// Button 'Save' // Validate input and insert into database private void buttonNewUserConfirm_Click(object sender, EventArgs e) { Boolean existingid = false; string adminid = textBoxUsername.Text; string firstname = textBoxFirstname.Text; string lastname = textBoxLastname.Text; string password = textBoxPassword.Text; int superuser = 0; if (checkBoxSuperuser.Checked) { superuser = 1; } // Check for null or empty input if (string.IsNullOrWhiteSpace(adminid)) { MessageBox.Show("Username field is not filled in"); } if (string.IsNullOrWhiteSpace(firstname)) { MessageBox.Show("Firstname field is not filled in"); } if (string.IsNullOrWhiteSpace(lastname)) { MessageBox.Show("Lastname field is not filled in"); } if (string.IsNullOrWhiteSpace(password)) { MessageBox.Show("Password field is not filled in"); } // Check if username is already taken if (DBGetData.GetLoginUsername(adminid) > 0) { existingid = true; } if (existingid) { MessageBox.Show("Username already exists, please choose a different one."); } // Execute save if (!existingid && !string.IsNullOrWhiteSpace(adminid) && !string.IsNullOrWhiteSpace(firstname) && !string.IsNullOrWhiteSpace(lastname) && !string.IsNullOrWhiteSpace(password)) { // Generate new salt and hash password PasswordHasher pwHasher = new PasswordHasher(); HashResult hashedPassword = pwHasher.HashNewSalt(password, 20, SHA512.Create()); string salt = hashedPassword.Salt; string passwordHash = hashedPassword.Digest; DBSetData.UserAdd(adminid, firstname, lastname, passwordHash, salt, superuser); // Close form this.Close(); userForm.LoadDataUser(); userForm.Refresh(); new StatusMessage("User with login " + adminid + " is added to the database."); } }
// Fetches a valid users stored salt and makes a hash with the salt and password input // Checks database for username/password combination match private void CheckLogin() { string uid = textBoxUsername.Text; string upw = textBoxPassword.Text; // Check for input if (!string.IsNullOrWhiteSpace(uid) && !string.IsNullOrWhiteSpace(upw)) { Boolean validLogin = false; string salt; int su; // Fetch salt and superuser status for user MySqlDataReader getValues = DBGetData.GetLoginData(uid); if (getValues.Read()) { salt = getValues.GetString(0); su = getValues.GetInt32(1); // Hash password with salt PasswordHasher pwHasher = new PasswordHasher(); HashResult hashedPassword = pwHasher.HashStoredSalt(upw, salt, SHA512.Create()); if (DBGetData.GetLoginMatch(uid, hashedPassword.Digest) == 1) { validLogin = true; } // Check for login match if (validLogin) { // Save user information in static variables through the UserInfo class UserInfo.AdminID = uid; UserInfo.SuperUser = su; // Open main program and hide login screen UserInterface UIForm = new UserInterface(); UIForm.Show(); this.Hide(); } } // No login match else { this.labelStatus.Text = "Username or password incorrect, try again."; } getValues.Dispose(); } // No textfield input else { this.labelStatus.Text = "Username or password field empty, try again."; } }
// Button 'Reset' private void buttonEditPasswordConfirm_Click(object sender, EventArgs e) { Boolean passwordMatch = false; string password = textBoxPassword.Text; string passwordConfirm = textBoxPasswordConfirm.Text; // Check for null or empty input if (string.IsNullOrWhiteSpace(password)) { MessageBox.Show("Password field is not filled in"); } if (string.IsNullOrWhiteSpace(passwordConfirm)) { MessageBox.Show("Password confirmation field is not filled in"); } // Check that confirmation field is equal to password field if (password.Equals(passwordConfirm)) { passwordMatch = true; } // Execute save if (passwordMatch && !string.IsNullOrWhiteSpace(adminid) && !string.IsNullOrWhiteSpace(password) && !string.IsNullOrWhiteSpace(passwordConfirm)) { // Generate new salt and hash password PasswordHasher pwHasher = new PasswordHasher(); HashResult hashedPassword = pwHasher.HashNewSalt(password, 20, SHA512.Create()); string salt = hashedPassword.Salt; string passwordHash = hashedPassword.Digest; DBSetData.UserPasswordChange(adminid, passwordHash, salt); // Close form this.Close(); userForm.LoadDataUser(); new StatusMessage("Password for user with login " + adminid + " is updated in the database."); } }