//Returns true if password is changed successfully without errors
public bool ChangePassword(StudentUpdatePassword student)
{
//Numeric validation
//Nount the number of character in the password
int counter = student.NewPassword.Length;
//Use for loop to loop thru each character in the string, checks through the whole string for numbers
for (int i = 0; i < counter; i++)
{
//If the current iteration contains a number, execute the query which updates the password
if (Char.IsDigit(student.NewPassword, i))
{
//hashed the new password
var sha1 = new SHA1CryptoServiceProvider();
var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(student.NewPassword));
string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower();
SqlCommand cmd = new SqlCommand("UPDATE Student SET Password=@newPassword" +
" WHERE StudentID = @selectedstudentID", conn);
cmd.Parameters.AddWithValue("@newPassword", hashedPassword);
cmd.Parameters.AddWithValue("@selectedstudentID", student.StudentID);
conn.Open();
int count = cmd.ExecuteNonQuery();
conn.Close();
return(true);
}
}
return(false);
}
public StudentUpdatePassword GetPassword(int studentID)
{
SqlCommand cmd = new SqlCommand("SELECT * FROM Student WHERE StudentID = @selectedstudentID", conn);
cmd.Parameters.AddWithValue("@selectedstudentID", studentID);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet result = new DataSet();
conn.Open();
da.Fill(result, "StudentPassword");
conn.Close();
StudentUpdatePassword student = new StudentUpdatePassword();
if (result.Tables["StudentPassword"].Rows.Count > 0)
{
student.StudentID = studentID;
DataTable table = result.Tables["StudentPassword"];
if (!DBNull.Value.Equals(table.Rows[0]["Password"]))
{
student.Password = table.Rows[0]["Password"].ToString();
}
return(student);
}
else
{
return(null);
}
}
//Change Password Page
//GET: Student/UpdatePassword Function
public ActionResult UpdatePassword()
{
if ((HttpContext.Session.GetString("Role") == null) ||
(HttpContext.Session.GetString("Role") != "Student"))
{
return(RedirectToAction("Index", "Home"));
}
//set a variable from the session string logged in Student's ID
int studentid = Convert.ToInt32(HttpContext.Session.GetInt32("StudentID"));
//get all the student's details based on the ID
StudentUpdatePassword student = new StudentUpdatePassword
{
StudentID = studentid
};
return(View(student));
}
public ActionResult UpdatePassword(StudentUpdatePassword student)
{
if (student.Password == null)
{
return(View(student));
}
//Get password details for currently logged in Student
StudentUpdatePassword currentStudent = studentContext.GetPassword(Convert.ToInt32(HttpContext.Session.GetInt32("StudentID")));
var sha1 = new SHA1CryptoServiceProvider();
var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(student.Password));
string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower();
//if password DOES NOT match the database password...
if (hashedPassword != currentStudent.Password)
{
ViewData["Message"] = "Current Password Is Incorrect!";
return(View(student));
}
//else continue what is needed to be done
if (ModelState.IsValid)
{
//checks whether the password is the same
if (student.NewPassword == student.ConfirmPassword)
{
//Checks the password whether it contains a digit, hashes the password using SHA-1 and updates the password into the database
if (studentContext.ChangePassword(student))
{
ViewData["Message"] = "Password Changed Successfully!";
return(View(student));
}
}
//if password does not match
else
{
ViewData["Message"] = "Password Does Not Match!";
return(View(student));
}
}
//if password field is empty OR does not match the required model from Lecturer.cs, return to view with error message
ViewData["Message"] = "Password Field Did Not Meet Requirements!";
return(View(student));
}
