> pcList = new List <PassChanger>(); string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { string selectQuarry = "select * from del_Users where del_User = @email"; SqlCommand cmd = new SqlCommand(selectQuarry, con); SqlParameter paramA = new SqlParameter("@email", urlid.idCall); cmd.Parameters.Add(paramA); con.Open(); SqlDataReader rdr = cmd.ExecuteReader(); while (rdr.Read()) { PassChanger fc = new PassChanger(); fc.User = rdr["del_ID"].ToString(); pcList.Add(fc); } con.Close(); } if (pcList.Count == 1) { using (SqlConnection conA = new SqlConnection(CS)) { SqlCommand cmdA = new SqlCommand("generateCodeForPassForget", conA); cmdA.CommandType = CommandType.StoredProcedure; SqlParameter paramA = new SqlParameter("@id", pcList[0].User); cmdA.Parameters.Add(paramA); conA.Open(); SqlDataReader rdr = cmdA.ExecuteReader(); conA.Close(); return(pcList); } } else { PassChanger fcA = new PassChanger(); fcA.User = "******"; pcList.Add(fcA); return(pcList); //Email does not exist in database } }
public bool CheckCode([FromBody] UserRowLogId urlid) { /* * Check if code is OK when user change password */ List <PassChanger> pcList = new List <PassChanger>(); string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { string selectQuarry = "select * from del_Users where del_ID = @del_ID and del_FrgPass = @del_FrgPass"; SqlCommand cmd = new SqlCommand(selectQuarry, con); SqlParameter paramA = new SqlParameter("@del_ID", urlid.User); cmd.Parameters.Add(paramA); SqlParameter paramB = new SqlParameter("@del_FrgPass", urlid.idCall); cmd.Parameters.Add(paramB); con.Open(); SqlDataReader rdr = cmd.ExecuteReader(); while (rdr.Read()) { PassChanger fc = new PassChanger(); fc.User = rdr["del_ID"].ToString(); pcList.Add(fc); } con.Close(); } if (pcList.Count == 1) { return(true); //Code is corect, user returned, send true } else { return(false); //Code or user not found, send false } }
public int ChPass([FromBody] PassChanger pc) { /* * Changes password */ List <PassChanger> pcList = new List <PassChanger>(); if (Login.CheckLogging(pc.User)) { string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString; using (SqlConnection con = new SqlConnection(CS)) { string selectQuarry = "select * from del_Users where del_ID = " + pc.User; SqlCommand cmd = new SqlCommand(selectQuarry, con); con.Open(); SqlDataReader rdr = cmd.ExecuteReader(); while (rdr.Read()) { PassChanger fc = new PassChanger(); fc.User = rdr["del_User"].ToString(); fc.pass = rdr["del_Pass"].ToString(); pcList.Add(fc); } con.Close(); } if (pcList.Count == 1) { //pc has raw current password and raw new password //pcList[0] has user email and encripted password //match them: StringBuilder gpReal = new StringBuilder(); gpReal.Append(pcList[0].User); gpReal.Append(pc.pass); gpReal.Append(pc.pass); //Create pass that will be checked agains one stored in the database string passForDB; using (MD5 md5HashReal = MD5.Create()) { passForDB = GetMd5Hash(md5HashReal, gpReal.ToString()); } //passForDB should match pcList[0] if (passForDB == pcList[0].pass) { //Password match. Encript and save new password StringBuilder gpRealA = new StringBuilder(); gpRealA.Append(pcList[0].User); gpRealA.Append(pc.passA); gpRealA.Append(pc.passA); //Create pass that will be stored in the database string passForDBNew; using (MD5 md5HashRealA = MD5.Create()) { passForDBNew = GetMd5Hash(md5HashRealA, gpRealA.ToString()); } //Update password based on user id using (SqlConnection con = new SqlConnection(CS)) { string updateQuarry = "update del_Users set del_Pass = @del_Pass where del_ID = @del_ID"; SqlCommand cmd = new SqlCommand(updateQuarry, con); SqlParameter del_ID = new SqlParameter("@del_ID", pc.User); cmd.Parameters.Add(del_ID); SqlParameter del_Pass = new SqlParameter("@del_Pass", passForDBNew); cmd.Parameters.Add(del_Pass); con.Open(); cmd.ExecuteNonQuery(); con.Close(); return(3); } } else { return(2); //Password not matching } } else { return(1); //User does not exist } // } else { return(0); //User not logged } }