} // end update username btn click
protected void btnUpdatePassword_Click(object sender, EventArgs e)
{ // validate user input for password
Session["remain"] = 1;
Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");
// make sure entered password matches criteria
if (txtNewPassword.Text == "" || !regexPassword.IsMatch(txtNewPassword.Text))
{
lblPasswordError.Text = "Please enter your new password."; txtNewPassword.Text = "";
txtNewPassword.CssClass += " is-invalid"; return;
} // end check
if (txtNewPassword.Text != txtConfirmPassword.Text)
{
txtConfirmPassword.CssClass += " is-invalid";
txtConfirmPassword.Text = ""; return;
}
else
{
// has password
byte[] saltArray = CryptoUtilities.GenerateSalt();
byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, txtNewPassword.Text);
SqlCommand objUpdatePass = new SqlCommand();
objUpdatePass.CommandType = CommandType.StoredProcedure;
objUpdatePass.CommandText = "TP_UpdatePassword";
objUpdatePass.Parameters.AddWithValue("@userID", userID);
objUpdatePass.Parameters.AddWithValue("@pass", hashPassword);
objUpdatePass.Parameters.AddWithValue("@salt", saltArray);
obj.DoUpdateUsingCmdObj(objUpdatePass, out string error);
if (String.IsNullOrEmpty(error))
{
txtConfirmPassword.Text = ""; txtNewPassword.Text = "";
txtNewPassword.CssClass = txtNewPassword.CssClass.Replace("is-invalid", "").Trim();
ClientScript.RegisterStartupScript(this.GetType(), "SuccessToast", "showSuccess();", true);
// ScriptManager.RegisterClientScriptBlock(this, GetType(), "alertMessage", @"alert('Successfully updated password')", true);
}
}
} // end update password btn click
protected void btnCreateAccount_Click(object sender, EventArgs e)
{
//Basic validation
divUsernameExists.Visible = false;
divEmailExists.Visible = false;
string username = txtUsername.Text;
string email = txtEmail.Text.Trim();
string password = txtPassword.Text;
string passwordConfirm = txtConfirmPassword.Text;
string firstName = txtFName.Text;
string lastName = txtLName.Text;
string AddressOne = txtAddressOne.Text;
string AddressTwo = txtAddressTwo.Text;
string city = txtCity.Text;
string state = ddlState.SelectedValue;
string zip = txtZip.Text;
string SQOne = txtSecurityQOne.Text;
string SQTwo = txtSecurityQTwo.Text;
string SQThree = txtSecurityQThree.Text;
//
//Regular Expressions sourced from http://regexlib.com
//
Regex regexEmail = new Regex(@"^([\w\d\-\.]+)@{1}(([\w\d\-]{1,67})|([\w\d\-]+\.[\w\d\-]{1,67}))\.(([a-zA-Z\d]{2,4})(\.[a-zA-Z\d]{2})?)$");
Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");
Regex regexZip = new Regex(@"(^\d{5}$)|(^\d{5}-\d{4}$)");
txtUsername.CssClass = txtUsername.CssClass.Replace("is-invalid", "").Trim();
txtEmail.CssClass = txtEmail.CssClass.Replace("is-invalid", "").Trim();
txtPassword.CssClass = txtPassword.CssClass.Replace("is-invalid", "").Trim();
txtConfirmPassword.CssClass = txtConfirmPassword.CssClass.Replace("is-invalid", "").Trim();
txtFName.CssClass = txtFName.CssClass.Replace("is-invalid", "").Trim();
txtLName.CssClass = txtLName.CssClass.Replace("is-invalid", "").Trim();
txtAddressOne.CssClass = txtAddressOne.CssClass.Replace("is-invalid", "").Trim();
txtAddressTwo.CssClass = txtAddressTwo.CssClass.Replace("is-invalid", "").Trim();
txtCity.CssClass = txtCity.CssClass.Replace("is-invalid", "").Trim();
ddlState.CssClass = ddlState.CssClass.Replace("is-invalid", "").Trim();
txtZip.CssClass = txtZip.CssClass.Replace("is-invalid", "").Trim();
txtSecurityQOne.CssClass = txtSecurityQOne.CssClass.Replace("is-invalid", "").Trim();
txtSecurityQTwo.CssClass = txtSecurityQTwo.CssClass.Replace("is-invalid", "").Trim();
txtSecurityQThree.CssClass = txtSecurityQThree.CssClass.Replace("is-invalid", "").Trim();
ddlSecurityQOne.CssClass = ddlSecurityQOne.CssClass.Replace("is-invalid", "").Trim();
ddlSecurityQTwo.CssClass = ddlSecurityQTwo.CssClass.Replace("is-invalid", "").Trim();
ddlSecurityQThree.CssClass = ddlSecurityQThree.CssClass.Replace("is-invalid", "").Trim();
Boolean trigger = false;
if (username.Length <= 0)
{
trigger = true;
txtUsername.CssClass += " is-invalid";
}
if (email.Length <= 0 || !regexEmail.IsMatch(email))
{
trigger = true;
txtEmail.CssClass += " is-invalid";
}
if (password.Length <= 0 || !regexPassword.IsMatch(password))
{
trigger = true;
txtPassword.CssClass += " is-invalid";
txtPassword.Text = "";
}
if (password != passwordConfirm)
{
txtConfirmPassword.CssClass += " is-invalid";
txtConfirmPassword.Text = "";
}
if (firstName.Length <= 0)
{
trigger = true;
txtFName.CssClass += " is-invalid";
}
if (lastName.Length <= 0)
{
trigger = true;
txtLName.CssClass += " is-invalid";
}
if (AddressOne.Length <= 0)
{
trigger = true;
txtAddressOne.CssClass += " is-invalid";
}
if (city.Length <= 0)
{
trigger = true;
txtCity.CssClass += " is-invalid";
}
if (state.Length <= 0)
{
trigger = true;
ddlState.CssClass += " is-invalid";
}
if (zip.Length <= 0 || !regexZip.IsMatch(zip))
{
trigger = true;
txtZip.CssClass += " is-invalid";
}
if (SQOne.Length <= 0)
{
trigger = true;
txtSecurityQOne.CssClass += " is-invalid";
}
if (SQTwo.Length <= 0)
{
trigger = true;
txtSecurityQTwo.CssClass += " is-invalid";
}
if (SQThree.Length <= 0)
{
trigger = true;
txtSecurityQThree.CssClass += " is-invalid";
}
if (ddlSecurityQOne.SelectedValue == "")
{
trigger = true;
ddlSecurityQOne.CssClass += " is-invalid";
}
if (ddlSecurityQTwo.SelectedValue == "")
{
trigger = true;
ddlSecurityQTwo.CssClass += " is-invalid";
}
if (ddlSecurityQThree.SelectedValue == "")
{
trigger = true;
ddlSecurityQThree.CssClass += " is-invalid";
}
if (trigger)
{
}
else
{
//Password Salting & Hashing
byte [] saltArray = CryptoUtilities.GenerateSalt();
byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password);
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_CreateUser";
SqlParameter inputUsername = new SqlParameter("@username", username)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputPassword = new SqlParameter("@password", hashPassword)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarBinary
};
SqlParameter inputSalt = new SqlParameter("@salt", saltArray)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarBinary
};
SqlParameter inputEmail = new SqlParameter("@emailAddress", email)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputFirstName = new SqlParameter("@firstName", firstName)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputLastName = new SqlParameter("@lastName", lastName)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputBilling = new SqlParameter("@billing", AddressOne)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputCity = new SqlParameter("@city", city)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputState = new SqlParameter("@state", state)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter inputZip = new SqlParameter("@zip", Convert.ToInt32(zip))
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
SqlParameter outputUsernameExists = new SqlParameter("@UsernameExists", SqlDbType.Int)
{
Direction = ParameterDirection.Output
};
SqlParameter outputEmailExists = new SqlParameter("@EmailExists", SqlDbType.Int)
{
Direction = ParameterDirection.Output
};
SqlParameter outputNewUserID = new SqlParameter("@NewUserID", SqlDbType.Int)
{
Direction = ParameterDirection.Output
};
commandObj.Parameters.Add(inputUsername);
commandObj.Parameters.Add(inputPassword);
commandObj.Parameters.Add(inputSalt);
commandObj.Parameters.Add(inputEmail);
commandObj.Parameters.Add(inputFirstName);
commandObj.Parameters.Add(inputLastName);
commandObj.Parameters.Add(inputBilling);
commandObj.Parameters.Add(inputCity);
commandObj.Parameters.Add(inputState);
commandObj.Parameters.Add(inputZip);
commandObj.Parameters.Add(outputNewUserID);
commandObj.Parameters.Add(outputEmailExists);
commandObj.Parameters.Add(outputUsernameExists);
if (dbConnection.DoUpdateUsingCmdObj(commandObj, out string exception) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
else
{
//Two output parameters tell us if the username or email exists
if (Int32.Parse(outputUsernameExists.Value.ToString()) == 1)
{
divUsernameExists.Visible = true;
}
if (Int32.Parse(outputEmailExists.Value.ToString()) == 1)
{
divEmailExists.Visible = true;
}
if (!(Int32.Parse(outputUsernameExists.Value.ToString()) == 1 && (Int32.Parse(outputEmailExists.Value.ToString()) == 1)))
{
//If we pass the checks, then also update the security questions
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_UpdateSecurityQuestions";
DataTable dtSecurityQuestions = new DataTable();
dtSecurityQuestions.Columns.Add("UserId", typeof(int));
dtSecurityQuestions.Columns.Add("QuestionID", typeof(int));
dtSecurityQuestions.Columns.Add("QuestionAnswer", typeof(string));
DataRow newRow = dtSecurityQuestions.NewRow();
newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString());
newRow["QuestionId"] = Int32.Parse(ddlSecurityQOne.SelectedValue);
newRow["QuestionAnswer"] = txtSecurityQOne.Text;
dtSecurityQuestions.Rows.Add(newRow);
newRow = dtSecurityQuestions.NewRow();
newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString());
newRow["QuestionId"] = Int32.Parse(ddlSecurityQTwo.SelectedValue);
newRow["QuestionAnswer"] = txtSecurityQTwo.Text;
dtSecurityQuestions.Rows.Add(newRow);
newRow = dtSecurityQuestions.NewRow();
newRow["UserId"] = Int32.Parse(outputNewUserID.Value.ToString());
newRow["QuestionId"] = Int32.Parse(ddlSecurityQThree.SelectedValue);
newRow["QuestionAnswer"] = txtSecurityQThree.Text;
dtSecurityQuestions.Rows.Add(newRow);
commandObj.Parameters.AddWithValue("@SecurityQuestions", dtSecurityQuestions);
commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString());
if (dbConnection.DoUpdateUsingCmdObj(commandObj, out exception) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
else
{
// insert empty list of prefs
insertPreferences(Convert.ToInt32(outputNewUserID.Value.ToString()));
Session["RegisteringUserID"] = outputNewUserID;
//Generate a random verification code using the crypto provider
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] random = new byte[16];
rng.GetBytes(random);
string rngString = Convert.ToBase64String(random);
string trimmed = rngString.Substring(0, rngString.Length - 2);
// send email
string sendAdd = "*****@*****.**";
MailMessage msg = new MailMessage();
msg.To.Add(new MailAddress(@email));
msg.Subject = "QUERY Welcome Email";
msg.From = new MailAddress(sendAdd);
msg.IsBodyHtml = true;
msg.Body = "<div> Thank you for signing up for Query.com! <Br><BR> You have successfully " +
"created an account. To verify, please enter the verification code: <strong>" + trimmed +
"</strong><Br><BR> <div>";
SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587);
smtp.Credentials = new System.Net.NetworkCredential(sendAdd, "CIS3342TermProject");
smtp.EnableSsl = true;
smtp.Send(msg);
Session["email"] = email;
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_InsertVerification";
commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString());
commandObj.Parameters.AddWithValue("@code", trimmed);
DBConnect OBJ = new DBConnect();
if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) != -2)
{
Response.Redirect("Verification.aspx");
}
else
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
} // end inner else
} // end outter else
} // end inner if
} // end outter else
} // end outermose else
} // end button click - create account
protected void btnChangePass_Click(object sender, EventArgs e)
{
string password = txtNewPass.Text;
string passwordConfirm = txtConfirmPass.Text;
Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");
bool trigger = false;
//Validate password; Make sure it passes regex and matches the confirm password input
if (password.Length <= 0 || !regexPassword.IsMatch(password))
{
trigger = true;
txtNewPass.CssClass += " is-invalid";
txtNewPass.Text = "";
}
if (password != passwordConfirm)
{
trigger = true;
txtConfirmPass.CssClass += " is-invalid";
txtConfirmPass.Text = "";
}
if (!trigger)
{
//Salt the password and update it in the db
//Password Salting & Hashing
byte[] saltArray = CryptoUtilities.GenerateSalt();
byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password);
try
{
SqlCommand commandObj = new SqlCommand();
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_UpdatePassword";
commandObj.Parameters.AddWithValue("@userID", Session["VerifyingID"].ToString());
commandObj.Parameters.AddWithValue("@pass", hashPassword);
commandObj.Parameters.AddWithValue("@salt", saltArray);
DBConnect OBJ = new DBConnect();
if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
else
{
divSuccess.Visible = true;
divChangePassword.Visible = false;
}
}
catch
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
}
else
{
divInvalidPassword.Visible = true;
}
}
