static Boolean Test()
{
Console.WriteLine("Testing SHA256 hash...");
SimpleHash sh = new SimpleHash();
SHA256 sha = new SHA256Managed();
return sh.TestAlgorithm(sha);
}
/// <summary>
/// Handles the Click event of the saveButton control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void saveButton_Click(object sender, EventArgs e)
{
User user = new User
{
Access = 0,
Email = emailAddressTextBox.Text.Trim(),
FirstName = firstNameTextBox.Text.Trim(),
LastName = lastNameTextBox.Text.Trim(),
Website = websiteTextBox.Text.Trim()
};
bool passwordFieldsHaveValues = !string.IsNullOrEmpty(passwordOneTextBox.Text.Trim()) && !string.IsNullOrEmpty(passwordTwoTextBox.Text.Trim());
bool isValidPassword = true;
//Check passwords if they exist
if (passwordFieldsHaveValues)
{
isValidPassword = IsValidPassword();
if (isValidPassword)
{
user.Password = SimpleHash.ComputeHash(passwordOneTextBox.Text.Trim(), SimpleHash.Algorithm.SHA256, new byte[8]);
}
else
{
message.Text = "Passwords don't match";
}
}
else
{
if (!IsUserEdit)
{
message.Text = "New Users require a password";
}
}
//Check that there is a valid password and the error text is empty
if (isValidPassword && string.IsNullOrEmpty(message.Text))
{
if (IsUserEdit)
{
//If no password values were entered we need to keep the old password.
if (!passwordFieldsHaveValues)
{
user.Password = editUser.Password;
}
//Set user Id
user.UserId = userId;
//update the user and display the success message.
new UserLogic().Update(user);
//message.Text = string.Format(AdminResources.SuccessfulUserUpdate);
Response.Redirect("~/Admin/Manage.aspx?a=Users", false);
}
else
{
new UserLogic().Add(user);
message.Text = string.Format(AdminResources.SuccessfulUserAdd, user.Email);
}
//Clears the textboxes
WebControlUtilities.ClearTextFromControl <TextBox>(Controls);
}
}
public VenereissuModule()
{
StaticConfiguration.DisableErrorTraces = false;
var db = new VenereissutDataContext();
Get["/Hello"] = parameters => "Hello World";
// Login
Post["/Login"] = p =>
{
Login model = this.Bind();
// Haetaan käyttäjän tiedot tietokannasta username:n perusteella
User q = (from a in db.Users where model.username == a.UserName select a).FirstOrDefault();
ISimpleHash simpleHash = new SimpleHash();
if (simpleHash.Verify(model.passwd, q.Password))
{
// Login ok, annetaan sessionId ja tallennetaan se käyttäjälle.
string sessionId = Util.CreateRandomPassword(20);
q.SessionId = sessionId;
q.TimeStamp = DateTime.Now;
db.SubmitChanges();
return(sessionId);
}
// Login ei ok, ei palauteta mitään.
return(String.Empty);
};
// Logoff
Post["/Logoff"] = p =>
{
var id = Request.Body;
var length = Request.Body.Length;
var data = new byte[length];
id.Read(data, 0, (int)length);
var body = System.Text.Encoding.Default.GetString(data);
var q = (from a in db.Users where a.SessionId == body select a).FirstOrDefault();
if (q != null)
{
// Tyhjennetään ko. käyttäjän sessionId palvelimelta.
q.SessionId = String.Empty;
db.SubmitChanges();
return("Logoff successful." + body);
}
// Logoff ei täsmännyt, palautetaan tyhjä vastaus.
return(String.Empty);
};
Post["/addUser"] = p =>
{
Login model = this.Bind();
ISimpleHash simpleHash = new SimpleHash();
string saltedPasswd = simpleHash.Compute(model.passwd);
User user = new User {
UserName = model.username, Password = saltedPasswd
};
db.Users.InsertOnSubmit(user);
db.SubmitChanges();
return("Operation successful.");
};
//Post["/addKohde"] = p =>
//{
// Kohteet model = this.Bind();
// db.Kohteets.InsertOnSubmit(model);
// db.SubmitChanges();
// return "Done inserting Kohde!";
//};
Post["/addKohde"] = p =>
{
KohdeWAuthentication m = this.Bind();
if (!Authenticate(m.token, db))
{
return(String.Empty);
}
Kohteet k = new Kohteet {
Kohde_Id = m.Kohde_Id, Koordinaatit = m.Koordinaatit, KuvaBase64 = m.KuvaBase64, Kuvausteksti = m.Kuvausteksti, Nimi = m.Nimi
};
db.Kohteets.InsertOnSubmit(k);
db.SubmitChanges();
return("Done inserting Kohde!");
};
Post["/addKohteenReissut"] = p =>
{
KohteetReissut model = this.Bind();
db.KohteetReissuts.InsertOnSubmit(model);
db.SubmitChanges();
return("Done inserting KohteenReissut!");
};
//Post["/addReissu"] = p =>
//{
// Reissut model = this.Bind();
// db.Reissuts.InsertOnSubmit(model);
// db.SubmitChanges();
// return "Done inserting Reissuts!";
//};
Post["/addReissu"] = p =>
{
ReissutWAuthentication model = this.Bind();
if (!Authenticate(model.token, db))
{
return(String.Empty);
}
string userName = GetUserNameByToken(model.token, db);
Reissut m = new Reissut {
UserName = userName, Alkoi = model.Alkoi, Nimi = model.Nimi, Kuvausteksti = model.Kuvausteksti
};
db.Reissuts.InsertOnSubmit(m);
db.SubmitChanges();
return(m.Reissu_Id.ToString());
};
Get["/Kohteet/{id}"] = p => (GetKohde(p.id, p.token, db));
}
public void Save(Stream output, bool leaveOpen = false)
{
using (var bw = new BinaryWriterX(output, leaveOpen, byteOrder))
{
//Header.dataOffset = Files.Aggregate(
// 0x14 + 0xC + 0x8 + Files.Sum(afi => usesSFNT ? ((afi.FileName.Length + 4) & ~3) + 0x10 : 0x10),
// (n, file) => Support.Pad(n, file.FileName, (byteOrder == ByteOrder.LittleEndian) ? System.CTR : System.WiiU));
// SFAT Header
bw.BaseStream.Position = 0x14;
bw.WriteStruct(new SFATHeader
{
hashMultiplier = (int)hashMultiplier,
nodeCount = (short)Files.Count
});
// SFAT List + nameList
var nameOffset = 0;
var dataOffset = 0;
var sfatEntry = new SFATEntry();
foreach (var afi in Files)
{
dataOffset = Support.Pad(dataOffset, afi.FileName, (byteOrder == ByteOrder.LittleEndian) ? System.CTR : System.WiiU);
// BXLIM Alignment Reading
if (afi.FileName.EndsWith("lim"))
{
using (var br = new BinaryReaderX(afi.FileData, true, byteOrder))
{
br.BaseStream.Position = br.BaseStream.Length - 0x28;
var type = br.PeekString();
var alignment = 0;
if (type == "FLIM")
{
br.BaseStream.Position = br.BaseStream.Length - 0x8;
alignment = br.ReadInt16();
}
else if (type == "CLIM")
{
br.BaseStream.Position = br.BaseStream.Length - 0x6;
alignment = br.ReadInt16();
}
dataOffset = (sfatEntry.dataEnd + alignment - 1) & -alignment;
}
}
var fileLen = (int)afi.FileData.Length;
sfatEntry = new SFATEntry
{
nameHash = usesSFNT ? SimpleHash.Create(afi.FileName, hashMultiplier) : Convert.ToUInt32(afi.FileName.Substring(2, 8), 16),
SFNTOffsetFlag = (uint)(((usesSFNT ? 0x100 : 0) << 16) | (usesSFNT ? nameOffset / 4 : 0)),
dataStart = dataOffset,
dataEnd = dataOffset + fileLen
};
bw.WriteStruct(sfatEntry);
nameOffset = (nameOffset + afi.FileName.Length + 4) & ~3;
dataOffset = sfatEntry.dataEnd;
}
// SFNT
bw.WriteStruct(SFNTHeader);
if (usesSFNT)
{
foreach (var afi in Files)
{
bw.WriteASCII(afi.FileName + "\0");
bw.BaseStream.Position = (bw.BaseStream.Position + 3) & ~3;
}
}
// Files
bw.WriteAlignment(Header.dataOffset);
foreach (var afi in Files)
{
var alignment = Support.Pad((int)bw.BaseStream.Length, afi.FileName, (byteOrder == ByteOrder.LittleEndian) ? System.CTR : System.WiiU);
// BXLIM Alignment Reading
if (afi.FileName.EndsWith("lim"))
{
using (var br = new BinaryReaderX(afi.FileData, true, byteOrder))
{
br.BaseStream.Position = br.BaseStream.Length - 0x28;
var type = br.PeekString();
if (type == "FLIM")
{
br.BaseStream.Position = br.BaseStream.Length - 0x8;
alignment = br.ReadInt16();
}
else if (type == "CLIM")
{
br.BaseStream.Position = br.BaseStream.Length - 0x6;
alignment = br.ReadInt16();
}
}
}
bw.WriteAlignment(alignment);
afi.FileData.CopyTo(bw.BaseStream);
}
// Header
bw.BaseStream.Position = 0;
Header.fileSize = (int)bw.BaseStream.Length;
bw.WriteStruct(Header);
}
}
public void CreateLoginsAndMembers()
{
Role roleAdmin = _dbContext.Roles.First(r => r.Id == (int)UserRoles.Admin);
Role rolePilot = _dbContext.Roles.FirstOrDefault(r => r.Id == (int)UserRoles.Pilot);
Role roleInstructor = _dbContext.Roles.FirstOrDefault(r => r.Id == (int)UserRoles.Instructor);
Role roleOwner = _dbContext.Roles.First(r => r.Id == (int)UserRoles.AircraftOwner);
string salt = SimpleHash.GetSalt(32);
string hash = SimpleHash.MD5("password1", salt);
Login loginAdmin = new Login()
{
Username = "******",
Password = SimpleHash.MD5("password1", salt),
PasswordSalt = salt,
MemberPIN = "1110",
Email = "*****@*****.**"
};
try
{
_dbContext.Logins.Add(loginAdmin);
_dbContext.SaveChanges();
}
catch (DbEntityValidationException ex)
{
foreach (var e in ex.EntityValidationErrors)
{
Debug.WriteLine(e.Entry);
}
throw;
}
Member memberAdmin = new Member()
{
Status = "Active",
AddressLine_1 = "1234 Main St",
City = "Plano",
Zip = "75035",
FirstName = "Frank",
LastName = "Zappa",
LastMedical = DateTime.Now,
//PrimaryEmail = "*****@*****.**",
LoginId = loginAdmin.Id,
Roles = new List <Role>()
{
roleAdmin
}
};
_dbContext.Members.Add(memberAdmin);
_dbContext.SaveChanges();
Login loginOwner1 = new Login()
{
Username = "******",
Email = "*****@*****.**",
Password = SimpleHash.MD5("test", salt),
PasswordSalt = salt,
MemberPIN = "1211"
};
_dbContext.Logins.Add(loginOwner1);
_dbContext.SaveChanges();
Member memberOwner1 = new Member()
{
Status = "Active",
AddressLine_1 = "1234 Main St",
City = "Beverly Hills",
Zip = "23031",
FirstName = "John",
LastName = "Travolta",
LastMedical = DateTime.Now,
//PrimaryEmail = "*****@*****.**",
LoginId = loginOwner1.Id,
Roles = new List <Role>()
{
roleOwner
}
};
_dbContext.Members.Add(memberOwner1);
Login loginOwner2 = new Login()
{
Username = "******",
Email = "*****@*****.**",
Password = SimpleHash.MD5("test", salt),
PasswordSalt = salt,
MemberPIN = "1351"
};
_dbContext.Logins.Add(loginOwner2);
_dbContext.SaveChanges();
Member memberOwner2 = new Member()
{
Status = "Active",
AddressLine_1 = "1234 Poplar Ave",
City = "Santa Monica",
Zip = "450123",
FirstName = "Harrison",
LastName = "Ford",
LastMedical = DateTime.Now,
//PrimaryEmail = "*****@*****.**",
LoginId = loginOwner2.Id,
Roles = new List <Role>()
{
roleOwner
}
};
_dbContext.Members.Add(memberOwner2);
Login loginPilot1 = new Login()
{
Username = "******",
Email = "*****@*****.**",
Password = SimpleHash.MD5("test", salt),
PasswordSalt = salt,
MemberPIN = "1525"
};
_dbContext.Logins.Add(loginPilot1);
_dbContext.SaveChanges();
Member memberPilot1 = new Member()
{
Status = "Active",
AddressLine_1 = "1010 Addison Circle",
City = "Addison",
Zip = "750444",
FirstName = "Bob",
LastName = "Hoover",
LastMedical = DateTime.Now.AddDays(-100),
//PrimaryEmail = "*****@*****.**",
LoginId = loginPilot1.Id,
Roles = new List <Role>()
{
rolePilot
}
};
_dbContext.Members.Add(memberPilot1);
_dbContext.SaveChanges();
Login loginInstructor1 = new Login()
{
Username = "******",
Email = "*****@*****.**",
Password = SimpleHash.MD5("test", salt),
PasswordSalt = salt,
MemberPIN = "1010"
};
_dbContext.Logins.Add(loginInstructor1);
_dbContext.SaveChanges();
Member memberInstructor1 = new Member()
{
Status = "Active",
AddressLine_1 = "1234 Somewhere Lane",
City = "Beverly Hills",
Zip = "90210",
FirstName = "Billy",
LastName = "Bathwater",
LastMedical = DateTime.Now.AddDays(-100),
//PrimaryEmail = "*****@*****.**",
LoginId = loginInstructor1.Id,
Roles = new List <Role>()
{
roleInstructor
}
};
_dbContext.Members.Add(memberInstructor1);
_dbContext.SaveChanges();
InstructorData instructor1Data = new InstructorData()
{
AvailableForCheckoutsAnnuals = true,
CertificateNumber = "1234567890",
DesignatedForStageChecks = false,
InstructOnWeekdayNights = false,
InstructOnWeekdays = false,
InstructOnWeekends = true,
Member = memberInstructor1,
Ratings = "CFI, CFII, MEI"
};
_dbContext.InstructorData.Add(instructor1Data);
_dbContext.SaveChanges();
Login loginGuest = new Login()
{
Username = "******",
Email = "*****@*****.**",
Password = SimpleHash.MD5("password1", salt),
PasswordSalt = salt,
ForumUserId = 179,
MemberPIN = "1790"
};
_dbContext.Logins.Add(loginGuest);
_dbContext.SaveChanges();
Login jeremyLogin = new Login()
{
Username = "******",
Password = SimpleHash.MD5("2g4uFOOl", "6YA+Ie1h2GLV1GU/K5EobHfSm4GPpXgAm+BbICN2RvM="),
PasswordSalt = "6YA+Ie1h2GLV1GU/K5EobHfSm4GPpXgAm+BbICN2RvM=",
ForumUserId = 1,
Email = "*****@*****.**",
MemberPIN = "1530"
};
_dbContext.Logins.Add(jeremyLogin);
_dbContext.SaveChanges();
Member jeremyMember = new Member()
{
Status = "Active",
AddressLine_1 = "2511 Cheverny Dr",
City = "McKinney",
Zip = "75070",
FirstName = "Jeremy",
LastName = "Whittington",
LastMedical = DateTime.Now,
//PrimaryEmail = "*****@*****.**",
LoginId = jeremyLogin.Id,
Roles = new List <Role>()
{
roleAdmin
}
};
_dbContext.Members.Add(jeremyMember);
_dbContext.SaveChanges();
}
protected void btnSignUp_Click(object sender, EventArgs e)
{
try
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["conString"].ConnectionString);
connection.Open();
string cmdText = "Insert INTO GeneralUser(EmailAddress, FirstName, LastName, Gender, HomePhone, HomeAddress, City, State," +
"ZIP, DOB, Password, UserType, PasswordHash, ShirtSize, UserPermission, LastLogin, Race, CellPhone, JoinDate," +
"ActivatedBool) Values(@EmailAddress, @FirstName, @LastName, @Gender, @HomePhone, @HomeAddress, @City, @State," +
"@ZIP, @DOB, @Password, @UserType, @PasswordHash, @ShirtSize, @UserPermission, @LastLogin, @Race, @CellPhone," +
"@JoinDate, @Activated)";
SqlCommand cmd = new SqlCommand(cmdText, connection);
cmd.Parameters.AddWithValue("@EmailAddress", txtEmail.Text);
cmd.Parameters.AddWithValue("@FirstName", txtfName.Text);
cmd.Parameters.AddWithValue("@LastName", txtlName.Text);
cmd.Parameters.AddWithValue("@Gender", ddlGender.Text);
if (txtHome.Text.Trim().Equals("") || txtHome.Text == null)
{
cmd.Parameters.AddWithValue("@HomePhone", System.DBNull.Value);
}
else
{
cmd.Parameters.AddWithValue("@HomePhone", txtHome.Text);
}
cmd.Parameters.AddWithValue("@HomeAddress", txtAddress.Text);
cmd.Parameters.AddWithValue("@City", txtCity.Text);
cmd.Parameters.AddWithValue("@State", txtState.Text);
cmd.Parameters.AddWithValue("@ZIP", txtZip.Text);
cmd.Parameters.AddWithValue("@DOB", txtDOB.Text);
cmd.Parameters.AddWithValue("@Password", txtPassword.Text);
cmd.Parameters.AddWithValue("@UserType", ddlUserType.Text);
int permission = 0;
if (ddlUserType.Text == "Administrator")
{
permission = 5;
}
if (ddlUserType.Text == "Staff")
{
permission = 4;
}
if (ddlUserType.Text == "Student")
{
permission = 3;
}
if (ddlUserType.Text == "Parent")
{
permission = 2;
}
if (ddlUserType.Text == "Cipher")
{
permission = 1;
}
string passHash = SimpleHash.ComputeHash(txtPassword.Text, "MD5", null);
cmd.Parameters.AddWithValue("@PasswordHash", passHash);
cmd.Parameters.AddWithValue("@ShirtSize", ddlShirtSize.Text); //Need Shirt Size Text Box
Debug.WriteLine(permission);
cmd.Parameters.AddWithValue("@UserPermission", permission);
cmd.Parameters.AddWithValue("@LastLogin", System.DBNull.Value);
List <String> selectedValues = cblRace.Items.Cast <ListItem>()
.Where(li => li.Selected)
.Select(li => li.Value)
.ToList();
String races = "";
foreach (String item in selectedValues)
{
races += item + ", ";
}
if (races.Trim().Equals(""))
{
cmd.Parameters.AddWithValue("@Race", System.DBNull.Value);
}
else
{
cmd.Parameters.AddWithValue("@Race", races);
}
cmd.Parameters.AddWithValue("@CellPhone", txtCell.Text);
DateTime today = DateTime.Now;
cmd.Parameters.AddWithValue("@JoinDate", today);
cmd.Parameters.AddWithValue("@Activated", 1);
cmd.ExecuteNonQuery();
if (ddlUserType.Text == "Administrator")
{
insertAdmin();
}
if (ddlUserType.Text == "Staff")
{
insertStaff();
}
if (ddlUserType.Text == "Student")
{
insertStudent();
}
if (ddlUserType.Text == "Parent")
{
insertParent();
}
if (ddlUserType.Text == "Cipher")
{
insertCipher();
}
}
catch (SqlException SQLe)
{
System.Diagnostics.Debug.Write(SQLe.ToString());
}
Response.Redirect("Admin.ManageAccounts.aspx");
MessageBox.Show("User has been added! Please activate their account and set permission");
}
public void Save(Stream output, IList <IArchiveFileInfo> files)
{
var hash = new SimpleHash(HashSeed_);
using var bw = new BinaryWriterX(output);
// Create string dictionary
var stringPosition = 0;
var stringDictionary = new Dictionary <string, int>();
foreach (var distinctString in files.Select(x => x.FilePath.FullName).Distinct())
{
stringDictionary[distinctString] = stringPosition;
stringPosition += Encoding.ASCII.GetByteCount(distinctString) + 1;
}
// Calculate offsets
var entryOffset = HeaderSize;
var stringOffset = entryOffset + files.Count * EntrySize;
var fileOffset = (stringOffset + stringPosition + 3) & ~3;
var filePosition = fileOffset;
// Write files
var entries = new List <Bg4Entry>();
foreach (var file in files.Cast <ArchiveFileInfo>())
{
output.Position = filePosition;
var writtenSize = file.SaveFileData(output);
// Create entry
var fileName = file.FilePath.FullName;
entries.Add(new Bg4Entry
{
FileOffset = filePosition,
FileSize = (int)writtenSize,
IsCompressed = file.UsesCompression,
nameOffset = (short)stringDictionary[fileName],
nameHash = BinaryPrimitives.ReadUInt32BigEndian(hash.Compute(Encoding.ASCII.GetBytes(ReverseString(fileName))))
});
filePosition += (int)writtenSize;
}
// Write strings
output.Position = stringOffset;
foreach (var distinctString in stringDictionary.Keys)
{
bw.WriteString(distinctString, Encoding.ASCII, false);
}
bw.WriteAlignment(4, 0xFF);
// Write entries
output.Position = entryOffset;
bw.WriteMultiple(entries);
// Write header
output.Position = 0;
bw.WriteType(new Bg4Header
{
fileEntryCount = (short)files.Count,
metaSecSize = fileOffset,
fileEntryCountMultiplier = 1,
fileEntryCountDerived = (short)files.Count
});
}
public void createCEO(string BID)
{
try
{
Person employee = new Person(txtFirstName.Text, txtLastName.Text, txtEmail.Text);
employee.setLastUpdatedBy((string)(Session["FirstName"]));
SqlConnection sc = new SqlConnection();
sc.ConnectionString = ConfigurationManager.ConnectionStrings["GroupProjectConnectionString"].ConnectionString;
sc.Open();
SqlCommand insert = new SqlCommand();
insert.Connection = sc;
insert.CommandText = "select [E-mail] from [Person] where [E-mail] = @Email";
insert.Parameters.AddWithValue("@Email", employee.getEmail());
SqlDataReader reader = insert.ExecuteReader();
if (reader.HasRows)
{
Response.Write("<script>alert('Email record has already existed in Database')</script>");
reader.Close();
sc.Close();
}
else
{
reader.Close();
insert.CommandText = "INSERT INTO [dbo].[Person] ([FirstName],[LastName],[MI],[E-mail],[Position],[Password],[UserName],[PointsBalance],[PendingPoints],[LastUpdated],[LastUpdatedBy],[BusinessEntityID],[loginCount],[Status]) VALUES" +
"(@FirstName,@LastName,@MI,@Email,@Position,@Password,@UserName,@PointsBalance,@PendingPoints,@LastUpdated,@LastUpdatedBy,@BusinessEntityID,0,@Status)";
insert.Parameters.AddWithValue("@FirstName", employee.getFirstName());
insert.Parameters.AddWithValue("@LastName", employee.getLastName());
insert.Parameters.AddWithValue("@Position", "CEO");
insert.Parameters.AddWithValue("@PointsBalance", employee.getPointsBalance());
insert.Parameters.AddWithValue("@PendingPoints", employee.getPendingPoints());
insert.Parameters.AddWithValue("@BusinessEntityID", BID);
insert.Parameters.AddWithValue("@LastUpdatedBy", employee.getLastUpdatedBy());
insert.Parameters.AddWithValue("@LastUpdated", employee.getLastUpdated());
insert.Parameters.AddWithValue("@Status", "active");
if (txtMI.Text.Trim() == "")
{
insert.Parameters.AddWithValue("@MI", DBNull.Value);
}
else
{
insert.Parameters.AddWithValue("@MI", txtMI.Text.Trim());
}
string password = System.Web.Security.Membership.GeneratePassword(8, 6);
string passwordHashNew = SimpleHash.ComputeHash(password, "MD5", null);
insert.Parameters.AddWithValue("@Password", passwordHashNew);
insert.Parameters.AddWithValue("@UserName", employee.getEmail());
insert.ExecuteNonQuery();
sc.Close();
Send_Mail(employee.getEmail(), employee.getEmail(), password);
Response.Write("<script>alert('CEO Account: " + employee.getFirstName() + "" + employee.getMI() + " " + employee.getLastName() + " created succesfully')</script>");
txtFirstName.Text = string.Empty;
txtMI.Text = string.Empty;
txtLastName.Text = string.Empty;
txtEmail.Text = string.Empty;
txtPhoneNumber.Text = string.Empty;
txtCeoEmail.Text = string.Empty;
txtCompanyName.Text = string.Empty;
}
}
catch
{
Response.Write("<script>alert('Error When Creating CEO Account (CONTACT DEVS)')</script>");
}
}
private void b_save_Click(object sender, RoutedEventArgs e)
{
if (tb_social_security_nr.Text == "" || pb_password.Password == "" || tb_name.Text == "" || tb_address.Text == "" || tb_home_phone.Text == "")
{
MessageBox.Show("Empty fields are not allowed.", "Error!", MessageBoxButton.OK, MessageBoxImage.Warning);
return;
}
EmployeeObject newObject = new EmployeeObject(tb_social_security_nr.Text, SimpleHash.GenerateHashedPassword(tb_social_security_nr.Text, pb_password.Password), (bool)cb_admin.IsChecked, tb_name.Text, tb_address.Text, tb_home_phone.Text);
int rowsChanged = -1;
if (newemployee)
{
rowsChanged = DBConnection.InsertEmployee(newObject);
}
else
{
rowsChanged = DBConnection.UpdateEmployee(newObject, oldObject);
}
if (rowsChanged > 0)
{
parentWindow.parentWindow.UpdateAllChain();
Close();
}
}
protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
{
try
{
string username = employeeLogin.UserName;
string password = employeeLogin.Password;
e.Authenticated = false;
SqlConnection conn = ProjectDB.connectToDB();
if (conn != null)
{
string commandText = "Select Top 1 UserName, PasswordHash, LoginType, EmpLoginID from [dbo].[EmployeeLogin] where UserName = @UserName";
SqlCommand select = new SqlCommand(commandText, conn);
select.Parameters.AddWithValue("@UserName", username);
SqlDataReader reader = select.ExecuteReader();
if (reader.HasRows)
{
reader.Read();
String pwHash = reader["PasswordHash"].ToString();
String user = reader["UserName"].ToString();
int loginType = (int)reader["LoginType"];
int loginID = (int)reader["EmpLoginID"];
bool verify = SimpleHash.VerifyHash(password, "MD5", pwHash);
if (verify)
{
switch (loginType)
{
case 1:
Session["login"] = 1;
if (!enabledEmployee(loginID))
{
verify = false;
}
break;
case 2:
Session["login"] = 2;
break;
case 3:
Session["login"] = 3;
//if (!enabledVendor(loginID))
//{
// verify = false;
//}
break;
default:
Session["login"] = -1;
break;
}
}
e.Authenticated = verify;
if (e.Authenticated == true)
{
getLoginInfo(loginID, loginType);
}
}
conn.Close();
Session["employeeLoggedIn"] = e.Authenticated.ToString();
}
if (e.Authenticated == false)
{
employeeLogin.FailureText = "Incorrect Username or Password.";
}
}
catch (Exception)
{
}
}
protected void loginButton_Click(object sender, EventArgs e)
{
string h_usernameValue = username.Value;
string h_passwordValue = password.Value;
char db_userType = 'z';
bool result = false;
int number = 0; // This variable does nothing for us. It just holds a test value. Erik, 3/12/18 12:37
errormsg.Visible = false;
result = Int32.TryParse(h_usernameValue, out number);
if (!result)
{
errormsg.Visible = true;
username.Value = string.Empty;
}
result = Int32.TryParse(h_passwordValue, out number);
if (!result)
{
errormsg.Visible = true;
}
if (errormsg.Visible == false)
{
string constr = ConfigurationManager.ConnectionStrings["CS414_VirtualExamConnectionString"].ConnectionString;
using (SqlConnection DBconnection = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("Get_Hash"))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@username", h_usernameValue);
SqlParameter hash = cmd.Parameters.Add("@hashed_password", SqlDbType.VarChar, 1000);
hash.Direction = ParameterDirection.Output;
cmd.Connection = DBconnection;
try
{
DBconnection.Open();
cmd.ExecuteNonQuery();
string x = (string)hash.Value;
if (x == "Failure")
{
}
else
{
if (SimpleHash.VerifyHash(h_passwordValue, "SHA256", x))
{
using (SqlCommand command = new SqlCommand("Get_User_Type"))
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue("@username", h_usernameValue);
SqlParameter userType = command.Parameters.Add("@user_type", SqlDbType.VarChar, 1);
userType.Direction = ParameterDirection.Output;
command.Connection = DBconnection;
try
{
command.ExecuteNonQuery();
db_userType = Convert.ToChar(userType.Value);
Session["userType"] = db_userType; // This creates a session for the user and allows us to give them access to only certain portions of the website. Erik, 2/23/18 20:14
Session["userName"] = h_usernameValue;
}
// using (SqlCommand command = new SqlCommand("Validate_User"))
//{
// cmd.CommandType = CommandType.StoredProcedure;
// cmd.Parameters.AddWithValue("@Username", h_usernameValue);
// cmd.Parameters.AddWithValue("@Password", h_passwordValue);
// cmd.Connection = DBconnection;
// try
// {
// DBconnection.Open();
// db_userType = Convert.ToChar(cmd.ExecuteScalar());
// Session["userType"] = db_userType; // This creates a session for the user and allows us to give them access to only certain portions of the website. Erik, 2/23/18 20:14
// Session["userName"] = h_usernameValue;
// }
catch (SqlException ex)
{
Response.Redirect("http://csmain/cs414/team02/virtualexam/virtualexam/Default");
string errormsg = "Unable to connect to the database! ";
errormsg += ex.Message;
throw new Exception(errormsg);
}
finally
{
}
}
}
}
}
catch (System.Data.SqlClient.SqlException ex)
{
string errormsg = "Unable to connect to the database!";
errormsg += ex.Message;
throw new Exception(errormsg);
}
finally
{
DBconnection.Close();
}
// This sends the user to the correct webpage based on the login credentials that they have entered. If they entered invalid login
// credentials, an error message is displayed as the default case. Erik, 3/1/18 16:26
switch (db_userType)
{
case 'a':
Response.Redirect("AdminHome.aspx");
username.Value = "a";
break;
case 't':
Response.Redirect("TeacherHome.aspx");
username.Value = "t";
break;
case 's':
Response.Redirect("StudentHome.aspx");
username.Value = "s";
break;
default:
errormsg.Visible = true;
username.Value = "";
password.Value = "";
Session.Clear();
Session.Abandon();
break;
}
}
}
}
}
protected void InsertGeneralUser()
{
try
{
SqlConnection sc = new SqlConnection(ConfigurationManager.ConnectionStrings["conString"].ConnectionString); // connection string is in web config
SqlCommand query = new SqlCommand();
sc.Open();
query.Connection = sc;
query.CommandText = "Insert INTO GeneralUser(EmailAddress, FirstName, LastName, Gender, HomePhone, HomeAddress, City, State," +
"ZIP, DOB, Password, UserType, PasswordHash, ShirtSize, UserPermission, LastLogin, Race, CellPhone, JoinDate," +
"ActivatedBool) Values(@EmailAddress, @FirstName, @LastName, @Gender, @HomePhone, @HomeAddress, @City, @State," +
"@ZIP, @DOB, @Password, @UserType, @PasswordHash, @ShirtSize, @UserPermission, @LastLogin, @Race, @CellPhone," +
"@JoinDate, @Activated)";
Debug.WriteLine(query.CommandText);
Debug.WriteLine("Where @EmailAddress = " + txtEmail.Text);
Debug.WriteLine("@FirstName = " + txtfName.Text);
Debug.WriteLine("@LastName = " + txtlName.Text);
Debug.WriteLine("@Gender = " + ddlGender.Text);
Debug.WriteLine("@HomePhone = NULL");
Debug.WriteLine("@HomeAddress = " + txtAddress.Text);
Debug.WriteLine("@City = " + txtCity.Text);
Debug.WriteLine("@State = " + txtState.Text);
Debug.WriteLine("@ZIP = " + txtZip.Text);
Debug.WriteLine("@DOB = " + txtDOB.Text);
Debug.WriteLine("@Password = "******"@UserType = " + Session["userType"].ToString());
string passHash = SimpleHash.ComputeHash(txtPassword.Text, "MD5", null);
Debug.WriteLine("@PasswordHash = " + passHash);
Debug.WriteLine("@PasswordSalt = NULL");
Debug.WriteLine("@ShirtSize = NULL"); //Need Shirt Size Text Box
Debug.WriteLine("@UserPermission = 1");
Debug.WriteLine("@LastLogin = NULL");
Debug.WriteLine("@Race = NULL");//Need button group for Race
Debug.WriteLine("@CellPhone = " + txtCell.Text);
DateTime today = DateTime.Now;
Debug.WriteLine("@JoinDate = " + today);
Debug.WriteLine("@Activated = 0");
/////////
query.Parameters.AddWithValue("@EmailAddress", txtEmail.Text);
query.Parameters.AddWithValue("@FirstName", txtfName.Text);
query.Parameters.AddWithValue("@LastName", txtlName.Text);
query.Parameters.AddWithValue("@Gender", ddlGender.Text);
if (txtHome.Text.Trim().Equals("") || txtHome.Text == null)
{
query.Parameters.AddWithValue("@HomePhone", System.DBNull.Value);
}
else
{
query.Parameters.AddWithValue("@HomePhone", txtHome.Text);
}
query.Parameters.AddWithValue("@HomeAddress", txtAddress.Text);
query.Parameters.AddWithValue("@City", txtCity.Text);
query.Parameters.AddWithValue("@State", txtState.Text);
query.Parameters.AddWithValue("@ZIP", txtZip.Text);
query.Parameters.AddWithValue("@DOB", txtDOB.Text);
query.Parameters.AddWithValue("@Password", txtPassword.Text);
query.Parameters.AddWithValue("@UserType", Session["userType"].ToString());
query.Parameters.AddWithValue("@PasswordHash", passHash);
query.Parameters.AddWithValue("@ShirtSize", ddlShirtSize.Text); //Need Shirt Size Text Box
query.Parameters.AddWithValue("@UserPermission", Session["permission"].ToString());
query.Parameters.AddWithValue("@LastLogin", System.DBNull.Value);
List <String> selectedValues = cblRace.Items.Cast <ListItem>()
.Where(li => li.Selected)
.Select(li => li.Value)
.ToList();
String races = "";
foreach (String item in selectedValues)
{
races += item + ", ";
}
Debug.WriteLine(races);
if (races.Trim().Equals(""))
{
query.Parameters.AddWithValue("@Race", System.DBNull.Value);
}
else
{
query.Parameters.AddWithValue("@Race", races);
}
query.Parameters.AddWithValue("@CellPhone", txtCell.Text);
// DateTime today = DateTime.Now;
query.Parameters.AddWithValue("@JoinDate", today);
query.Parameters.AddWithValue("@Activated", 0);
query.ExecuteNonQuery();
sc.Close();
}
catch (SqlException SQLe)
{
System.Diagnostics.Debug.Write(SQLe.ToString());
}
}
public bool TestPasswordHasher(string password, string dbSalt, string dbHash)
{
ISimpleHash simpleHash = new SimpleHash();
return(simpleHash.Verify(password, String.Concat(dbSalt, dbHash)));
}
public static bool check(string user, string passwd)
{
user = user.ToLower();
User user1 = UserDb.lookup(user);
return(user1 != null && (user1.passwd == passwd || user == "anonymous" || (SimpleHash.test_hash(passwd, user1.passwd) || UserDb.digest_passwd(user, passwd) == user1.passwd) || UserDb.decode_passwd(user, user1.passwd) == passwd));
}
protected void btnCreateAccount_Click1(object sender, EventArgs e)
{
//String tempUsername;
//bool usernameExists = false;
//SqlCommand accountReadCmd = new SqlCommand("SELECT Username FROM AccountPassword", sc);
//SqlDataReader accountReader = accountReadCmd.ExecuteReader();
//while (accountReader.Read())
//{
// tempUsername = accountReader[0].ToString();
// if (tempUsername== txtUsername.Text)
// {
// usernameExists = true;
// break;
// }
//}
String error = "";
int currentID = (int)System.Web.HttpContext.Current.Session["CurrentUserID"];
String currentUser = "";
using (sc)
{
//sc.Open();
// select the project name that matches what the user puts in the search box
String pullCurrentUser = "******" + currentID;
using (SqlCommand pullUser = new SqlCommand(pullCurrentUser, sc))
{
using (SqlDataReader reader = pullUser.ExecuteReader())
{
while (reader.Read())
{
currentUser = (string)reader["FirstName"] + " " + (string)reader["LastName"];
}
}
}
}
Boolean employeeCreated = true;
String firstName = txtFirstName.Text;
String lastName = txtLastName.Text;
String middleInitial = txtMiddleInitial.Text;
int companyID = Convert.ToInt32(1); //fix this
String position = txtPosition.Text;
DateTime startDate = Convert.ToDateTime(txtStartDate.Text);
DateTime?terminationDate = null;
username = txtUsername.Text;
int adminFlag = 0;
emailAddress = txtEmail.Text;
String phoneNumber = txtPhoneNumber.Text;
//Generate random password
password = Membership.GeneratePassword(12, 2);
if (chkAdminFlag.Checked)
{
adminFlag = 1;
}
else
{
adminFlag = 0;
}
Boolean run = true;
//if ((!emailAddress.Contains("@")) || (!emailAddress.Contains(".")))
//{
// error += "Email should contain an @ and domain (.edu, .com, etc.)";
// run = false;
//}
//else
//{
// int i = emailAddress.IndexOf("@");
// String sub = emailAddress.Substring(i);
// if (!sub.Contains("."))
// {
// error+= "Email should contain a domain (.edu, .com, etc.)";
// run = false;
// }
//}
run = IsValidEmail(emailAddress);
if (run == false)
{
error += "Email is invalid. ";
}
//Create Account object for new employee
Account newAccount = new Account(firstName, lastName, middleInitial, companyID, position, startDate, terminationDate, adminFlag, username, phoneNumber, emailAddress);
//verify username does not already exist
//String usernameVerificationQuery = "Select Count(Username) FROM dbo.AccountPassword Where Username = @Username";
// usernameExists = true;
//if(startDate.AddMonths(6) > DateTime.Now)
//{
// run = false;
// error += "Start date too far in advance. ";
//}
String tempName = "";
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["con"].ConnectionString))
{
if (sc.State == System.Data.ConnectionState.Closed)
{
sc.Open();
}
String pullUsername = "******";
using (SqlCommand pullVendor = new SqlCommand(pullUsername, sc))
{
using (SqlDataReader reader = pullVendor.ExecuteReader())
{
while (reader.Read())
{
tempName = reader["Username"].ToString();
if (tempName.ToUpper().Equals(username.ToUpper()))
{
run = false;
error += "Username already exists. ";
}
}
}
}
}
// in case it is the first time creating an account
//sc.ConnectionString = "Server=localhost;Database=Project;Trusted_Connection=Yes;";
//sc.Open();
//SqlCommand usernameVerification2 = new SqlCommand(usernameVerificationQuery, sc);
//SqlDataReader reader2 = usernameVerification2.ExecuteReader();
if (run == true)
{
String passwordHashNew = SimpleHash.ComputeHash(password, "MD5", null);
//Gets the most recent employeeID
String selectEmployeeIDQuery = "SELECT MAX(EmployeeID) FROM Employee";
//Inserts new employee
String insertEmployeeQuery = "INSERT INTO [dbo].[Employee] values (@FirstName,@LastName, @MiddleInitial, @CompanyID, @Position, @Email, @PhoneNumber, @StartDate," +
"@TerminationDate,@RewardBalance,@AdminFlag,@LUB,@LU,0)";
//Inserts new employee's password
String insertAccountPasswordQuery = "INSERT INTO AccountPassword values (@EmployeeID" + ", '" + newAccount.getUsername() + "'" + ", '" + passwordHashNew + "', 'Salt',@LUB,@LU, @LastLogIn)";
//create new employee in database
using (SqlConnection sc = new SqlConnection(WebConfigurationManager.ConnectionStrings["con"].ConnectionString))
{
if (sc.State == System.Data.ConnectionState.Closed)
{
sc.Open();
}
SqlCommand insertEmployee = new SqlCommand(insertEmployeeQuery, sc);
insertEmployee.Parameters.AddWithValue("@FirstName", newAccount.getFirstname());
insertEmployee.Parameters.AddWithValue("@LastName", newAccount.getLastName());
if (newAccount.getMiddleInitial() == "")
{
insertEmployee.Parameters.AddWithValue("@MiddleInitial", DBNull.Value);
}
else
{
insertEmployee.Parameters.AddWithValue("@MiddleInitial", newAccount.getMiddleInitial());
}
insertEmployee.Parameters.AddWithValue("@CompanyID", newAccount.getCompanyID());
insertEmployee.Parameters.AddWithValue("@Position", newAccount.getPosition());
insertEmployee.Parameters.AddWithValue("@Email", newAccount.getEmail());
insertEmployee.Parameters.AddWithValue("@PhoneNumber", newAccount.getPhoneNumber());
insertEmployee.Parameters.AddWithValue("@StartDate", newAccount.getStartDate());
insertEmployee.Parameters.AddWithValue("@TerminationDate", DBNull.Value);
insertEmployee.Parameters.AddWithValue("@RewardBalance", 0.0);
insertEmployee.Parameters.AddWithValue("@AdminFlag", newAccount.getAdminFlag());
insertEmployee.Parameters.AddWithValue("@LUB", currentUser);
insertEmployee.Parameters.AddWithValue("@LU", DateTime.Now);
try
{
//sc.ConnectionString = @"Server =LOCALHOST ;Database=Project;Trusted_Connection=Yes;MultipleActiveResultSets=true;";
if (sc.State == System.Data.ConnectionState.Closed)
{
sc.Open();
}
insertEmployee.ExecuteNonQuery();
}
catch (Exception ex)
{
Response.Write("<br> insertEmployee " + ex.Message);
employeeCreated = false;
}
SqlCommand selectEmployeeID = new SqlCommand(selectEmployeeIDQuery, sc);
try
{
employeeID = (int)selectEmployeeID.ExecuteScalar(); //Returns the last employeeID
}
catch (Exception ex)
{
Response.Write("<br> selectEmployeeID" + ex.Message);
employeeCreated = false;
}
SqlCommand insertAccountPassword = new SqlCommand(insertAccountPasswordQuery, sc);
insertAccountPassword.Parameters.AddWithValue("@EmployeeID", employeeID);
insertAccountPassword.Parameters.AddWithValue("@LUB", currentUser);
insertAccountPassword.Parameters.AddWithValue("@LU", DateTime.Now);
insertAccountPassword.Parameters.AddWithValue("@LastLogIn", DBNull.Value);
try
{
insertAccountPassword.ExecuteNonQuery();
}
catch (Exception ex)
{
Response.Write("<br> insertAccountPass" + ex.Message);
employeeCreated = false;
}
}
}
else
{
employeeCreated = false;
}
if (employeeCreated == true)
{
try
{
sendEmail();
lblStatus.Text = "Employee created!";
clear();
}
catch
{
}
}
else
{
lblStatus.Text = "Employee cannot be created. " + error;
}
}
private PluginAuthInfo(AuthInfo authInfo, SimpleHash hashedCredentials, string realmName) : this(authInfo.Principal(), hashedCredentials.Bytes, hashedCredentials.Salt, realmName, new HashSet <string>(authInfo.Roles()))
{
}
static void Main(string[] args)
{
string password = "******"; // original password
string wrongPassword = "******"; // wrong password
string passwordHashMD5 =
SimpleHash.ComputeHash(password, "MD5", null);
string passwordHashSha1 =
SimpleHash.ComputeHash(password, "SHA1", null);
string passwordHashSha256 =
SimpleHash.ComputeHash(password, "SHA256", null);
string passwordHashSha384 =
SimpleHash.ComputeHash(password, "SHA384", null);
string passwordHashSha512 =
SimpleHash.ComputeHash(password, "SHA512", null);
Console.WriteLine("COMPUTING HASH VALUES\r\n");
Console.WriteLine("MD5 : {0}", passwordHashMD5);
Console.WriteLine("SHA1 : {0}", passwordHashSha1);
Console.WriteLine("SHA256: {0}", passwordHashSha256);
Console.WriteLine("SHA384: {0}", passwordHashSha384);
Console.WriteLine("SHA512: {0}", passwordHashSha512);
Console.WriteLine("");
Console.WriteLine("COMPARING PASSWORD HASHES\r\n");
Console.WriteLine("MD5 (good): {0}",
SimpleHash.VerifyHash(
password, "MD5",
passwordHashMD5).ToString());
Console.WriteLine("MD5 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "MD5",
passwordHashMD5).ToString());
Console.WriteLine("SHA1 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA1",
passwordHashSha1).ToString());
Console.WriteLine("SHA1 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA1",
passwordHashSha1).ToString());
Console.WriteLine("SHA256 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA256",
passwordHashSha256).ToString());
Console.WriteLine("SHA256 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA256",
passwordHashSha256).ToString());
Console.WriteLine("SHA384 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA384",
passwordHashSha384).ToString());
Console.WriteLine("SHA384 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA384",
passwordHashSha384).ToString());
Console.WriteLine("SHA512 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA512",
passwordHashSha512).ToString());
Console.WriteLine("SHA512 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA512",
passwordHashSha512).ToString());
}
internal static void login(
SO_CRD_User user_in,
Guid sessionGuid_in,
string login_forLogPurposes_in,
string ip_forLogPurposes_in,
bool andCheckPassword_in,
string password_in,
out long idUser_out,
out string login_out,
out long[] idPermissions_out,
ref List <int> errorlist_ref
)
{
//// NOTES:
//// - this method allows login without password (if andCheckPassword_in == false),
//// hence MUST NEVER be distributed (at least not directly)
idPermissions_out = null;
idUser_out = -1L;
login_out = "";
if (
(user_in != null)
&&
(
!andCheckPassword_in
||
SimpleHash.VerifyHash(
password_in,
SimpleHash.HashAlgotithm.SHA256,
user_in.Password
)
)
)
{
login_out = user_in.Login;
#region login...
#region idPermissions_out = ...;
long _count;
SO_CRD_Permission[] _so_permissions
= DO_CRD_Permission.getRecord_byUser(
user_in.IDUser,
-1, -1, -1, out _count,
null
);
idPermissions_out = new long[_so_permissions.Length];
for (int i = 0; i < _so_permissions.Length; i++)
{
idPermissions_out[i] = _so_permissions[i].IDPermission;
}
#endregion
if (UserSession.ContainsKey(sessionGuid_in))
{
Sessionuser _usersession = UserSession[sessionGuid_in];
if (_usersession.IDUser == user_in.IDUser)
{
_usersession.Sessionstart = DateTime.Now;
_usersession.IDUser = user_in.IDUser;
_usersession.IDPermissions = idPermissions_out;
}
else
{
errorlist_ref.Add(ErrorType.authentication__guid_not_yours);
UserSession.Remove(sessionGuid_in);
return;
}
}
else
{
UserSession.Add(
sessionGuid_in,
new Sessionuser(
user_in.IDUser,
idPermissions_out,
user_in.IFApplication,
DateTime.Now
)
);
}
idUser_out = user_in.IDUser;
#endregion
}
else
{
errorlist_ref.Add(ErrorType.authentication__invalid_login);
#region SBO_LOG_Log.log(...);
SBO_LOG_Log.log(
null,
LogType.error,
ErrorType.authentication,
-1L,
(user_in == null) ? -1 : user_in.IFApplication,
"login:{0};password[0]:{1};ip:{2};",
new string[] {
login_forLogPurposes_in,
password_in.Length > 0 ? password_in.Substring(0, 1) : "",
ip_forLogPurposes_in
}
);
#endregion
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
String email = txtEmail.Text.ToLower();
String password = txtPassword.Text.ToLower();
SqlConnection con = new SqlConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["lab4ConnectionString"].ConnectionString;
con.Open();
SqlCommand select = new SqlCommand();
select.Connection = con;
select.Parameters.Add(new System.Data.SqlClient.SqlParameter("@email", System.Data.SqlDbType.VarChar));
select.Parameters["@email"].Value = email;
select.CommandText = "SELECT EmployedStatus FROM [User] WHERE Email = @email";
bool status = Convert.ToBoolean(select.ExecuteScalar());
if (status == false)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('The provided email does not exist.')", true);
txtEmail.Text = "";
txtPassword.Text = "";
return;
}
select.CommandText = "SELECT [PasswordHash] FROM [dbo].[Password] WHERE [UserID] = (SELECT [UserID] FROM [dbo].[User] WHERE [Email] = @email)";
String hash = (String)select.ExecuteScalar();
con.Close();
bool provider = checkProvider();
bool superAdmin = checkSuperAdmin();
con.Open();
bool admin;
select.CommandText = "(SELECT [Admin] FROM [dbo].[User] WHERE [Email] = @email)";
admin = Convert.ToBoolean(select.ExecuteScalar());
bool approved;
select.CommandText = "SELECT [Approved] FROM [RewardProvider] WHERE [ProviderEmail] = @email";
approved = Convert.ToBoolean(select.ExecuteScalar());
if (provider)
{
select.CommandText = "SELECT ProviderID FROM [User] WHERE Email = @email";
Session["ProviderID"] = (int)select.ExecuteScalar();
select.CommandText = "SELECT ProviderName FROM [RewardProvider] WHERE ProviderID = " + Convert.ToString((int)Session["ProviderID"]);
Session["ProviderName"] = (String)(select.ExecuteScalar());
}
con.Close();
bool verify = SimpleHash.VerifyHash(password, "MD5", hash);
if (verify)
{
getUser(txtEmail.Text.ToLower());
if (provider && approved == true)
{
Response.Redirect("rpHome.aspx");
}
else if (provider && approved == false)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('You must be approved by an administrator before you can access the system.')", true);
txtEmail.Text = "";
txtPassword.Text = "";
}
else if (admin)
{
Response.Redirect("AdminPage.aspx");
}
else if (superAdmin)
{
Response.Redirect("SuperAdmin.aspx");
}
else
{
Response.Redirect("TeamMemberPage.aspx");
}
}
else
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('The provided email and/or password was invalid.')", true);
txtEmail.Text = "";
txtPassword.Text = "";
}
}
public static void ChangePassword(
string sessionGuid_in,
string ip_forLogPurposes_in,
string password_old_in,
string password_new_in,
out int[] errors_out
)
{
List <int> _errorlist;
Guid _sessionguid;
Sessionuser _sessionuser;
#region check...
if (!SBO_CRD_Authentication.isSessionGuid_valid(
sessionGuid_in,
ip_forLogPurposes_in,
out _sessionguid,
out _sessionuser,
out _errorlist,
out errors_out
))
{
//// no need!
//errors_out = _errors.ToArray();
return;
}
SO_CRD_User _user = DO_CRD_User.getObject(_sessionuser.IDUser);
if (_user == null)
{
_errorlist.Add(ErrorType.authentication__no_such_user);
UserSession.Remove(_sessionguid);
errors_out = _errorlist.ToArray();
return;
}
#endregion
bool _constraint;
if (
!SimpleHash.VerifyHash(
password_old_in,
SimpleHash.HashAlgotithm.SHA256,
_user.Password
)
)
{
_errorlist.Add(ErrorType.authentication__change_password__wrong_password);
}
else if (string.IsNullOrEmpty(password_new_in))
{
_errorlist.Add(ErrorType.authentication__change_password__invalid_password);
}
else
{
_user.Password
= SimpleHash.ComputeHash(
password_new_in,
SimpleHash.HashAlgotithm.SHA256,
null
);
DO_CRD_User.updObject(
_user,
true,
out _constraint
);
}
errors_out = _errorlist.ToArray();
}
protected void changePassword()
{
try
{
string username = txtUserChange.Text;
string password = txtPassOld.Text;
string hash = "";
if (username != "" && password != "")
{
string commandText = "SELECT [PasswordHash] FROM [dbo].[EmployeeLogin] WHERE [UserName] = @UserName";
SqlConnection conn = ProjectDB.connectToDB();
SqlCommand select = new SqlCommand(commandText, conn);
select.Parameters.AddWithValue("@UserName", username);
SqlDataReader reader = select.ExecuteReader();
if (reader.HasRows)
{
reader.Read();
hash = reader["PasswordHash"].ToString();
}
reader.Close();
if (SimpleHash.VerifyHash(password, "MD5", hash))
{
string newPassOne = txtPassNewOne.Text;
string newPassTwo = txtPassNewTwo.Text;
if (newPassOne != "" && newPassTwo != "")
{
if (newPassOne == newPassTwo)
{
commandText = "UPDATE [dbo].[EmployeeLogin] SET [PasswordHash] = @PasswordHash WHERE [UserName] = @UserName";
SqlCommand update = new SqlCommand(commandText, conn);
update.Parameters.AddWithValue("@PasswordHash", SimpleHash.ComputeHash(txtPassNewOne.Text, "MD5", null));
update.Parameters.AddWithValue("@UserName", txtUserChange.Text);
update.ExecuteNonQuery();
}
else
{
errorMessage.Text = "Your new password must match.";
}
}
else
{
errorMessage.Text = "Please ensure that all entries are completed.";
}
}
else
{
errorMessage.Text = "Incorrect Password";
}
conn.Close();
}
else
{
errorMessage.Text = "Please ensure that all entries are completed";
}
}
catch (Exception ex)
{
errorMessage.Text += "" + ex;
}
}
public static void Run2Lab()
{
Random rnd = new Random();
Stopwatch sw = new Stopwatch();
#region Task_1
#if bin
#region BinarySearch
Console.WriteLine("Введите размерность массива для бинарного поиска или 0 для перехода к следующему заданию.");
var size = int.Parse(Console.ReadLine());
while (0 != size)
{
Console.WriteLine("\nВведите искомый элемент.");
var key_bin = int.Parse(Console.ReadLine());
var mas = new int[size];
for (int i = 0; i < size; i++)
{
mas[i] = rnd.Next(-1000, 1001);
}
Array.Sort(mas);
sw.Start();
var start = DateTime.Now;
var binary = BinarySearch(mas, key_bin);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"\nЭлемент {key_bin} присутствует в массиве - {binary}.");
Console.WriteLine($"Затраченное время на выполнение: {/*sw.Elapsed*/start - end}.");
sw.Reset();
sw.Start();
start = DateTime.Now;
Array.BinarySearch(mas, key_bin);
end = DateTime.Now;
sw.Stop();
Console.WriteLine($"\nЗатраченное время на выполнение встроенным алгоритмом класса Array: {start - end}.");
sw.Reset();
Console.WriteLine("Введите размерность массива для повторной генерации или 0 для перехода к следующему заданию.");
size = int.Parse(Console.ReadLine());
}
#endregion
#endif
#if tree
#region BinaryTree
Console.WriteLine("Введите размерность дерева или 0 для перехода к следующему заданию.");
var size_tree = int.Parse(Console.ReadLine());
while (size_tree != 0)
{
Console.WriteLine("Введите искомый элемент.");
var key_tree = int.Parse(Console.ReadLine());
var set = new HashSet <int>();
for (int i = 0; i < size_tree; i++)
{
set.Add(rnd.Next(-1000, 1001));
}
sw.Start();
var start = DateTime.Now;
var contains_set = set.Contains(key_tree);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"\nЭлемент {key_tree} присутствует в множестве - {contains_set}.");
Console.WriteLine($"Затраченное время на выполнение встроенным методом класса HashSet: {/*sw.Elapsed*/start - end}.");
sw.Reset();
int[] arr = new int[set.Count];
//int[] arr = { 5,8,11,3,-2,4,10,17};
set.CopyTo(arr);
BinaryTree tree = new BinaryTree(arr);
sw.Start();
start = DateTime.Now;
var contains_tree = tree.HasValue(key_tree);
end = DateTime.Now;
sw.Stop();
Console.WriteLine($"\nЭлемент {key_tree} присутствует в дереве - {contains_tree}.");
Console.WriteLine($"Затраченное время на выполнение методом класса BinaryTree: {/*sw.Elapsed*/start - end}.");
sw.Reset();
Console.WriteLine("\nВведите элемент для добавления.");
var adding = int.Parse(Console.ReadLine());
tree.Add(adding);
start = DateTime.Now;
contains_tree = tree.HasValue(adding);
end = DateTime.Now;
Console.WriteLine($"\nЭлемент {adding} присутствует в дереве после добавления - {contains_tree}.");
Console.WriteLine($"Затраченное время на выполнение методом класса BinaryTree: {/*sw.Elapsed*/start - end}.");
Console.WriteLine("\nВведите элемент для удаления.");
int deleting = int.Parse(Console.ReadLine());
tree.Delete(deleting);
start = DateTime.Now;
contains_tree = tree.HasValue(deleting);
end = DateTime.Now;
Console.WriteLine($"\nЭлемент {deleting} присутствует в дереве после удаления - {contains_tree}");
Console.WriteLine($"Затраченное время на выполнение методом класса BinaryTree: {/*sw.Elapsed*/start - end}");
/*Console.WriteLine(set.Count);
* Console.WriteLine(tree.Count);*/
sw.Reset();
Console.WriteLine("\nВведите размерность массива для повторной генерации или 0 для перехода к следующему заданию.");
size_tree = int.Parse(Console.ReadLine());
}
#endregion
#endif
#if fib
#region Fibonacchi
Console.WriteLine("Введите размерность массива для поиска Фибоначчи или 0 для перехода к следующему заданию.");
var size_fib = int.Parse(Console.ReadLine());
while (size_fib != 0)
{
Console.WriteLine("Введите искомый элемент.");
var key_fib = int.Parse(Console.ReadLine());
var set = new HashSet <int>(size_fib);
for (int i = 0; i < size_fib; i++)
{
set.Add(rnd.Next(-1000, 1001));
}
var arr = new int[set.Count];
//int[] arr = { 1, 2, 6, 14, 18, 40, 55, 91, 114, 225, 335, 556, 667, 889, 668, 44458, 88889595, 989849841, 989849843 };
set.CopyTo(arr);
Array.Sort(arr);
sw.Start();
var start = DateTime.Now;
var contains_fib = Fib(arr, key_fib);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"\nЭлемент {key_fib} присутствует в массиве - {contains_fib}.");
Console.WriteLine($"Затраченное время на выполнение поиском Фиббоначи: {/*sw.Elapsed*/start - end}.");
sw.Reset();
Console.WriteLine("\nВведите размерность массива для повторной генерации или 0 для перехода к следующему заданию.");
size_fib = int.Parse(Console.ReadLine());
}
#endregion
#endif
#if int
#region Interpolation
Console.WriteLine("Введите размерность массива для интерполяционного поиска или 0 для перехода к следующему заданию.");
var size_interpol = int.Parse(Console.ReadLine());
while (size_interpol != 0)
{
Console.WriteLine("Введите искомый элемент.");
var key_interpol = int.Parse(Console.ReadLine());
var set = new HashSet <int>(size_interpol);
for (int i = 0; i < size_interpol; i++)
{
set.Add(rnd.Next(-1000, 1001));
}
//var arr = new int[set.Count];
//set.CopyTo(arr);
int[] arr = { 1, 2, 6, 14, 18, 40, 55, 91, 114, 225, 335, 556, 667, 889, 668, 44458, 88889595, 9898491, 9898443 };
Array.Sort(arr);
sw.Start();
var start = DateTime.Now;
var contains_int = Interpolation(arr, key_interpol);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"\nЭлемент {key_interpol} присутствует в массиве - {contains_int}.");
Console.WriteLine($"Затраченное время на выполнение интерполяционным поиском: {/*sw.Elapsed*/start - end}.");
sw.Reset();
Console.WriteLine("\nВведите размерность массива для повторной генерации или 0 для перехода к следующему заданию.");
size_interpol = int.Parse(Console.ReadLine());
}
#endregion
#endif
#endregion
#region Task 2
#if hash
#region Simple
Console.WriteLine("Введите размерность массива для генерации массива для простого хеширования или 0 для перехода к следующему заданию.");
var size_simp_hash = long.Parse(Console.ReadLine());
while (size_simp_hash != 0)
{
var set = new HashSet <int>((int)size_simp_hash);
while (set.Count != size_simp_hash)
{
set.Add(rnd.Next(-(int)size_simp_hash, (int)size_simp_hash));
}
var arr = new int[set.Count];
set.CopyTo(arr);
Console.WriteLine($"Введите искомый элемент");
int item = int.Parse(Console.ReadLine());
sw.Start();
var start = DateTime.Now;
SimpleHash hash = new SimpleHash(arr);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"Затраченное время на хеширование: {/*sw.Elapsed*/start - end}.");
sw.Reset();
sw.Start();
start = DateTime.Now;
int index = hash.IndexOf(item);
end = DateTime.Now;
sw.Stop();
Console.WriteLine($"Индекс искомого элемента в хеш-таблице: {index}");
Console.WriteLine($"Затраченное время на поиск: {/*sw.Elapsed*/start - end}.");
sw.Reset();
Console.WriteLine("\nВведите размерность массива для повторной генерации или 0 для перехода к следующему заданию.");
size_simp_hash = long.Parse(Console.ReadLine());
}
#endregion
#region Pseudo
Console.WriteLine("Введите размерность массива для генерации массива для хеширования на основе псеводослучайных чисел или 0 для перехода к следующему заданию.");
var size_pseudo_hash = long.Parse(Console.ReadLine());
while (size_pseudo_hash != 0)
{
var set = new HashSet <int>((int)size_pseudo_hash);
while (set.Count != size_pseudo_hash)
{
set.Add(rnd.Next(-(int)size_pseudo_hash, (int)size_pseudo_hash));
}
var arr = new int[set.Count];
set.CopyTo(arr);
Console.WriteLine($"Введите искомый элемент");
int item = int.Parse(Console.ReadLine());
sw.Start();
var start = DateTime.Now;
PseudoHash hash = new PseudoHash(arr);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"Затраченное время на хеширование: {/*sw.Elapsed*/start - end}.");
sw.Reset();
sw.Start();
start = DateTime.Now;
int index = hash.IndexOf(item);
end = DateTime.Now;
sw.Stop();
Console.WriteLine($"Индекс искомого элемента в хеш-таблице: {index}");
Console.WriteLine($"Затраченное время на поиск: {/*sw.Elapsed*/start - end}.");
sw.Reset();
Console.WriteLine("\nВведите размерность массива для повторной генерации или 0 для перехода к следующему заданию.");
size_simp_hash = long.Parse(Console.ReadLine());
}
#endregion
#region Chains
Console.WriteLine("Введите размерность массива для генерации массива для хеширования цепочками или 0 для перехода к следующему заданию.");
var size_chains_hash = long.Parse(Console.ReadLine());
while (size_chains_hash != 0)
{
var set = new HashSet <int>((int)size_chains_hash);
while (set.Count != size_chains_hash)
{
set.Add(rnd.Next(-(int)size_chains_hash, (int)size_chains_hash));
}
var arr = new int[set.Count];
set.CopyTo(arr);
Console.WriteLine($"Введите искомый элемент");
int item = int.Parse(Console.ReadLine());
sw.Start();
var start = DateTime.Now;
ChainHash hash = new ChainHash(arr);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"Затраченное время на хеширование: {/*sw.Elapsed*/start - end}.");
sw.Reset();
sw.Start();
start = DateTime.Now;
bool index = hash.HasValue(item);
end = DateTime.Now;
sw.Stop();
Console.WriteLine($"Искомый элемент присутствует в хеш-таблице: {index}");
Console.WriteLine($"Затраченное время на поиск: {/*sw.Elapsed*/start - end}.");
sw.Reset();
Console.WriteLine("\nВведите размерность массива для повторной генерации или 0 для перехода к следующему заданию.");
size_simp_hash = long.Parse(Console.ReadLine());
}
#endregion
#endif
#endregion
#region Task 3
#if chess
#region Chess
Console.WriteLine("Введите значение от 1 до 24 для вывода результата поиска или 0 для выхода.");
var key = int.Parse(Console.ReadLine());
while (key != 0)
{
sw.Start();
Console.WriteLine($"\nВарианты расстановки ферзей:\n");
var start = DateTime.Now;
Chess(key);
var end = DateTime.Now;
sw.Stop();
Console.WriteLine($"Затраченное время на выполнение: {/*sw.Elapsed*/start - end}.");
sw.Reset();
Console.WriteLine("\nВведите любое значение кроме 0 для вывода результата поиска или 0 для выхода.");
key = int.Parse(Console.ReadLine());
}
#endregion
#endif
#endregion
}
protected void Login1_Authenticate(object sender, EventArgs e)
{
String user = inputEmail.Text;
String password = inputPassword.Text;
bool verify = false;
try
{
string QueryUserDetails = "Select PasswordHash, ActivatedBool, UserPermission from dbo.GeneralUser where EmailAddress = '" + user + "'"; // This query returns the password hash and the boolean for whether or not the profile is activated
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["conString"].ConnectionString); // connection string is in web config
connection.Open();
SqlCommand cmd = new SqlCommand(QueryUserDetails, connection); // execute select statement
SqlDataAdapter adp = new SqlDataAdapter(cmd); // read in data from query results
DataTable dt = new DataTable(); // create data table for sql query
adp.Fill(dt); // populate datatable with query results
// Verify there are rows in the datatable before populating variables
if (dt.Rows.Count > 0) // if the query finds the user-entered Email (username)
{
string activated = dt.Rows[0][1].ToString();
string permission = dt.Rows[0][2].ToString();
// Get the PasswordHash from DB, verify the hash matches the user-entered password
string pwHash = dt.Rows[0][0].ToString();
verify = SimpleHash.VerifyHash(password, "MD5", pwHash);
System.Diagnostics.Debug.WriteLine(verify);
Session["loggedIn"] = verify;
// Create permissions session variable
Session["permission"] = permission.ToString();
// If the log-in credentials are verified
if (verify)
{
// Verify that the user has activated their profile
if (activated == "True") // if the account's activated column is equal to true
{
// Redirect user to their profile based on their permission
if (permission == "5")
{
Session["UserID"] = user;
Response.Redirect("Admin.Dashboard.aspx"); // if all details match up, user is redirected to their profile page. TODO: Code profile page, figure out if statements for directing user to their appropriate profile type
}
if (permission == "4")
{
// redirect to staff/instructor/intern profile/// Community Wall
Session["UserID"] = user;
Response.Redirect("Wall.aspx");
}
if (permission == "3")
{
// redirect to student profile
Session["UserID"] = user;
Response.Redirect("Wall.aspx");
}
if (permission == "2")
{
// parent permission
// Debug.WriteLine(user);
Session["UserID"] = inputEmail.Text;
Debug.WriteLine(Session["UserID"].ToString());
Response.Redirect("Wall.aspx");
}
if (permission == "1")
{
// redirect to cipher profile
Session["UserID"] = user;
Response.Redirect("Wall.aspx");
}
}
else
{
MessageBox.Show("Error: Account is not activated. You will receive an e-mail when your account is approved and ready for activation");
}
}
else
{
MessageBox.Show("Error: Invalid Password. Please enter the correct password or click 'Forgot Password'");
}
}
else
{
MessageBox.Show("Error: That account does not exist! Please click sign up to join the community");
}
}
catch (SqlException error)
{
MessageBox.Show(e.ToString());
System.Diagnostics.Debug.WriteLine(error.ToString());
}
}
/// <summary>
/// Encrypts the password with MD5 algorithm.
/// </summary>
/// <param name="originalPassword">Original password.</param>
public void EncryptPasswordToMD5(string originalPassword)
{
this.password = SimpleHash.ComputeHash(originalPassword, "MD5", null);
}
protected void btnChangePass_Click(object sender, EventArgs e)
{
// Check if current password is real password
String currentPass = txtCurrentPass.Text;
if (txtNewPass.Text == txtCurrentPass.Text || txtConfirmNewPass.Text == txtCurrentPass.Text)
{
System.Web.UI.HtmlControls.HtmlGenericControl NewDiv = new System.Web.UI.HtmlControls.HtmlGenericControl();
NewDiv.Attributes["class"] = "dialog";
NewDiv.ID = "dialog";
NewDiv.Attributes["title"] = "Password Change";
NewDiv.InnerText = "Your new password cannot be the same as your old password.";
this.Controls.Add(NewDiv);
return;
}
con.Open();
SqlCommand select = new SqlCommand();
select.Connection = con;
// Get the hash for the current user's password
select.CommandText = "SELECT PasswordHash FROM [dbo].[Password] WHERE UserID =" + Convert.ToString((int)Session["UserID"]);
String currentHash = (String)select.ExecuteScalar();
bool correctHash = SimpleHash.VerifyHash(currentPass, "MD5", currentHash);
// Check if current password and new password TextBoxes are filled out correctly
if (correctHash)
{
if (String.IsNullOrWhiteSpace(txtNewPass.Text) == true)
{
System.Web.UI.HtmlControls.HtmlGenericControl NewDiv = new System.Web.UI.HtmlControls.HtmlGenericControl();
NewDiv.Attributes["class"] = "dialog";
NewDiv.ID = "dialog";
NewDiv.Attributes["title"] = "Password Change";
NewDiv.InnerText = "You must enter a new password.";
this.Controls.Add(NewDiv);
}
else if (txtNewPass.Text == txtConfirmNewPass.Text)
{
String newPassHash = SimpleHash.ComputeHash(txtNewPass.Text, "MD5", null);
select.CommandText = "UPDATE [dbo].[Password] SET [PasswordHash] = @PasswordHash WHERE [UserID] =" + Convert.ToString((int)Session["UserID"]);
select.Parameters.AddWithValue("@PasswordHash", newPassHash);
select.ExecuteNonQuery();
System.Web.UI.HtmlControls.HtmlGenericControl NewDiv = new System.Web.UI.HtmlControls.HtmlGenericControl();
NewDiv.Attributes["class"] = "dialog";
NewDiv.ID = "dialog";
NewDiv.Attributes["title"] = "Password Change";
NewDiv.InnerText = "Password successfully changed!";
this.Controls.Add(NewDiv);
}
else
{
System.Web.UI.HtmlControls.HtmlGenericControl NewDiv = new System.Web.UI.HtmlControls.HtmlGenericControl();
NewDiv.Attributes["class"] = "dialog";
NewDiv.ID = "dialog";
NewDiv.Attributes["title"] = "Password Change";
NewDiv.InnerText = "Passwords do not match.";
this.Controls.Add(NewDiv);
}
}
else
{
System.Web.UI.HtmlControls.HtmlGenericControl NewDiv = new System.Web.UI.HtmlControls.HtmlGenericControl();
NewDiv.Attributes["class"] = "dialog";
NewDiv.ID = "dialog";
NewDiv.Attributes["title"] = "Password Change";
NewDiv.InnerText = "Incorrect password.";
this.Controls.Add(NewDiv);
}
con.Close();
}
public HelloModule()
{
var db = new VenereissutDataContext();
Get["/"] = parameters => "Hello World";
// Login
Post["/Login"] = p =>
{
Login model = this.Bind();
// Haetaan käyttäjän tiedot tietokannasta username:n perusteella
User q = (from a in db.Users where model.username == a.UserName select a).FirstOrDefault();
List <User> everything = (from a in db.Users select a).ToList();
ISimpleHash simpleHash = new SimpleHash();
if (simpleHash.Verify(model.passwd, q.Password))
{
// Login ok, annetaan sessionId ja tallennetaan se käyttäjälle.
string sessionId = Util.CreateRandomPassword(20);
q.SessionId = sessionId;
q.TimeStamp = DateTime.Now;
db.SubmitChanges();
return(sessionId);
}
// Login ei ok, ei palauteta mitään.
return(String.Empty);
};
// Logoff
Post["/Logoff"] = p =>
{
return("Logoff OK.");
};
Post["/addUser"] = p =>
{
Login model = this.Bind();
ISimpleHash simpleHash = new SimpleHash();
string saltedPasswd = simpleHash.Compute(model.passwd);
User user = new User {
UserName = model.username, Password = saltedPasswd
};
db.Users.InsertOnSubmit(user);
db.SubmitChanges();
return("Operation successful.");
};
//Post["/addKohde"] = p =>
//{
// Kohteet model = this.Bind();
// db.Kohteets.InsertOnSubmit(model);
// db.SubmitChanges();
// return "Done inserting Kohde!";
//};
Post["/addKohde"] = p =>
{
KohdeWAuthentication m = this.Bind();
//Kohde km = this.Bind();
if (!Authenticate(m.token, db))
{
return(String.Empty);
}
Kohteet k = new Kohteet {
Kohde_Id = m.Kohde_Id, Koordinaatit = m.Koordinaatit, KuvaBase64 = m.KuvaBase64, Kuvausteksti = m.Kuvausteksti, Nimi = m.Nimi
};
//Kohteet k = new Kohteet { Koordinaatit = km.Koordinaatit, Nimi = km.Nimi };
db.Kohteets.InsertOnSubmit(k);
db.SubmitChanges();
return("Done inserting Kohde!");
};
Post["/addKohteenReissut"] = p =>
{
KohteetReissut model = this.Bind();
db.KohteetReissuts.InsertOnSubmit(model);
db.SubmitChanges();
return("Done inserting KohteenReissut!");
};
//Post["/addReissu"] = p =>
//{
// Reissut model = this.Bind();
// db.Reissuts.InsertOnSubmit(model);
// db.SubmitChanges();
// return "Done inserting Reissuts!";
//};
Post["/addReissu"] = p =>
{
ReissutWAuthentication model = this.Bind();
if (!Authenticate(model.token, db))
{
return(String.Empty);
}
string userName = GetUserNameByToken(model.token, db);
Reissut m = new Reissut {
UserName = userName, Alkoi = model.Alkoi, Nimi = model.Nimi, Kuvausteksti = model.Kuvausteksti
};
db.Reissuts.InsertOnSubmit(m);
db.SubmitChanges();
return(m.Reissu_Id.ToString());
};
Get["/Kohteet/{id}"] = p => (GetKohde(p.id, db));
}
protected void EmployeeLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
try
{
//the Login object has both UserName and Password properties
string userName = employeeLogin.UserName;
string password = employeeLogin.Password;
//the authenticated property of the AutheticateEventArgs object is what
//determines whether to authenticate the login or not...here we assume no
e.Authenticated = false;
//setting up SqlConnection and SqlCommand
SqlConnection conn = ProjectDB.connectToDB();
if (conn != null)
{
string commandText = "SELECT TOP 1 UserName, PasswordHash FROM [dbo].[EmployeeLogin] WHERE UserName = @UserName";
SqlCommand select = new SqlCommand(commandText, conn);
select.Parameters.AddWithValue("@UserName", userName);
SqlDataReader reader = select.ExecuteReader();
//if there is such a record, read it
if (reader.HasRows)
{
reader.Read();
String pwHash = reader["PasswordHash"].ToString(); //retrieve the password hash
String user = reader["UserName"].ToString();
Session["loggedInAs"] = user;
//user the SimpleHash object to verify the user's entered password
bool verify = SimpleHash.VerifyHash(password, "MD5", pwHash);
//the result of the VerifyHash is boolean; we use this to determine authentication
e.Authenticated = verify;
if (e.Authenticated == true)
{
getUserInfo(getLoginID(userName));
}
}
conn.Close();
Session["employeeLoggedIn"] = e.Authenticated.ToString();
}
else
{
errorMessage.Text += "\nThe connection to the database failed: " + conn;
}
if (e.Authenticated == false)
{
employeeLogin.FailureText = "Incorrect Login/Password";
}
}
catch (Exception ex)
{
employeeLogin.FailureText = ex.ToString();
}
}
protected void btnSubmitUser_Click(object sender, EventArgs e)
{
// Instantiate SQL objects, set up a SQL connection
SqlConnection con = new SqlConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["lab4ConnectionString"].ConnectionString;
con.Open();
SqlCommand select = new SqlCommand();
select.Connection = con;
// Get the username the admin wants to insert into the database
select.CommandText = "SELECT Email FROM [dbo].[User] WHERE Email = @Email";
select.Parameters.Add(new SqlParameter("@Email", SqlDbType.VarChar));
select.Parameters["@Email"].Value = txtEmail.Text;
// Check if the desired username is already in the database
String existingUserName = (String)select.ExecuteScalar();
if (existingUserName == null)
{
try
{
String insertString;
// Insert the new user into the database
insertString = "INSERT INTO [dbo].[User] VALUES(@FName, Null,";
// SQL insert statement
insertString += "@LName, @Email, @nickName, NULL, 0, 0, 0, " + (int)Session["UserID"] + ", NULL, @EmployerID, @AccountBalance, 1, '" + (String)Session["LName"] + "', '2018-01-01')";
select.CommandText = insertString;
//find the NickName
select.Parameters.AddWithValue("@nickName", txtNickName.Text);
// Make the first letter in the First Name TextBox uppercase
select.Parameters.Add(new SqlParameter("@FName", SqlDbType.VarChar));
select.Parameters["@FName"].Value = char.ToUpper(txtFName.Text[0]) + txtFName.Text.Substring(1);
// Make the first letter in the Last Name TextBox uppercase
select.Parameters.Add(new SqlParameter("@LName", SqlDbType.VarChar));
select.Parameters["@LName"].Value = char.ToUpper(txtLName.Text[0]) + txtLName.Text.Substring(1);
// Set the EmployerID equal to the selected index of the corresponding drop down list + 1 to avoid indexing errors
select.Parameters.Add(new SqlParameter("@EmployerID", SqlDbType.Int));
select.Parameters["@EmployerID"].Value = (int)Session["EmployerID"];
// Set the new user's account balance equal to $0
select.Parameters.Add(new SqlParameter("@AccountBalance", SqlDbType.Money));
select.Parameters["@AccountBalance"].Value = 0;
select.ExecuteNonQuery();
// Create a password and password hash for the new user
string password = "******";
string passwordHashNew =
SimpleHash.ComputeHash(password, "MD5", null);
select.CommandText = "SELECT [UserID] FROM [USER] WHERE [Email] = @Email";
int userID = (int)select.ExecuteScalar();
select.CommandText = "INSERT INTO[dbo].[Password] Values (" + userID + ", '" + passwordHashNew + "')";
select.ExecuteNonQuery();
txtFName.Text = "";
txtLName.Text = "";
txtEmail.Text = "";
txtNickName.Text = "";
lblError.Text = "";
Popup.Visible = false;
Popup.Enabled = false;
}
catch (Exception)
{
lblError.Text = "Please fill out the whole form";
}
}
// Display an error message if the username already exists within the database
else
{
lblError.Text = "This username is already taken";
}
// Close the SQL connection and update the gridview
con.Close();
fillGridView();
}
public static void console_main(bool block)
{
MyMain.start_time = DateTime.Now;
AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(MyMain.CurrentDomain_UnhandledException);
Timer timer = new Timer(new TimerCallback(MyMain.tsecond_Elapsed), (object)null, 0, 1000);
clib.init_log_files();
clib.set_debug(true);
clib.imsg("Logging home {0}", (object)clib.log_file("imsg.log"));
clib.imsg("Starting FTPDAV Version {0} Build {1}", (object)clib.Version(), (object)clib.Build());
clib.startstop("Starting FTPDAV Version {0} {1}", (object)clib.Version(), (object)clib.Build());
Ini.init(clib.work("config.ini"));
clib.set_debug(MyMain.main_debug);
clib.log_idle();
Quota.init();
clib.set_tmp(clib.work("tmp"));
Directory.CreateDirectory(clib.tmp());
Directory.CreateDirectory(clib.work("userdb"));
Directory.CreateDirectory(clib.work("spawn"));
Directory.CreateDirectory(clib.work("log"));
Vuser.init(clib.work("userdb"));
Link.set_paths(clib.work(""), clib.app(""));
Profile.load();
SimpleHash.unit_test();
Link.set_ssl_password(Ini.getstring(En.ssl_password));
clib.set_debug(true);
MyMain.startListeners();
if (!MyMain.main_debug)
{
clib.imsg("Going quiet now as no -debug switch on command line...");
}
clib.set_debug(MyMain.main_debug);
MyKey.init(clib.work("key.dat"));
try
{
File.Delete(clib.work("ftpdav.exit"));
}
catch
{
clib.imsg("FAILED TO DELETE FTPDAV.EXIT");
}
if (!block)
{
return;
}
while (true)
{
try
{
File.WriteAllText(clib.work("main.running"), "running");
if (File.Exists(clib.work("ftpdav.exit")))
{
clib.imsg("Exiting because ftpdav.exit found");
try
{
File.Delete(clib.work("ftpdav.exit"));
goto label_18;
}
catch (Exception ex)
{
clib.imsg("Delete failed {0}", (object)ex.Message);
goto label_18;
}
}
}
catch
{
}
Thread.Sleep(1000);
if (!MyMain.shutdown)
{
if (clib.time() - MyMain.last > 60)
{
MyMain.last = clib.time();
Quota.save();
}
}
else
{
break;
}
}
clib.imsg("Exiting because shutdown flag true");
label_18:
File.Delete(clib.work("main.running"));
clib.imsg("Key pressed or ftpdav.exit found ==============================");
Quota.save();
clib.startstop("Clean shutdown FTPDAV Version {0}", (object)clib.Version());
}
protected void BtnCommit_Click(object sender, EventArgs e)
{
try
{
Person employee = new Person(txtFirstName.Text, txtLastName.Text, txtEmail.Text);
employee.setLastUpdatedBy((string)(Session["loggedIn"]));
SqlConnection sc = new SqlConnection();
sc.ConnectionString = ConfigurationManager.ConnectionStrings["GroupProjectConnectionString"].ConnectionString;
sc.Open();
SqlCommand insert = new SqlCommand();
insert.Connection = sc;
insert.CommandText = "select [E-mail] from [Person] where [E-mail] = @Email";
insert.Parameters.AddWithValue("@Email", employee.getEmail());
SqlDataReader reader = insert.ExecuteReader();
if (reader.HasRows)
{
Response.Write("<script>alert('Email record has already existed in Database')</script>");
reader.Close();
sc.Close();
}
else
{
reader.Close();
insert.CommandText = "INSERT INTO [dbo].[Person] ([FirstName],[LastName],[MI],[E-mail],[Position],[Password],[UserName],[PointsBalance],[PendingPoints],[LastUpdated],[LastUpdatedBy],[BusinessEntityID],[ManagerID],[loginCount]) VALUES" +
"(@FirstName,@LastName,@MI,@Email,@Position,@Password,@UserName,@PointsBalance,@PendingPoints,@LastUpdated,@LastUpdatedBy,@BusinessEntityID,@ManagerID,0)";
insert.Parameters.AddWithValue("@FirstName", employee.getFirstName());
insert.Parameters.AddWithValue("@LastName", employee.getLastName());
insert.Parameters.AddWithValue("@Position", employee.getPosition());
insert.Parameters.AddWithValue("@PointsBalance", employee.getPointsBalance());
insert.Parameters.AddWithValue("@PendingPoints", employee.getPendingPoints());
insert.Parameters.AddWithValue("@BusinessEntityID", employee.getBusinessEntityID());
insert.Parameters.AddWithValue("@LastUpdatedBy", employee.getLastUpdatedBy());
insert.Parameters.AddWithValue("@LastUpdated", employee.getLastUpdated());
if (txtMI.Text.Trim() == "")
{
insert.Parameters.AddWithValue("@MI", DBNull.Value);
}
else
{
insert.Parameters.AddWithValue("@MI", txtMI.Text.Trim());
}
if (txtManagerID.Text.Trim() == "")
{
insert.Parameters.AddWithValue("@ManagerID", DBNull.Value);
}
else
{
insert.Parameters.AddWithValue("@ManagerID", txtManagerID.Text.Trim());
}
string password = System.Web.Security.Membership.GeneratePassword(8, 6);
string passwordHashNew = SimpleHash.ComputeHash(password, "MD5", null);
insert.Parameters.AddWithValue("@Password", passwordHashNew);
insert.Parameters.AddWithValue("@UserName", employee.getEmail());
insert.ExecuteNonQuery();
sc.Close();
Send_Mail(employee.getEmail(), employee.getEmail(), password);
Response.Write("<script>alert('Employee Account: " + employee.getFirstName() + "" + employee.getMI() + " " + employee.getLastName() + " is created')</script>");
txtFirstName.Text = string.Empty;
txtMI.Text = string.Empty;
txtLastName.Text = string.Empty;
txtEmail.Text = string.Empty;
txtManagerID.Text = string.Empty;
}
}
catch
{
Response.Write("<script>alert('ManagerID not found in Database')</script>");
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
//public System.Data.SqlClient.SqlDataReader reader;
//Page.ClientScript.RegisterStartupScript(this.GetType(),
// "alert", "alert('Welcome to our site. Enjoy your stay!');", true);
//Response.Write("<script type='text/javascript'> window.open('flight.aspx'); </script>");
Page.Validate();
if (Page.IsValid)
{
String UserNameInput = UserName.Text;
String PasswordInput = Password.Text;
try
{
string passwordHashMD5 = SimpleHash.ComputeHash(PasswordInput, "MD5", null);
System.Data.SqlClient.SqlConnection sc = new System.Data.SqlClient.SqlConnection();
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();
sc.ConnectionString = @"Data Source=pkyqlbhc9z.database.windows.net;Initial Catalog=KPMGTravel;Persist Security Info=True;User ID=episcopd;Password=Showker93;";
sc.Open();
cmd.Connection = sc;
Label1.Text = "Connection Success!";
// int UserID = 2;
string user = UserName.Text.ToString();
cmd.CommandText = @"Select PasswordHash, UserID, AccountType from SystemUser where UserID = @user";
cmd.Parameters.AddWithValue("@user", user);
reader = cmd.ExecuteReader();
Label1.Text = "reader is working";
if (reader.Read())
{
hashed = reader.GetValue(0).ToString();
Label1.Text = "login success!";
valid = SimpleHash.VerifyHash(PasswordInput, "MD5", hashed);
Label1.Text = "login success!";
if (valid == true)
{
String User = Convert.ToString(reader.GetValue(1));
String AccountT = Convert.ToString(reader.GetValue(2));
Label1.Text = "login success!";
Session["UserIdAndAcctType"] = new String[2] {
User, AccountT
};
Session["ActiveUserIdAndAcctType"] = new String[2] {
User, AccountT
};
if (AccountT == "S")
{
Response.Redirect("KPMGFullSite.aspx");
}
Response.Redirect("AccountPage.aspx");
}
else
{
Label1.Text = "wrong password";
}
}
else
{
Label1.Text = "No Record";
}
}
catch (Exception)
{
//Diplay array max reached message
//Page.ClientScript.RegisterStartupScript(this.GetType(),
// "alert", "alert('HELLO THERE.');", true);
}
}
}
public void TestInitialize()
{
m_SimpleHash = new SimpleHash();
}
