public bool SavePassForg([FromBody] UserRowLogId pc)
{
/*
* Saves new password when user forgets it
*/
List <PassChanger> pcList = new List <PassChanger>();
string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
string selectQuarry = "select * from del_Users where del_ID = " + pc.User;
SqlCommand cmd = new SqlCommand(selectQuarry, con);
con.Open();
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
PassChanger fc = new PassChanger();
fc.User = rdr["del_User"].ToString();
pcList.Add(fc);
}
con.Close();
}
if (pcList.Count == 1)
{
//pc has raw current password and raw new password
//pcList[0] has user email and encripted password
//match them:
StringBuilder gpReal = new StringBuilder();
gpReal.Append(pcList[0].User);
gpReal.Append(pc.idCall);
gpReal.Append(pc.idCall);
//Create pass that will be stored in the database
string passForDB;
using (MD5 md5HashReal = MD5.Create())
{
passForDB = GetMd5Hash(md5HashReal, gpReal.ToString());
}
//Update password based on user id
using (SqlConnection con = new SqlConnection(CS))
{
string updateQuarry = "update del_Users set del_Pass = @del_Pass where del_ID = @del_ID";
SqlCommand cmd = new SqlCommand(updateQuarry, con);
SqlParameter del_ID = new SqlParameter("@del_ID", pc.User);
cmd.Parameters.Add(del_ID);
SqlParameter del_Pass = new SqlParameter("@del_Pass", passForDB);
cmd.Parameters.Add(del_Pass);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
return(true);
}
}
return(true);
}
public List <PassChanger> PassForget([FromBody] UserRowLogId urlid)
{
/*
* Send new password when user forgets it
*/
List <PassChanger> pcList = new List <PassChanger>();
string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
string selectQuarry = "select * from del_Users where del_User = @email";
SqlCommand cmd = new SqlCommand(selectQuarry, con);
SqlParameter paramA = new SqlParameter("@email", urlid.idCall);
cmd.Parameters.Add(paramA);
con.Open();
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
PassChanger fc = new PassChanger();
fc.User = rdr["del_ID"].ToString();
pcList.Add(fc);
}
con.Close();
}
if (pcList.Count == 1)
{
using (SqlConnection conA = new SqlConnection(CS))
{
SqlCommand cmdA = new SqlCommand("generateCodeForPassForget", conA);
cmdA.CommandType = CommandType.StoredProcedure;
SqlParameter paramA = new SqlParameter("@id", pcList[0].User);
cmdA.Parameters.Add(paramA);
conA.Open();
SqlDataReader rdr = cmdA.ExecuteReader();
conA.Close();
return(pcList);
}
}
else
{
PassChanger fcA = new PassChanger();
fcA.User = "******";
pcList.Add(fcA);
return(pcList); //Email does not exist in database
}
}
public bool CheckCode([FromBody] UserRowLogId urlid)
{
/*
* Check if code is OK when user change password
*/
List <PassChanger> pcList = new List <PassChanger>();
string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
string selectQuarry = "select * from del_Users where del_ID = @del_ID and del_FrgPass = @del_FrgPass";
SqlCommand cmd = new SqlCommand(selectQuarry, con);
SqlParameter paramA = new SqlParameter("@del_ID", urlid.User);
cmd.Parameters.Add(paramA);
SqlParameter paramB = new SqlParameter("@del_FrgPass", urlid.idCall);
cmd.Parameters.Add(paramB);
con.Open();
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
PassChanger fc = new PassChanger();
fc.User = rdr["del_ID"].ToString();
pcList.Add(fc);
}
con.Close();
}
if (pcList.Count == 1)
{
return(true); //Code is corect, user returned, send true
}
else
{
return(false); //Code or user not found, send false
}
}
public int ChPass([FromBody] PassChanger pc)
{
/*
* Changes password
*/
List <PassChanger> pcList = new List <PassChanger>();
if (Login.CheckLogging(pc.User))
{
string CS = ConfigurationManager.ConnectionStrings["Fordonskontroll"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
string selectQuarry = "select * from del_Users where del_ID = " + pc.User;
SqlCommand cmd = new SqlCommand(selectQuarry, con);
con.Open();
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
PassChanger fc = new PassChanger();
fc.User = rdr["del_User"].ToString();
fc.pass = rdr["del_Pass"].ToString();
pcList.Add(fc);
}
con.Close();
}
if (pcList.Count == 1)
{
//pc has raw current password and raw new password
//pcList[0] has user email and encripted password
//match them:
StringBuilder gpReal = new StringBuilder();
gpReal.Append(pcList[0].User);
gpReal.Append(pc.pass);
gpReal.Append(pc.pass);
//Create pass that will be checked agains one stored in the database
string passForDB;
using (MD5 md5HashReal = MD5.Create())
{
passForDB = GetMd5Hash(md5HashReal, gpReal.ToString());
}
//passForDB should match pcList[0]
if (passForDB == pcList[0].pass)
{
//Password match. Encript and save new password
StringBuilder gpRealA = new StringBuilder();
gpRealA.Append(pcList[0].User);
gpRealA.Append(pc.passA);
gpRealA.Append(pc.passA);
//Create pass that will be stored in the database
string passForDBNew;
using (MD5 md5HashRealA = MD5.Create())
{
passForDBNew = GetMd5Hash(md5HashRealA, gpRealA.ToString());
}
//Update password based on user id
using (SqlConnection con = new SqlConnection(CS))
{
string updateQuarry = "update del_Users set del_Pass = @del_Pass where del_ID = @del_ID";
SqlCommand cmd = new SqlCommand(updateQuarry, con);
SqlParameter del_ID = new SqlParameter("@del_ID", pc.User);
cmd.Parameters.Add(del_ID);
SqlParameter del_Pass = new SqlParameter("@del_Pass", passForDBNew);
cmd.Parameters.Add(del_Pass);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
return(3);
}
}
else
{
return(2); //Password not matching
}
}
else
{
return(1); //User does not exist
}
//
}
else
{
return(0); //User not logged
}
}
