public static bool verifyUser(string username, string password, string loginType) { DataTable result = null; try { using (SqlConnection conPrintDB = new SqlConnection(ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString)) { string strSelect = null; if (loginType.Equals(ROLE_STAFF)) { strSelect = "select StaffPassword As Password, StaffSalt As Salt from CompanyStaff where StaffEmail = @uname"; } else { strSelect = "select CustomerPassword As Password, CustomerSalt As Salt from Customer where CustomerEmail = @uname"; } using (SqlCommand cmdSelect = new SqlCommand(strSelect, conPrintDB)) { cmdSelect.Parameters.AddWithValue("@uname", username); using (SqlDataAdapter da = new SqlDataAdapter(cmdSelect)) { result = new DataTable(); da.Fill(result); } //retrieve password info byte[] storedPassword = (byte[])result.Rows[0]["Password"]; byte[] storedSalt = (byte[])result.Rows[0]["Salt"]; //hash password from textbox byte[] hashedPassword = ClassHashing.generateSaltedHash(password, storedSalt); //compare the password and return the result return(ClassHashing.CompareByteArrays(storedPassword, hashedPassword)); } } } catch (Exception ex) { throw new Exception(ex.ToString()); } }
public static string activateStaff(string verificationCode) { DataTable result = null; byte[] emptyByte = { 0, 0 }; try { using (SqlConnection conPrintDB = new SqlConnection(ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString)) { string strSelect = null; strSelect = "select StaffID, StaffNRIC, StaffSalt from CompanyStaff where StaffPassword = @password"; using (SqlCommand cmdSelect = new SqlCommand(strSelect, conPrintDB)) { cmdSelect.Parameters.AddWithValue("@password", emptyByte); using (SqlDataAdapter da = new SqlDataAdapter(cmdSelect)) { result = new DataTable(); da.Fill(result); } //convert verification code to byte array byte[] codeByte = Convert.FromBase64String(verificationCode); for (int i = 0; i < result.Rows.Count; i++) { string staffID = (string)result.Rows[i]["StaffID"]; string staffNRIC = (string)result.Rows[i]["StaffNRIC"]; byte[] staffSalt = (byte[])result.Rows[i]["StaffSalt"]; if (ClassHashing.CompareByteArrays(ClassHashing.generateSaltedHash(staffID + staffNRIC, staffSalt), codeByte)) { return(staffID); } } return(null); } } } catch (Exception ex) { throw new Exception(ex.ToString()); } }