//Returns true if password is changed successfully without errors public bool ChangePassword(StudentUpdatePassword student) { //Numeric validation //Nount the number of character in the password int counter = student.NewPassword.Length; //Use for loop to loop thru each character in the string, checks through the whole string for numbers for (int i = 0; i < counter; i++) { //If the current iteration contains a number, execute the query which updates the password if (Char.IsDigit(student.NewPassword, i)) { //hashed the new password var sha1 = new SHA1CryptoServiceProvider(); var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(student.NewPassword)); string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower(); SqlCommand cmd = new SqlCommand("UPDATE Student SET Password=@newPassword" + " WHERE StudentID = @selectedstudentID", conn); cmd.Parameters.AddWithValue("@newPassword", hashedPassword); cmd.Parameters.AddWithValue("@selectedstudentID", student.StudentID); conn.Open(); int count = cmd.ExecuteNonQuery(); conn.Close(); return(true); } } return(false); }
public StudentUpdatePassword GetPassword(int studentID) { SqlCommand cmd = new SqlCommand("SELECT * FROM Student WHERE StudentID = @selectedstudentID", conn); cmd.Parameters.AddWithValue("@selectedstudentID", studentID); SqlDataAdapter da = new SqlDataAdapter(cmd); DataSet result = new DataSet(); conn.Open(); da.Fill(result, "StudentPassword"); conn.Close(); StudentUpdatePassword student = new StudentUpdatePassword(); if (result.Tables["StudentPassword"].Rows.Count > 0) { student.StudentID = studentID; DataTable table = result.Tables["StudentPassword"]; if (!DBNull.Value.Equals(table.Rows[0]["Password"])) { student.Password = table.Rows[0]["Password"].ToString(); } return(student); } else { return(null); } }
//Change Password Page //GET: Student/UpdatePassword Function public ActionResult UpdatePassword() { if ((HttpContext.Session.GetString("Role") == null) || (HttpContext.Session.GetString("Role") != "Student")) { return(RedirectToAction("Index", "Home")); } //set a variable from the session string logged in Student's ID int studentid = Convert.ToInt32(HttpContext.Session.GetInt32("StudentID")); //get all the student's details based on the ID StudentUpdatePassword student = new StudentUpdatePassword { StudentID = studentid }; return(View(student)); }
public ActionResult UpdatePassword(StudentUpdatePassword student) { if (student.Password == null) { return(View(student)); } //Get password details for currently logged in Student StudentUpdatePassword currentStudent = studentContext.GetPassword(Convert.ToInt32(HttpContext.Session.GetInt32("StudentID"))); var sha1 = new SHA1CryptoServiceProvider(); var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(student.Password)); string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower(); //if password DOES NOT match the database password... if (hashedPassword != currentStudent.Password) { ViewData["Message"] = "Current Password Is Incorrect!"; return(View(student)); } //else continue what is needed to be done if (ModelState.IsValid) { //checks whether the password is the same if (student.NewPassword == student.ConfirmPassword) { //Checks the password whether it contains a digit, hashes the password using SHA-1 and updates the password into the database if (studentContext.ChangePassword(student)) { ViewData["Message"] = "Password Changed Successfully!"; return(View(student)); } } //if password does not match else { ViewData["Message"] = "Password Does Not Match!"; return(View(student)); } } //if password field is empty OR does not match the required model from Lecturer.cs, return to view with error message ViewData["Message"] = "Password Field Did Not Meet Requirements!"; return(View(student)); }