Example #1
0
        public static String generateSecurePassword(String password, String salt)
        {
            String returnValue = null;

            byte[] securePassword = PasswordUtil.hash(Encoding.ASCII.GetBytes(password), Encoding.ASCII.GetBytes(salt));
            returnValue = System.Convert.ToBase64String(securePassword);
            return(returnValue);
        }
Example #2
0
        public static bool verifyUserPassword(String providedPassword, String securedPassword, String salt)
        {
            bool returnValue = false;
            //  Generate New secure password with the same salt
            String newSecurePassword = PasswordUtil.generateSecurePassword(providedPassword, salt);

            //  Check if two passwords are equal
            returnValue = newSecurePassword.Equals(securedPassword);
            return(returnValue);
        }
        private void btnSave_Click(object sender, EventArgs e)
        {
            string stfID         = txtStfId.Text;
            string fName         = txtFName.Text;
            string lName         = txtLName.Text;
            string email         = txtEmail.Text;
            string phone         = txtPhone.Text;
            string nic           = txtNIC.Text;
            string qualification = txtQualification.Text;
            string experience    = txtExperience.Text;
            string dob           = dobPicker.Value.ToShortDateString();
            string appdate       = appdatePicker.Value.ToShortDateString();
            string jdate         = jDatePicker.Value.ToShortDateString();
            string gender        = "";
            string password      = txtPassword.Text;

            if (rBtnMale.Checked)
            {
                gender = "M";
            }
            else if (rBtnFemale.Checked)
            {
                gender = "F";
            }
            string pattern = null;

            pattern = "^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$";


            if (!(stfID == "" || fName == "" || lName == "" || email == "" || phone == "" || nic == "" || qualification == "" || experience == "" ||
                  dob == "" || appdate == "" || jdate == "" || gender == "" || password == ""))
            {
                if (!(Regex.IsMatch(txtEmail.Text, pattern)))
                {
                    MessageBox.Show("Email is not correct.");
                }
                else if (txtNIC.Text.Length != 10)
                {
                    MessageBox.Show("NIC is incorrect.");
                }
                else
                {
                    try
                    {
                        sqlCon.Open();

                        SqlCommand cmd1 = sqlCon.CreateCommand();
                        cmd1.CommandType = CommandType.Text;
                        cmd1.CommandText = "INSERT INTO Staff VALUES('" + stfID + "', '" + phone + "', '" + fName + "', '" + lName
                                           + "','" + email + "','" + nic + "','" + appdate + "','" + jdate + "','" + qualification + "','" + gender + "','" + dob + "')";
                        cmd1.ExecuteNonQuery();

                        SqlCommand cmd2 = sqlCon.CreateCommand();
                        cmd2.CommandType = CommandType.Text;
                        cmd2.CommandText = "INSERT INTO Non_Academic_Staff VALUES('" + stfID + "', '" + experience + "')";
                        cmd2.ExecuteNonQuery();

                        string saltpwd = PasswordUtil.getSalt(30);
                        string secpwd  = PasswordUtil.generateSecurePassword(password, saltpwd);

                        SqlCommand cmd3 = sqlCon.CreateCommand();
                        cmd3.CommandType = CommandType.Text;
                        cmd3.CommandText = "INSERT INTO Non_Academic_Staff_Credentials VALUES('" + stfID + "','" + secpwd + "','" + saltpwd + "')";
                        cmd3.ExecuteNonQuery();
                    }
                    catch (Exception ex1)
                    {
                        MessageBox.Show("Error: " + ex1);
                    }
                    finally
                    {
                        sqlCon.Close();
                    }


                    FillDataGridView();
                    MessageBox.Show("Successfully Inserted!");
                    clearDetails();
                }
            }
            else
            {
                MessageBox.Show("All fields must be filled.");
            }
        }
        private void btnLogin_Click(object sender, EventArgs e)
        {
            if (txtUsername.Text == "")
            {
                MessageBox.Show("Please enter username");
            }
            else if (txtUsername.Text == "")
            {
                MessageBox.Show("Please enter password");
            }
            else if (userType.Text == "")
            {
                MessageBox.Show("Please select usertype");
            }
            else
            {
                string conString = CommonConstants.connnectionString;
                if (userType.Text.Equals("Academic Staff"))
                {
                    using (SqlConnection connection = new SqlConnection(conString))
                    {
                        connection.Open();
                        SqlCommand command = new SqlCommand(null, connection);


                        command.CommandText = "SELECT * FROM Academic_Staff_Credentials WHERE stfID = @stfID ";

                        SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
                        stfID.Value = txtUsername.Text;
                        command.Parameters.Add(stfID);


                        // Call Prepare after setting the Commandtext and Parameters.
                        command.Prepare();
                        SqlDataReader reader = command.ExecuteReader();

                        if (reader.Read())
                        {
                            String secured_pwd_from_db = reader["password"].ToString();
                            String salt_from_db        = reader["salt"].ToString();

                            String userID_from_db = reader["stfID"].ToString();

                            if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
                            {
                                User u = new User();
                                //populate u
                                //u.setuserID(userID_from_db);
                                u = getAcademicStaffObjectWithAllProperties(userID_from_db);

                                //Track Login - Start
                                TrackLogin("Academic Staff", connection, userID_from_db, conString);
                                //Track Login - End

                                UserSessionStore.Instance.setUser(u);
                                AcademicStaffDashBoard objAcdStfDashBoard = new AcademicStaffDashBoard();
                                this.Hide();
                                objAcdStfDashBoard.Show();
                            }
                            else
                            {
                                MessageBox.Show("Your password is incorrect.");
                            }
                        }
                        else
                        {
                            MessageBox.Show("Your Username or password not found.");
                        }
                        connection.Close();
                    }
                }
                else if (userType.Text.Equals("Administrative Staff"))
                {
                    using (SqlConnection connection = new SqlConnection(conString))
                    {
                        connection.Open();
                        SqlCommand command = new SqlCommand(null, connection);

                        command.CommandText = "SELECT * FROM Administrative_Staff_credentials WHERE stfID = @stfID ";

                        SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
                        stfID.Value = txtUsername.Text;
                        command.Parameters.Add(stfID);


                        // Call Prepare after setting the Commandtext and Parameters.
                        command.Prepare();
                        SqlDataReader reader = command.ExecuteReader();

                        if (reader.Read())
                        {
                            String secured_pwd_from_db = reader["password"].ToString();
                            String salt_from_db        = reader["salt"].ToString();

                            String userID_from_db = reader["stfID"].ToString();

                            if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
                            {
                                User u = new User();
                                //populate u
                                //u.setuserID(userID_from_db);
                                u = getAdministrativeStaffObjectWithAllProperties(userID_from_db);

                                //Track Login - Start
                                TrackLogin("Administrative Staff", connection, userID_from_db, conString);
                                //Track Login - End

                                UserSessionStore.Instance.setUser(u);
                                AdministrativeStaffDashboard objAdmStfDashBoard = new AdministrativeStaffDashboard();
                                this.Hide();
                                objAdmStfDashBoard.Show();
                            }
                            else
                            {
                                MessageBox.Show("Your password is incorrect.");
                            }
                        }
                        else
                        {
                            MessageBox.Show("Your Username or password not found.");
                        }
                        connection.Close();
                    }
                }
                else if (userType.Text.Equals("Admin"))
                {
                    using (SqlConnection connection = new SqlConnection(conString))
                    {
                        connection.Open();
                        SqlCommand command = new SqlCommand(null, connection);

                        command.CommandText = "SELECT * FROM Admin_credentials WHERE adminID = @adminID ";

                        SqlParameter adminID = new SqlParameter("@adminID", SqlDbType.VarChar, 100);
                        adminID.Value = txtUsername.Text;
                        command.Parameters.Add(adminID);


                        // Call Prepare after setting the Commandtext and Parameters.
                        command.Prepare();
                        SqlDataReader reader = command.ExecuteReader();

                        if (reader.Read())
                        {
                            String secured_pwd_from_db = reader["password"].ToString();
                            String salt_from_db        = reader["salt"].ToString();

                            String userID_from_db = reader["adminID"].ToString();

                            if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
                            {
                                User u = new User();
                                //populate u
                                u.setuserID(userID_from_db);
                                u.Type = "Admin";

                                //Track Login - Start
                                TrackLogin("Admin", connection, userID_from_db, conString);
                                //Track Login - End

                                UserSessionStore.Instance.setUser(u);

                                AdminDashboard objAdminDashboard = new AdminDashboard();
                                this.Hide();
                                objAdminDashboard.Show();
                            }
                            else
                            {
                                MessageBox.Show("Your password is incorrect.");
                            }
                        }
                        else
                        {
                            MessageBox.Show("Your Username or password not found.");
                        }
                        connection.Close();
                    }
                }
                else if (userType.Text.Equals("Non Academic Staff"))
                {
                    using (SqlConnection connection = new SqlConnection(conString))
                    {
                        connection.Open();
                        SqlCommand command = new SqlCommand(null, connection);

                        command.CommandText = "SELECT * FROM Non_Academic_Staff_Credentials WHERE stfID = @stfID ";

                        SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
                        stfID.Value = txtUsername.Text;
                        command.Parameters.Add(stfID);


                        // Call Prepare after setting the Commandtext and Parameters.
                        command.Prepare();
                        SqlDataReader reader = command.ExecuteReader();

                        if (reader.Read())
                        {
                            String secured_pwd_from_db = reader["password"].ToString();
                            String salt_from_db        = reader["salt"].ToString();

                            String userID_from_db = reader["stfID"].ToString();

                            if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
                            {
                                User u = new User();
                                //populate u
                                //u.setuserID(userID_from_db);
                                u = getNonAcademicStaffObjectWithAllProperties(userID_from_db);

                                //Track Login - Start
                                TrackLogin("Non Academic Staff", connection, userID_from_db, conString);
                                //Track Login - End

                                UserSessionStore.Instance.setUser(u);

                                NonAcademicStaffDashboard objNonAcdStfDashboard = new NonAcademicStaffDashboard();
                                this.Hide();
                                objNonAcdStfDashboard.Show();
                            }
                            else
                            {
                                MessageBox.Show("Your password is incorrect.");
                            }
                        }
                        else
                        {
                            MessageBox.Show("Your Username or password not found.");
                        }
                        connection.Close();
                    }
                }
                else
                {
                    MessageBox.Show("Unknown user type!!!");
                }


                //Login validation end
            }
        }
        private void button1_Click(object sender, EventArgs e)
        {
            if (txtPassword.Text == "" || txtRePassword.Text == "")
            {
                MessageBox.Show("Please enter new password and enter it again.");
            }
            else if (!(txtPassword.Text.Equals(txtRePassword.Text)))
            {
                MessageBox.Show("Passwords are not equal.");
            }
            else
            {
                //txtPassword.Text;
                //txtRePassword.Text;
                string saltpwd    = PasswordUtil.getSalt(30);
                string secpwd     = PasswordUtil.generateSecurePassword(txtPassword.Text, saltpwd);
                string typeString = userType.SelectedItem.ToString();

                using (SqlConnection connection = new SqlConnection(conString))
                {
                    //try{
                    connection.Open();
                    SqlCommand command = new SqlCommand(null, connection);

                    /*
                     * UPDATE Academic_Staff_Credentials
                     * SET password = '******', salt = 'sss'
                     * WHERE stfID = 'iii';
                     */


                    if (typeString.Equals("Academic Staff"))
                    {
                        command.CommandText = "UPDATE Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
                    }
                    else if (typeString.Equals("Non Academic Staff"))
                    {
                        command.CommandText = "UPDATE Non_Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
                    }
                    else if (typeString.Equals("Administrative Staff"))
                    {
                        command.CommandText = "UPDATE Administrative_Staff_credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
                    }

                    SqlParameter secPassword = new SqlParameter("@secPassword", SqlDbType.VarChar, 100);
                    secPassword.Value = secpwd;
                    command.Parameters.Add(secPassword);

                    SqlParameter saltPassword = new SqlParameter("@saltPassword", SqlDbType.VarChar, 100);
                    saltPassword.Value = saltpwd;
                    command.Parameters.Add(saltPassword);

                    SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
                    stfID.Value = usernameString;
                    command.Parameters.Add(stfID);

                    // Call Prepare after setting the Commandtext and Parameters.
                    command.Prepare();
                    command.ExecuteNonQuery();
                    MessageBox.Show("Password updated successfully. Now use your new password to login to the system.");
                    //}
                    //catch(Exception ex) {
                    //    MessageBox.Show(ex+"Error occured.");
                    //} finally {
                    //    connection.Close();
                    //}
                }
            }
        }