/// <summary>
/// Create the user and saves the password, salt and user id on the database
/// </summary>
/// <param name="userId">The user ID</param>
/// <param name="userPassword">Object consisting of salt and password</param>
/// <returns>if the action was sucessfull</returns>
public bool CreateUserAndPassword(string userId, UserPasswordObject userPassword)
{
MySqlConnection conn = new MySqlConnection(mysql.ConnectionString);
MySqlCommand comm = conn.CreateCommand();
bool success = false;
try
{
conn.Open();
comm.CommandText = "INSERT INTO userpassword(ID,Password,Salt) value (@ID,@Password,@Salt);";
comm.Parameters.AddWithValue("@ID", userId);
comm.Parameters.AddWithValue("@Password", Convert.ToBase64String(userPassword.HashedPassword));
comm.Parameters.AddWithValue("@Salt", Convert.ToBase64String(userPassword.Salt));
comm.ExecuteNonQuery();
success = true;
}
catch
{
}
finally
{
if (conn.State == System.Data.ConnectionState.Open)
{
conn.Close();
}
}
return(success);
}
/// <summary>
/// verifies the password coming in to the hashed password and salt incoming in the method
/// </summary>
/// <param name="plainPassword">the plain password of the user</param>
/// <param name="passwordObject">the hashed version of the password and salt</param>
/// <returns>if the password and hashed password was equal</returns>
public bool VerifyPassword(string plainPassword, UserPasswordObject passwordObject)
{
if (passwordObject.HashedPassword.Length == HashPassword(plainPassword, passwordObject.Salt).HashedPassword.Length&&
passwordObject.HashedPassword.SequenceEqual(HashPassword(plainPassword, passwordObject.Salt).HashedPassword))
{
return(true);
}
return(false);
}
/// <summary>
/// Checks the user credentials twoards the database returns if the user was verified
/// </summary>
/// <param name="userID">the users ID</param>
/// <param name="plainPassword">Plain password of6 the user</param>
/// <returns>If the users credentials was verified</returns>
public bool CheckUserCredentials(string userID, string plainPassword)
{
UserPasswordObject userPasswordObject = GetUserPassword(userID);
if (userPasswordObject == null)
{
return(false);
}
bool verifyPasswordResult = VerifyPassword(plainPassword, userPasswordObject);
if (verifyPasswordResult)
{
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Gets a users hashed password
/// </summary>
/// <param name="userId">The user ID to get the hashed password</param>
/// <returns>null if the user does not exist otherwise the data existing on the database</returns>
public UserPasswordObject GetUserPassword(string userId)
{
MySqlConnection conn = new MySqlConnection(mysql.ConnectionString);
MySqlCommand comm = conn.CreateCommand();
UserPasswordObject userPasswordObject = null;
try
{
conn.Open();
comm.CommandText = "SELECT Password,Salt FROM userpassword WHERE ID = @ID LIMIT 1;";
comm.Parameters.AddWithValue("@ID", userId);
MySqlDataReader reader = comm.ExecuteReader();
while (reader.Read())
{
userPasswordObject = new UserPasswordObject(
Convert.FromBase64String(reader.GetString("Password")),
Convert.FromBase64String(reader.GetString("Salt"))
);
}
}
catch
{
}
finally
{
if (conn.State == System.Data.ConnectionState.Open)
{
conn.Close();
}
}
return(userPasswordObject);
}
/// <summary>
/// Registers a user from an ID and password, handles the whole situation from start to finish
/// </summary>
/// <param name="userId">Username of the user</param>
/// <param name="plaintextPass">plain text of the password</param>
/// <returns>if the registration was sucessfull</returns>
public bool RegisterUser(string userId, string plaintextPass)
{
UserPasswordObject userPasswordObject = HashPassword(plaintextPass);
return(CreateUserAndPassword(userId, userPasswordObject));
}
