protected void CreateAccountButton_Click(object sender, EventArgs e)
{
// unpack everything
string username = UsernameTextbox.Text;
string password = PasswordTextbox.Text;
string confirmedPassword = PasswordConfirmationTextbox.Text;
// first confirm that these passwords are the same
if (password != confirmedPassword)
{
ErrorLabel.Text = "Passwords do not match!";
return;
}
if (password.Length == 0 || username.Length == 0 || confirmedPassword.Length == 0)
{
ErrorLabel.Text = "All fields must be filled in!";
ErrorLabel.ForeColor = Color.Red;
return;
}
string passwordEncrypted = new SuperTopSecreteEncryption().Encrypt(password);
writeInNewMember(username, passwordEncrypted);
Response.Redirect("Member.aspx");
}
protected void handleDecrypt(object sender, EventArgs e)
{
// okay so encrypt the text and make it appear on the screen
if (EncryptionTextbox.Text == "")
{
EncryptionResultsText.Text = "Cannot be empty!";
EncryptionResultsText.ForeColor = Color.Red;
}
SuperTopSecreteEncryption crypt = new SuperTopSecreteEncryption();
try
{
EncryptionResultsText.Text = crypt.Decrypt(EncryptionTextbox.Text);
} catch (Exception)
{
EncryptionResultsText.Text = "Decryption failed!";
EncryptionResultsText.ForeColor = Color.Red;
}
}
protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e)
{
Boolean loginSuccessful = false;
XmlTextReader xmlTextReader = new XmlTextReader(HttpContext.Current.Server.MapPath("App_Data/Staff.xml"));
SuperTopSecreteEncryption crypt = new SuperTopSecreteEncryption();
string userProvidedUsername = Login1.UserName;
string userProvidedPassword = Login1.Password;
string retrievedPassword;
string retrievedUsername;
if (xmlTextReader == null)
{
loginSuccessful = false;
Login1.FailureText = "AN error has occured, contact your administrator";
return;
}
// now iterate throught the user name and password combinations
while (xmlTextReader.Read())
{
if (loginSuccessful)
{
break;
}
if (xmlTextReader.Name == "Username")
{
// this is a user name. Capture it
retrievedUsername = xmlTextReader.Value.ToString();
// Now retrieve the password
while (xmlTextReader.Read())
{
if (loginSuccessful)
{
break;
}
if (xmlTextReader.Name == "Password")
{
xmlTextReader.Read();
// now capture this password
retrievedPassword = xmlTextReader.Value.ToString();
// encrypt the password and see if they match
if (xmlTextReader.Value.ToString() == Login1.Password)
{
// if they do match, then we're good. Otherwise
loginSuccessful = true;
// now we want to authenticate the user
Response.Cookies.Add(new HttpCookie("staff-cookie", FormsAuthentication.Encrypt(
new FormsAuthenticationTicket(
1,
userProvidedUsername,
DateTime.Now,
DateTime.Now.AddMinutes(60),
Login1.RememberMeSet,
"a staff"
))));
xmlTextReader.Close();
break;
}
}
}
}
}
e.Authenticated = loginSuccessful;
if (loginSuccessful)
{
FormsAuthentication.RedirectFromLoginPage(userProvidedUsername, Login1.RememberMeSet);
Response.Redirect("/Staff.aspx");
}
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
bool loginSuccessful = false;
// If the form has been submitted, then lets start validating the input
try
{
xmlTextReader = new XmlTextReader(HttpContext.Current.Server.MapPath(appDataPath));
if (xmlTextReader == null)
{
loginSuccessful = false;
Login1.FailureText = "An error has occured, please contact your administrator";
return;
}
string retrievedUsername;
string retrievedPassword;
string encryptedPassword;
string userProvidedLogin = Login1.UserName;
string userProvidedPassword = Login1.Password;
crypt = new SuperTopSecreteEncryption();
encryptedPassword = crypt.Encrypt(userProvidedPassword);
Login1.FailureText = encryptedPassword;
while (xmlTextReader.Read())
{
if (loginSuccessful)
{
break;
}
if (xmlTextReader.Name == "Username")
{
xmlTextReader.Read();
retrievedUsername = xmlTextReader.Value.ToString();
if (retrievedUsername == userProvidedLogin)
{
while (xmlTextReader.Read())
{
if (xmlTextReader.Name == "Password")
{
xmlTextReader.Read();
retrievedPassword = xmlTextReader.Value.ToString();
encryptedPassword = crypt.Encrypt(userProvidedPassword);
if (retrievedPassword == encryptedPassword)
{
// authentication successful
loginSuccessful = true;
HttpCookie cookie;
cookie = new HttpCookie("non-privileged-user-cookie", FormsAuthentication.Encrypt(
new FormsAuthenticationTicket(
1,
Login1.UserName,
DateTime.Now,
DateTime.Now.AddHours(1),
Login1.RememberMeSet,
"a user"
)));
Response.Cookies.Add(cookie);
break;
}
}
}
}
}
}
}
catch (Exception)
{
Login1.FailureText = "an exception has occured!";
return;
}
if (loginSuccessful)
{
e.Authenticated = true;
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet);
// Redirect the user to the right page
Response.Redirect("~/Member.aspx");
}
else
{
e.Authenticated = false;
}
}
