protected void login_onclick(object sender, EventArgs e)
{
string Email = unTB.Text;
User userObj = new User();
User userObj1 = new User();
UserManagement uDao = new UserManagement();
userObj1 = uDao.checkEmail(Email);
int EmailMatch = 0;
if (userObj1 != null)
{
EmailMatch = 1;
}
if (EmailMatch == 1)
{
userObj = uDao.getUserByEmail(Email);
int pswdMatch = 1;
//noted,CheEe(002):comment this to bypass the login!!!
string pswdHash = userObj.PasswordHash;
// convert into bytes
byte[] hashbytes = Convert.FromBase64String(pswdHash);
// take the salt out of the string
byte[] salt = new byte[16];
Array.Copy(hashbytes, 0, salt, 0, 16);
// hash the entered password
var pbkdf2 = new Rfc2898DeriveBytes(pwTB.Text, salt, 10000);
byte[] hash = pbkdf2.GetBytes(20);
for (int i = 0; i < 20; i++)
{
if (hashbytes[i + 16] != hash[i])
{
pswdMatch = 0;
}
}
if (pswdMatch == 1)
{
Session["userID"] = userObj.UserID;
//System.Diagnostics.Debug.Write(Session["userID"]);
Session["userType"] = userObj.Type;
if ((string)Session["userType"] == Reference.USR_ADM || (string)Session["userType"] == Reference.USR_MEM)
{
Response.Redirect("ProfileInfo.aspx");
}
}
else
{
string script = "alert('Password is incorrect. Please re-enter the correct password.');";
ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
}
}
else
{
string script = "alert('Email not registered. Please re-enter a correct email.');";
ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
}
}
protected void fp_onclick(object sender, EventArgs e)
{
string Email = fpEmail.Text;
string Pswd = CreatePassword(8);
string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt");
//string lastUpdBy = Session["userID"].ToString();
//string lastUpdOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt");
User userObj = new User();
User userObj1 = new User();
UserManagement uDao = new UserManagement();
userObj1 = uDao.checkEmail(Email);
int EmailMatch = 0;
if (userObj1 != null)
{
EmailMatch = 1;
}
if (EmailMatch == 1) // if email matches
{
userObj = uDao.getUserByEmail(Email); // get email from sql
// Password codes below
// make a new byte array
byte[] salt;
// generate salt
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
// hash and salt using PBKDF2
var pbkdf2 = new Rfc2898DeriveBytes(Pswd, salt, 10000);
// place string in byte array
byte[] hash = pbkdf2.GetBytes(20);
// make new byte array to store hashed password + salt
// 36 --> 16(salt) + 20(hash)
byte[] hashbytes = new byte[36];
Array.Copy(salt, 0, hashbytes, 0, 16);
Array.Copy(hash, 0, hashbytes, 16, 20);
string PasswordHash = Convert.ToBase64String(hashbytes);
string PasswordSalt = Convert.ToBase64String(salt);
// Database codes insert below
Boolean insCnt = uDao.updateUserPassword(Email, PasswordHash, PasswordSalt, lastUpdOn);
// Email codes below
string body = "Dear User, " + Environment.NewLine + Environment.NewLine + "Your Password Is Successfully Reset! " + Environment.NewLine + "This Is Your Current Login Password: "******". Please Proceed To Change Your Password Upon Your Login. Thank you. " + Environment.NewLine + Environment.NewLine + Environment.NewLine + "Regards, " + Environment.NewLine + "Targeted Marketing Admin Team";
string subject = "Password Successfully Reset!";
string toEmail = Email;
sendMail(subject, body, toEmail);
string script = "alert('Password successfully reset! Please check your new password at your email!');";
ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
}
else
{
string script = "alert('Email not registered. Please re-enter a correct email.');";
ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
}
}
protected void btnCreate_User(object sender, EventArgs e)
{
// if((tbName.Text == "" || tbConNo.Text == "" || ddlUserType.SelectedValue==""|| tbEmail.Text==""))
// {
// alertWarning.Visible = true;
// msgWarning.Text = "Please ensure you have filled in all required fields";
// }
string Name = tbName.Text;
string Type = ddlUserType.SelectedItem.Value;
string Email = tbEmail.Text;
string ContactNumber = tbConNo.Text;
string Pswd = CreatePassword(8);
int Status = 1;
int CreatedBy = Convert.ToInt32(Session["userID"]);
string CreatedOn = DateTime.Now.ToString("MM/dd/yyyy h:mm tt");
int CompanyID = Convert.ToInt32(ddlCompany.SelectedValue);
if (Type == "NULL")
{
alertWarning.Visible = true;
msgWarning.Text = "Please Select User Type!";
}
else
{
if (Type == Reference.USR_MEM && CompanyID == 0)
{
alertWarning.Visible = true;
msgWarning.Text = "Please Select Company!";
}
else
{
// make a new byte array
byte[] salt;
// generate salt
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
// hash and salt using PBKDF2
var pbkdf2 = new Rfc2898DeriveBytes(Pswd, salt, 10000);
// place string in byte array
byte[] hash = pbkdf2.GetBytes(20);
// make new byte array to store hashed password + salt
// 36 --> 16(salt) + 20(hash)
byte[] hashbytes = new byte[36];
Array.Copy(salt, 0, hashbytes, 0, 16);
Array.Copy(hash, 0, hashbytes, 16, 20);
string PasswordHash = Convert.ToBase64String(hashbytes);
string PasswordSalt = Convert.ToBase64String(salt);
UserManagement uDao = new UserManagement();
User uObj = new User();
uObj = uDao.checkEmail(Email);
int EmailExist = 1;
if (uObj == null)
{
EmailExist = 0;
}
if (EmailExist == 0)
{
if (Type == Reference.USR_ADM)
{
Boolean insCnt = uDao.createAdmin(Name, Email, ContactNumber, Type, PasswordHash, PasswordSalt, Status, CreatedBy, CreatedOn);
System.Diagnostics.Debug.WriteLine("Working");
}
else
{
Boolean insCnt = uDao.createUser(Name, Email, ContactNumber, Type, PasswordHash, PasswordSalt, Status, CompanyID, CreatedBy, CreatedOn);
}
string body = "Dear " + Name + ", " + Environment.NewLine + Environment.NewLine + "Your Account Has Been Successfully Created! " + Environment.NewLine + "This Is Your First-Time Login Password: "******". Please Proceed To Change Your Password Upon Your First Login. Thank you. " + Environment.NewLine + Environment.NewLine + Environment.NewLine + "Regards, " + Environment.NewLine + "Targeted Marketing Admin Team";
string subject = "Account Successfully Created!";
string toEmail = Email;
sendMail(subject, body, toEmail); // This is the line where the email is sent
//VIC: after successful creation, the fields should be cleared to min the risk of user clicking on the submit button again
ddlUserType.SelectedIndex = 0;
ddlCompany.SelectedIndex = 0;
tbName.Text = String.Empty;
tbEmail.Text = String.Empty;
tbConNo.Text = String.Empty;
alertSuccess.Visible = true;
alertWarning.Visible = false;
msgSuccess.Text = Name + " Has Been Created Successfully!";
Session["CreateUser"] = 2;
Response.Redirect("UserList.aspx");
}
//VIC: do not need to check if contact already exist
else if (EmailExist > 0)
{
tbEmail.Text = String.Empty;
alertWarning.Visible = true;
alertSuccess.Visible = false;
msgWarning.Text = "Email Already In-Use. Please Try Again!";
}
}
//Session["CreateUser"] = 2;
//Response.Redirect("UserList.aspx");
}
}