/// <summary> /// Used to get the password of a user /// </summary> /// <param name="email">Email of the user</param> /// <returns>returns the decrypted password</returns> public string GetAccountPassword(string email) { try { using (SqlConnection connection = new SqlConnection(conStr)) { using (SqlCommand command = new SqlCommand("spGetAccountPassword", connection)) { command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("email", SqlDbType.VarChar, 99).Value = DBConvert.From(email); connection.Open(); using (SqlDataReader reader = command.ExecuteReader()) { if (reader.Read()) { return(PassHash.MD5HashDecrypt(DBConvert.To <string>(reader[0]))); } } } } return(null); } catch { return(null); } }
internal static PassHash GenerateHash(SecureString secPassword, byte[] prevSalt) { try { byte[] salt = prevSalt; var pbkdf2 = new Rfc2898DeriveBytes(Marshal.PtrToStringBSTR(Marshal.SecureStringToBSTR(secPassword)), salt, 20000); byte[] hash = pbkdf2.GetBytes(20); byte[] hashBytes = new byte[52]; Array.Copy(salt, 0, hashBytes, 0, SaltBytes); //copy salt into hashBytes Array.Copy(hash, 0, hashBytes, SaltBytes, HashBytes); //copy hash into hashBytes string savedPasswordHash = Convert.ToBase64String(hashBytes); string savedSalt = Convert.ToBase64String(salt); var passHash = new PassHash { Salt = savedSalt, Hash = savedPasswordHash }; return(passHash); } catch (Exception ex) { App.Logger.Error(ex, "Could not generate password hash"); return(new PassHash()); } }
private void setCurrentSalesPerson(SqlConnection con, string username, string password) { string passHashed = new PassHash().PassHashResult(password); SqlCommand com = new SqlCommand("UPDATE TABLE_USERDATA SET ACTIVE = 1 WHERE USERNAME = @UN AND PASSWORD = @PWH", con); com.Parameters.Add("UN", username); com.Parameters.Add("PWH", passHashed); com.ExecuteNonQuery(); }
public static void test_addUser(string userID, string password) { string[] saltHash = PassHash.CreatePassHash(password); Debug.Assert(social_network.addUser(userID, saltHash[0], saltHash[1], new List <int>() { }, new List <string>() { })); }
private void addAccount(SqlConnection con, string username, string password, int userLevel, string fullname) { string passEncoded = new PassHash().PassHashResult(password); int defaultStat = 0; SqlCommand adminAdd = new SqlCommand("INSERT INTO TABLE_USERDATA(USERNAME,PASSWORD,FULLNAME,USERLEVEL,ACTIVE) VALUES (@UN,@PASS,@FN,@UL,@STAT)", con); adminAdd.Parameters.Add("UN", username); adminAdd.Parameters.Add("PASS", passEncoded); adminAdd.Parameters.Add("FN", fullname); adminAdd.Parameters.Add("UL", userLevel); adminAdd.Parameters.Add("STAT", defaultStat); adminAdd.ExecuteNonQuery(); }
private Boolean isCredentialsMatch(SqlConnection con, string username, string password) { Boolean res = false; string passHashed = new PassHash().PassHashResult(password); SqlCommand com = new SqlCommand("SELECT * FROM TABLE_USERDATA WHERE USERNAME = @UN AND PASSWORD = @PWH", con); com.Parameters.Add("UN", username); com.Parameters.Add("PWH", passHashed); SqlDataReader reader = com.ExecuteReader(); res = reader.HasRows; reader.Close(); return(res); }
private string ForgotPasswordUpdate(Cuenta user) { string password = Guid.NewGuid().ToString("N").ToLower() .Replace("1", "").Replace("o", "").Replace("0", "") .Substring(0, 10); string salt = PassSalt.Create(); string hash = PassHash.Create(password, salt); user.Passwd = hash; user.Salt = salt; _context.SaveChanges(); return(password); }
public Cuenta VerificarLogin(string usuario, string passwd) { var user = _context.Cuenta .Include(c => c.PersonaCuenta) .SingleOrDefault(x => x.Usuario == usuario); if (user != null) { bool verifico = PassHash.Validate(passwd, user.Salt, user.Passwd); if (verifico) { return(user); } } return(null); }
public bool ActualizarPassword(string email, string passwordAntiguo, string passwordActual) { var c = _context.Cuenta.SingleOrDefault(x => x.Email == email); Cuenta cuenta = VerificarLogin(c.Usuario, passwordAntiguo); if (cuenta != null) { string salt = PassSalt.Create(); string hash = PassHash.Create(passwordActual, salt); cuenta.Passwd = hash; cuenta.Salt = salt; _context.SaveChanges(); return(true); } return(false); }
private int getUserLevel(SqlConnection con, string username, string password) { int UL = 0; string passHashed = new PassHash().PassHashResult(password); SqlCommand com = new SqlCommand("SELECT * FROM TABLE_USERDATA WHERE USERNAME = @UN AND PASSWORD = @PWH", con); com.Parameters.Add("UN", username); com.Parameters.Add("PWH", passHashed); SqlDataReader reader = com.ExecuteReader(); while (reader.Read()) { UL = Convert.ToInt32(reader[3]); } reader.Close(); return(UL); }
public IActionResult Add(AdministradorViewModel model) { if (ModelState.IsValid) { var cookieValue = Request.Cookies["UrlFacultad"]; multyTenancyService.SeleccionarNodoFacultad(cookieValue); string salt = PassSalt.Create(); string hash = PassHash.Create(model.Password, salt); var a = new Administrador() { Nombre = model.Nombre, Apellido = model.Apellido, Usuario = model.Usuario, Passwd = hash, Salt = salt, }; userService.AddAdministrador(a, model.Tipo_Administrador, model.Facultad); return(RedirectToAction("Index")); } return(View(model)); }
private void hasUserData(SqlConnection con) { SqlCommand com = new SqlCommand("SELECT * FROM TABLE_USERDATA", con); SqlDataReader reader = com.ExecuteReader(); Boolean rows = reader.HasRows; reader.Close(); if (rows == false) { int defaultStat = 0; int adminUL = 4; string passEncoded = new PassHash().PassHashResult("admin"); SqlCommand adminAdd = new SqlCommand("INSERT INTO TABLE_USERDATA(USERNAME,PASSWORD,FULLNAME,USERLEVEL,ACTIVE) VALUES (@UN,@PASS,@FN,@UL,@STAT)", con); adminAdd.Parameters.Add("UN", "admin"); adminAdd.Parameters.Add("PASS", passEncoded); adminAdd.Parameters.Add("FN", "Administrator"); adminAdd.Parameters.Add("UL", adminUL); adminAdd.Parameters.Add("STAT", defaultStat); adminAdd.ExecuteNonQuery(); } }
public bool CrearCuentaAdministrador(string nombre, string apellido, string usuario, string password, string tipoAdministrador, int IdFacultad) { try { var salt = PassSalt.Create(); var hash = PassHash.Create(password, salt); var administrador = new Administrador() { Nombre = nombre, Apellido = apellido, Usuario = usuario, Passwd = hash, Salt = salt }; _contextoGeneral.Administrador.Add(administrador); _contextoGeneral.SaveChanges(); if (tipoAdministrador == "Facultad") { var tipoAdminFac = new AdministradorFacultad() { FacultadId = IdFacultad, AdministradorId = administrador.Id }; _contextoGeneral.AdministradorFacultad.Add(tipoAdminFac); } else { var tipoAdminUdelar = new AdministradorUdelar() { AdministradorId = administrador.Id }; _contextoGeneral.AdministradorUdelar.Add(tipoAdminUdelar); } _contextoGeneral.SaveChanges(); } catch (Exception ex) { Console.WriteLine(ex); return(false); } return(true); }
public PersonaCuentaResponse VerificarLoginAdministradores(string usuario, string passwd) { var user = _contextoGeneral.Administrador .Include(c => c.AdminFacultad) .Include(c => c.AdminUdelar) .SingleOrDefault(x => x.Usuario == usuario); if (user != null) { bool verifico = PassHash.Validate(passwd, user.Salt, user.Passwd); if (verifico) { var tipoUsaurio = "Facultad"; var adminF = _contextoGeneral.AdministradorFacultad .SingleOrDefault(x => x.AdministradorId == user.Id); if (adminF == null) { tipoUsaurio = "Udelar"; } return(new PersonaCuentaResponse(user.Id, user.Nombre, user.Apellido, user.Usuario, tipoUsaurio, true)); } } return(null); }
public bool CrearCuenta(CreateUserRequest model) { if (model.GoogleId == null) //Register Interno { if (!VerificarCuentaDatos(model.Usuario, model.Cedula)) //si esto es falso osea que no hay datos existentes { var salt = PassSalt.Create(); var hash = PassHash.Create(model.Password, salt); try { var persona = new Persona() { Ci = model.Cedula, Nombre = model.Nombre, Apellido = model.Apellido, }; _context.Persona.Add(persona); _context.SaveChanges(); var cuenta = new Cuenta() { Usuario = model.Usuario, Passwd = hash, //Hash Salt = salt, //Salt Email = model.Email, NumeroTelefono = model.Telefono, TipoCuenta = model.TipoCuenta, PersonaId = persona.Id, }; _context.Cuenta.Add(cuenta); _context.SaveChanges(); return(true); } catch (Exception ex) { Console.WriteLine(ex); return(false); } } } else //Register google { var user = VerificarCuentaGoogle(model.GoogleId); if (user == null) { var persona = new Persona() { Ci = model.Cedula, Nombre = model.Nombre, Apellido = model.Apellido, }; _context.Persona.Add(persona); _context.SaveChanges(); var cuenta = new Cuenta() { Usuario = model.GoogleId, Email = model.Email, NumeroTelefono = model.Telefono, TipoCuenta = model.TipoCuenta, PersonaId = persona.Id, }; _context.Cuenta.Add(cuenta); _context.SaveChanges(); var cunetaGoogle = new CuentaGoogle() { CuentaId = cuenta.Id, GoogleId = model.GoogleId, ImgUrl = model.ImgUrl }; _context.CuentaGoogle.Add(cunetaGoogle); _context.SaveChanges(); return(true); } } return(false); }
/// <summary> /// Used to update the user's account password /// </summary> /// <param name="account_id">ID assigned to the user's account</param> /// <param name="old_password">Current password of the user</param> /// <param name="new_password">New password supplied by the user</param> /// <returns>returns positive integer if success otherwise failed</returns> public int UpdateAccountPassword(int account_id, string old_password, string new_password) { try { using (SqlConnection connection = new SqlConnection(conStr)) { using (SqlCommand command = new SqlCommand("spUpdateAccountPassword", connection)) { command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("account_id", SqlDbType.Int).Value = DBConvert.From(account_id); command.Parameters.Add("oldPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(old_password)); command.Parameters.Add("newPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(new_password)); connection.Open(); return((int)command.ExecuteScalar()); } } } catch { return(-1); } }
public string GetHashedPassword(string password) { PassHash ph = new PassHash(); return(ph.GetHashedPassword(password)); }
/// <summary> /// Used to add a new user account after successfull registration /// </summary> /// <param name="account">Account object which contains the supplied information by the user</param> /// <returns>Returns integer value -69 if username exists, -70 if email exists, -1 if failed, and 1 if success</returns> public int AddAccount(Account account) { try { using (SqlConnection connection = new SqlConnection(conStr)) { using (SqlCommand command = new SqlCommand("spAddAccount", connection)) { command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("firstname", SqlDbType.VarChar, 99).Value = DBConvert.From(account.FirstName); command.Parameters.Add("lastname", SqlDbType.VarChar, 99).Value = DBConvert.From(account.LastName); command.Parameters.Add("birthday", SqlDbType.Date).Value = DBConvert.From(account.Birthday); command.Parameters.Add("email", SqlDbType.VarChar, 99).Value = DBConvert.From(account.Email); command.Parameters.Add("username", SqlDbType.VarChar, 99).Value = DBConvert.From(account.Username); command.Parameters.Add("password", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(account.Password)); connection.Open(); return((int)command.ExecuteScalar()); } } } catch { return(-1); } }
/// <summary> /// Used to authenticate the user credentials before accessing the main interface of the application /// </summary> /// <param name="username">Username of the user</param> /// <param name="password">Password of the user</param> /// <returns>returns the account id of the authenticated user</returns> public int LoginAccount(string username, string password) { try { using (SqlConnection connection = new SqlConnection(conStr)) { using (SqlCommand command = new SqlCommand("spLoginAccount", connection)) { command.CommandType = CommandType.StoredProcedure; command.Parameters.Add("username", SqlDbType.VarChar, 99).Value = DBConvert.From(username); command.Parameters.Add("password", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(password)); connection.Open(); return((int)command.ExecuteScalar()); //returns id of user } } } catch { return(-1); } }