protected void btnFinish_Click(object sender, EventArgs e) { if (!(Page.IsValid)) { return; } if (hdnMeVal.Value != "1") { return; } lblStatus.Text = string.Empty; pnlError.Visible = false; //OBSOLETE //if (!chkCOPPA.Checked) //{ // lblStatus.Text = "You must be 13 yrs of age to register on this web site."; // return; //} string txtFN, txtEmailId, txtPassword, txtPhoneNumber; string txtUserName; int iAcctType; int showPhone; DateTime dCreateDate; byte[] hBytes; //hash bytes byte[] saltBytes; //salt bytes string saltString; //salt string int iBoarderType; int iMerchantVal; //Validate form and get values txtFN = " "; txtEmailId = txtEmail.Text; txtPassword = txtPassword1.Text; txtUserName = Global.ParseEmail(txtEmail.Text); BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher(); //Get SALT and encode to string saltBytes = pHash.GenerateSALT(); saltString = Convert.ToBase64String(saltBytes); //get hash and encode to string with SALT hBytes = pHash.getHash(saltString, txtPassword); txtPassword = Convert.ToBase64String(hBytes); //hashed password //Free = 1; Commercial = 2 iAcctType = Convert.ToInt16(radioAcctType.SelectedValue); txtPhoneNumber = string.Empty; if (txtPhoneNum.Text != "optional") { txtPhoneNumber = txtPhoneNum.Text; } showPhone = (int)0; //if no phone num is entered then showPhonenum flag must be set to zero //if (txtAreaCode.Text != "" && txtPhoneNum.Text != "") //{ // if (chkShowPhone.Checked == true) // { // showPhone = (int)1; // } //} //else //{ // showPhone = (int)0; //} iBoarderType = 1; // cboBoarderType.SelectedIndex; //log date acct created dCreateDate = DateTime.Now; //Connect to DB String strSQL; String myConnectString; //Formulate connect string to DB myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //Verify unique e-mail id. This is how we try to prevent users if (verify_User(myConnectString, txtEmailId)) { pnlError.Visible = true; lblStatus.Text = "That e-mail is already registered. Please try another one."; //lblStatus.CssClass = "errorLabel"; lblStatus.Visible = true; return; } iMerchantVal = (int)0; if (iAcctType == (int)2) { iMerchantVal = Convert.ToInt16(cboMerchantType.SelectedValue); if (iMerchantVal == (int)0) { pnlError.Visible = true; lblStatus.Text = "Select your type of business."; //lblStatus.CssClass = "errorLabel"; cboMerchantType.BorderColor = Color.Red; lblStatus.Visible = true; return; } } //Build SQL strSQL = "INSERT INTO tblUser (txtFullName, txtPassword, txtPhoneNum, iShowPhoneNum, txtEmail, dCreateDate, iEntryCount, iAcctType, sashimi, salt, boarderType, iMerchantType, txtUserName)"; strSQL += "VALUES ('" + txtFN + "', '" + txtPassword + "', '" + txtPhoneNumber + "', '" + showPhone + "','" + txtEmailId + "' , '" + dCreateDate + "','" + (int)0 + "','" + iAcctType + "','" + (int)1 + "','" + saltString + "','" + iBoarderType + "','" + iMerchantVal + "','" + txtUserName + "')"; SqlConnection myConnection = new SqlConnection(myConnectString); try { myConnection.Open(); SqlCommand objCommand = new SqlCommand(strSQL, myConnection); objCommand.ExecuteNonQuery(); Session["LoggedIn"] = "Yes"; Session["EmailId"] = txtEmailId; Session["acctType"] = Convert.ToInt16(radioAcctType.SelectedValue); Session["pw"] = txtPassword1.Text; // Successful login, save iD for user events while logged in if (chkUpgrade.Checked) { Session["ServiceId"] = 7; } else if (chkUpgrade2.Checked) { Session["ServiceId"] = 6; } else { Session["ServiceId"] = null; } Response.Redirect("register_finish.aspx", false); } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "Signup failed! Message: " + ex.Message); pnlError.Visible = true; lblStatus.Text = "Signup Failed."; //lblStatus.CssClass = "errorLabel"; lblStatus.Visible = true; } finally { myConnection.Close(); } }
/* * Increment the PageViewCount for the entry. The value returned will be the display value */ //public string incPageViewCount(string cnt) //{ // string tmpURL = Request.Url.ToString(); // if (Session[tmpURL] != null) // { // return cnt; // } // string connStr, strSQL; // int retval; // retval = 0; // //get conn string // connStr = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; // //cnt and iPageViewCount should be equal - do we need to check? // if (Convert.ToInt32(cnt) < (int)1) // { // strSQL = "UPDATE tblEntry SET iPageViewCount = 1 WHERE iD = '" + Request.QueryString["iD"] + "'"; // } // else // { // strSQL = "UPDATE tblEntry SET iPageViewCount = iPageViewCount + 1 WHERE iD = '" + Request.QueryString["iD"] + "'"; // } // SqlConnection myConnection = new SqlConnection(connStr); // try // { // myConnection.Open(); // SqlCommand objCommand = new SqlCommand(strSQL, myConnection); // objCommand.ExecuteNonQuery(); // Session.Add(Request.Url.ToString(), Request.Url.ToString()); // retval = Convert.ToInt32(cnt) + 1; // } // catch (Exception ex) // { // ErrorLog.ErrorRoutine(false, "Error in PageViewCount processing: " + ex.Message ); // lblStatus.Text = "Error!"; // } // finally // { // //close // myConnection.Close(); // } // return (retval.ToString()); //} /* */ protected void btnLogin_Click(object sender, EventArgs e) { //Connect to DB String strSQL; String myConnectString; //Formulate connect string to DB myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //3. Formulate SQL strSQL = "SELECT * FROM tblUser WHERE txtEmail='" + txtUsername.Text + "'"; SqlConnection myConnection = new SqlConnection(myConnectString); try { SqlCommand objCommand = new SqlCommand(strSQL, myConnection); myConnection.Open(); SqlDataReader objReader = null; objReader = objCommand.ExecuteReader(); if (objReader.Read() == true) { string txtPass = objReader["txtPassword"].ToString(); bool bLoginSuccess = false; if (objReader["sashimi"].ToString() == "1") { //get hasher pointer BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher(); //get salt from db string saltVal = objReader["salt"].ToString(); //compute hash from user input byte[] tmpByte; tmpByte = pHash.getHash(saltVal, txtPassword.Text); string pwdToMatch = Convert.ToBase64String(tmpByte); //check for match if (pwdToMatch == txtPass) { bLoginSuccess = true; } } //old algorithm else { if (objReader["txtPassword"].ToString() == txtPassword.Text) { bLoginSuccess = true; } } //check password match if (bLoginSuccess) { // Successful login, save iD for user events while logged in Session["LoggedIn"] = "Yes"; Session["userId"] = objReader["iD"].ToString(); Session["EmailId"] = objReader["txtEmail"].ToString(); Session["acctType"] = objReader["iAcctType"].ToString(); pnlLoginMsg.Visible = false; pnlLogin.Visible = false; BindComments(); dlCommentList.Visible = true; pnlCommentBox.Visible = true; //Get text for login links lnkSignIn.Text = Global.SetLnkSignIn(); lnkSignUp.Text = Global.SetLnkSignUp(); } //login failed else { Response.Redirect("login.aspx"); } } else { //lblStatus.Text = "Incorrect Username"; } myConnection.Close(); } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "Failed Log-in from pnlLogin: " + ex.Message); } }
/* */ public bool DoLogin(string username, string password, bool hashit, bool overRide) { string strSQL; IDBManager dbManager = new DBManager(DataProvider.SqlServer); //dbManager.ConnectionString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; dbManager.ConnectionString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString; // strSQL = @"SELECT u.sashimi, u.txtUserName, u.salt, u.txtPassword, u.iD, u.txtEmail, u.iAcctType, u.iMerchantType, u.blog_flg, u.userDir // FROM tblUser u WHERE txtEmail='" + username + "'"; strSQL = @"SELECT u.sashimi, u.txtUserName, u.salt, u.txtPassword, u.iD, u.txtEmail, u.iAcctType, u.iMerchantType, u.blog_flg, u.userDir, (Select count(*) from tblServices s where (s.iServiceVal = 6 or s.iServiceVal = 7) and iuserId = u.id and iStatus = 1 ) as isPro FROM tblUser u WHERE txtEmail='" + username + "'"; try { dbManager.Open(); dbManager.ExecuteReader(CommandType.Text, strSQL); if (dbManager.DataReader.Read() == true) { string pwdToMatch; string txtPass = dbManager.DataReader["txtPassword"].ToString(); bool bLoginSuccess = false; if (dbManager.DataReader["sashimi"].ToString() == "1" && overRide == false) { if (hashit) { //get hasher pointer BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher(); //get salt from db string saltVal = dbManager.DataReader["salt"].ToString(); //compute hash from user input byte[] tmpByte; tmpByte = pHash.getHash(saltVal, password); pwdToMatch = Convert.ToBase64String(tmpByte); } else { //ErrorLog.ErrorRoutine(false, "NotHashing"); pwdToMatch = password; } //check for match if (pwdToMatch == txtPass) { bLoginSuccess = true; } } //old algorithm; match with no hash else { if (dbManager.DataReader["txtPassword"].ToString() == password) { bLoginSuccess = true; } } //check password match if (bLoginSuccess || overRide) { // Successful login, save iD for user events while logged in HttpContext.Current.Session["LoggedIn"] = "Yes"; HttpContext.Current.Session["userId"] = dbManager.DataReader["iD"].ToString(); HttpContext.Current.Session["EmailId"] = dbManager.DataReader["txtEmail"].ToString(); HttpContext.Current.Session["acctType"] = dbManager.DataReader["iAcctType"].ToString(); HttpContext.Current.Session["MerchantType"] = dbManager.DataReader["iMerchantType"].ToString(); HttpContext.Current.Session["BlogFlg"] = dbManager.DataReader["blog_flg"].ToString(); HttpContext.Current.Session["userDir"] = dbManager.DataReader["userDir"].ToString(); HttpContext.Current.Session["userName"] = dbManager.DataReader["txtUserName"].ToString(); if (dbManager.DataReader["txtUserName"].ToString() == string.Empty) { HttpContext.Current.Session["userName"] = Global.ParseEmail(dbManager.DataReader["txtEmail"]); } //check for pro if (Convert.ToInt32(dbManager.DataReader["isPro"].ToString()) > 0) { HttpContext.Current.Session["isPro"] = 1; } else { HttpContext.Current.Session["isPro"] = 0; } return(true); } //login failed else { return(false); } } else//couldn't read - bad username { ErrorLog.ErrorRoutine(false, "No record of user name"); return(false); } } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "ClsLogin:DoLogin:Error " + ex.Message); //send error email return(false); } finally { dbManager.Close(); dbManager.Dispose(); } }
protected void btnSave_Click(object sender, EventArgs e) { //kick out if validation failed if (!(Page.IsValid)) { //Do over; Reset anything here that needs a reset ResetImgMgr(); return; } //tally up ShaperCodeValue if (hdnIsShaper.Value == "1") { TallyShaperCode(); } string strSQL = string.Empty; string txtPhoneNumber; string emailNotify; string blogNotify; string profPic; int showPhoneNum; int iAcctType; IDBManager dbManager = new DBManager(DataProvider.SqlServer); dbManager.ConnectionString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //Verify unique e-mail id. if (Session["EmailId"].ToString() != txtEmail.Text) { if (verify_User(dbManager.ConnectionString, txtEmail.Text)) { lblStatus.ForeColor = System.Drawing.Color.Red; lblStatus.Text = "That e-mail is already registered. Please try again."; return; } } //show phone flag showPhoneNum = (int)0; //Free acct=1; Commercial = 2 iAcctType = Convert.ToInt16(radioAcctType.SelectedValue); emailNotify = rdoEmailNotify.SelectedValue; blogNotify = rdoBlogNotify.SelectedValue; txtPhoneNumber = txtAreaCode.Text + "-" + txtPhoneNum.Text; //if no phone num is entered then showPhonenum flag must be set to zero if (txtAreaCode.Text != "" && txtPhoneNum.Text != "") { if (chkShowPhone.Checked == true) { showPhoneNum = (int)1; } } //Get user's id string uId = Session["userId"].ToString(); strSQL = "UPDATE tblUser SET txtFullName = '" + txtFullName.Text; strSQL += "' ,txtEmail = '" + txtEmail.Text; strSQL += "',txtPhoneNum = '" + txtPhoneNumber; strSQL += "',iShowPhoneNum = '" + showPhoneNum; strSQL += "',iAcctType = '" + iAcctType; strSQL += "',notify_comment_flg = '" + emailNotify; strSQL += "',notify_blog_flg = '" + blogNotify; strSQL += "',txtUserName = '******',txtHomeTown = '" + Global.CheckString(txtHomeTown.Text); strSQL += "',txtWebSite = '" + Global.CheckString(txtWebsite.Text); strSQL += "',txtUserDetails = '" + Global.CheckString(txtDetails.Text); strSQL += "',iWisdom = '" + Global.CheckString(txtShapingYrs.Text); strSQL += "',txtBrandName = '" + Global.CheckString(txtBrandName.Text); strSQL += "',iRegion = '" + cboRegion.SelectedValue; if (hdnShaperCode.Value.Length > 0) { strSQL += "',iShaperCode = '" + Global.CheckString(hdnShaperCode.Value); } } //skip pwd processing if the change pwd panel is not visible if (pnlChangePwd.Visible && txtPassword1.Text.Length > 1) { BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher(); //Get SALT and encode to string byte[] saltBytes = pHash.GenerateSALT(); string saltString = Convert.ToBase64String(saltBytes); //get hash and encode to string with SALT byte[] hBytes = pHash.getHash(saltString, txtPassword1.Text); string hPass = Convert.ToBase64String(hBytes); //hashed textual password //build SQL strSQL += "' ,txtPassword = '******',salt = '" + saltString + "',sashimi = '" + (int)1; } //get profile pic if loaded and control set if (rdoImgMgr1.SelectedValue == "Change" || rdoImgMgr1.SelectedValue == "Add") { if (!CheckFileType()) { ResetImgMgr(); return; } //TODO: check for file before attempting to upload profPic = UpLoadAllImages(); strSQL += "' ,profilePic = '" + profPic; //delete old profile pic if (!(hdnProfilePic.Value.IndexOf("nopic64.jpg") > 0)) { //ErrorLog.ErrorRoutine(false, "Deleting old pic: " + Server.MapPath(hdnProfilePic.Value)); DeleteFile(); } } else { if (rdoImgMgr1.SelectedValue == "Delete") { DeleteFile(); //set to empty string strSQL += "' ,profilePic = '"; } //else KEEP: do nothing } strSQL += "' WHERE id = '" + uId + "'"; ErrorLog.ErrorRoutine(false, "strSQL-> " + strSQL); try { dbManager.Open(); dbManager.ExecuteNonQuery(CommandType.Text, strSQL); //Set new EmailId Session["EmailId"] = txtEmail.Text; //classes.Email.SendEmail("BH Profile Change", "*****@*****.**", "For User: "******"EmailId"].ToString() + " iD: " + uId); Response.Redirect("UserMenu.aspx", false); } catch (Exception ex) { ErrorLog.ErrorRoutine(false, "edit_profile:error" + ex.Message); lblStatus.Text = "Error: Connection Bad.<br>"; classes.Email.SendErrorEmail("edit_profile:error" + ex.Message); } finally { dbManager.Close(); dbManager.Dispose(); } }
private void imgContact_Click(object sender, System.EventArgs e) { if (!Page.IsValid) { return; } //Connect to DB String strSQL; String myConnectString; //Formulate connect string to DB myConnectString = ConfigurationManager.ConnectionStrings["myConn"].ConnectionString;; //Build SQL strSQL = "SELECT * FROM tblUser WHERE txtEmail='" + txtEmail.Text + "'"; SqlConnection myConnection = new SqlConnection(myConnectString); try { SqlCommand objCommand = new SqlCommand(strSQL, myConnection); myConnection.Open(); SqlDataReader objReader = null; objReader = objCommand.ExecuteReader(); if (objReader.Read() == true) { BoardHunt.classes.hasher pHash = new BoardHunt.classes.hasher(); byte[] saltBytes = pHash.GenerateSALT(); string saltString = Convert.ToBase64String(saltBytes); BoardHunt.classes.RandomPassword pwdGen = new BoardHunt.classes.RandomPassword(); string newPwd = pwdGen.Generate(); byte[] hBytes = pHash.getHash(saltString, newPwd); string hPass = Convert.ToBase64String(hBytes); if (UpdateUserPwd(hPass, saltString)) { //check password match if (newPwd != null && newPwd != "" && newPwd.Length > 0) { string emailMsg = "Your new password is: " + newPwd + "<br><br>You can change it again in the edit profile settings."; classes.Email.SendEmail("Login info", txtEmail.Text, "*****@*****.**", emailMsg, false); ////Mail the password ////Create an instance of the MailMessage class //MailMessage mail = new MailMessage(); ////mail.To = "*****@*****.**"; //mail.To = txtEmail.Text; //mail.From = "*****@*****.**"; ////'If you want to CC this email to someone else ////'objMM.Cc = "*****@*****.**" ////email format. Can be Text or Html //mail.BodyFormat = MailFormat.Text; ////Set the priority - options are High, Low, and Normal //mail.Priority = MailPriority.Normal; ////Set the subject //mail.Subject = "Login info"; ////Set the body //mail.Body = "Your new password is: " + newPwd; ////Smtp Server //SmtpMail.SmtpServer = "mrelay.perfora.net"; ////Send the message //SmtpMail.Send(mail); panelSendEmail.Visible = false; panelMailSent.Visible = true; } } } else { //TODO: add code for no record for e-mail lblStatus.Text = " We can't find that e-mail. Check it again or sign up. "; lblStatus.BorderWidth = 1; } } catch { lblStatus.Text = "Error!"; } finally { myConnection.Close(); } }