public static bool verifyUser(string username, string password, string loginType)
{
DataTable result = null;
try
{
using (SqlConnection conPrintDB = new SqlConnection(ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString))
{
string strSelect = null;
if (loginType.Equals(ROLE_STAFF))
{
strSelect = "select StaffPassword As Password, StaffSalt As Salt from CompanyStaff where StaffEmail = @uname";
}
else
{
strSelect = "select CustomerPassword As Password, CustomerSalt As Salt from Customer where CustomerEmail = @uname";
}
using (SqlCommand cmdSelect = new SqlCommand(strSelect, conPrintDB))
{
cmdSelect.Parameters.AddWithValue("@uname", username);
using (SqlDataAdapter da = new SqlDataAdapter(cmdSelect))
{
result = new DataTable();
da.Fill(result);
}
//retrieve password info
byte[] storedPassword = (byte[])result.Rows[0]["Password"];
byte[] storedSalt = (byte[])result.Rows[0]["Salt"];
//hash password from textbox
byte[] hashedPassword = ClassHashing.generateSaltedHash(password, storedSalt);
//compare the password and return the result
return(ClassHashing.CompareByteArrays(storedPassword, hashedPassword));
}
}
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
}
public static string activateStaff(string verificationCode)
{
DataTable result = null;
byte[] emptyByte = { 0, 0 };
try
{
using (SqlConnection conPrintDB = new SqlConnection(ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString))
{
string strSelect = null;
strSelect = "select StaffID, StaffNRIC, StaffSalt from CompanyStaff where StaffPassword = @password";
using (SqlCommand cmdSelect = new SqlCommand(strSelect, conPrintDB))
{
cmdSelect.Parameters.AddWithValue("@password", emptyByte);
using (SqlDataAdapter da = new SqlDataAdapter(cmdSelect))
{
result = new DataTable();
da.Fill(result);
}
//convert verification code to byte array
byte[] codeByte = Convert.FromBase64String(verificationCode);
for (int i = 0; i < result.Rows.Count; i++)
{
string staffID = (string)result.Rows[i]["StaffID"];
string staffNRIC = (string)result.Rows[i]["StaffNRIC"];
byte[] staffSalt = (byte[])result.Rows[i]["StaffSalt"];
if (ClassHashing.CompareByteArrays(ClassHashing.generateSaltedHash(staffID + staffNRIC, staffSalt), codeByte))
{
return(staffID);
}
}
return(null);
}
}
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
}
