IEnumerator RegisterCoroutine()
{
errorSubtitle.text = "";
string pwhash = PBKDF2Hash.Hash(password.text);
string url = string.Format(registerURL,
WWW.EscapeURL(username.text),
WWW.EscapeURL(pwhash),
WWW.EscapeURL(email.text));
WWW www = new WWW(url);
yield return(www);
if (www.error != null)
{
errorSubtitle.text = www.error;
}
else
{
LoginResult json = JsonUtility.FromJson <LoginResult>(www.text);
if (json.error == null)
{
PersistentUser.Create(json);
sceneChanger.LoadScene("Map Scene");
}
else
{
errorSubtitle.text = json.error;
}
}
}
protected void ButtonSubmit_Click(object sender, EventArgs e)
{
string password = TextBoxPasswordReg.Text;
PBKDF2Hash PwdHash = new PBKDF2Hash(password);
string passwordhash = PwdHash.HashedPassword;
bool enabled = true;
SqlConnection conn = new SqlConnection(ConfigurationManager.
ConnectionStrings["ConnStringStoreDB"].ConnectionString);
string sql = @"INSERT INTO Customer VALUES(@cust_name, @gender, @address, @telephone, @email, @passwordhash, @role, @enabled)";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@cust_name", TextBoxNameReg.Text);
cmd.Parameters.AddWithValue("@gender", TextBoxGenderReg.Text);
cmd.Parameters.AddWithValue("@address", TextBoxAddressReg.Text);
cmd.Parameters.AddWithValue("@telephone", TextBoxTelephoneReg.Text);
cmd.Parameters.AddWithValue("@email", TextBoxEmailReg.Text);
cmd.Parameters.AddWithValue("@passwordhash", passwordhash);
cmd.Parameters.AddWithValue("@role", "user");
cmd.Parameters.AddWithValue("@enabled", enabled);
try
{
conn.Open();
cmd.ExecuteNonQuery();
LabelStatus.Text = "Data saved";
}
catch (SqlException ex)
{
LabelStatus.Text = ex.Message;
}
finally
{
conn.Close();
}
}
public ActionResult Signup(User user)
{
try
{
PBKDF2Hash PwdHash = new PBKDF2Hash(user.Password);
user.Password = PwdHash.HashedPassword;
if (!user.Email.Equals("*****@*****.**") && !user.Password.Equals("admin"))
{
user.Role = "user";
}
else
{
user.Role = "admin";
}
DateTime datetime = DateTime.Now;
user.DateRegistered = datetime;
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["StoreContext"].ConnectionString);
SqlCommand cmd = new SqlCommand("spInsertUser", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@UserName", user.Name);
cmd.Parameters.AddWithValue("@UserICPassport", user.ICpass);
cmd.Parameters.AddWithValue("@UserEmail", user.Email);
cmd.Parameters.AddWithValue("@UserPassword", user.Password);
cmd.Parameters.AddWithValue("@Role", user.Role);
cmd.Parameters.AddWithValue("@DateRegistered", user.DateRegistered);
try
{
conn.Open();
cmd.ExecuteNonQuery();
//user.UserId = Convert.ToInt32(cmd.ExecuteScalar());
Session["UserId"] = user.UserId;
Session["Name"] = user.Name;
Session["ICPass"] = user.ICpass;
Session["Email"] = user.Email;
Session["Password"] = user.Password;
Session["Role"] = user.Role;
Session["DateRegistered"] = user.DateRegistered;
}
catch
{
return(View());
}
finally
{
conn.Close();
}
return(RedirectToAction("Index"));
}
catch
{
return(View());
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string sql = "SELECT * FROM user_reg WHERE username=@username";
SqlConnection conn = new SqlConnection(ConfigurationManager.
ConnectionStrings["ConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@username", txtUserName.Text);
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable(); sda.Fill(dt);
if (dt.Rows.Count > 0)
{
Object objpasswordhash = dt.Rows[0]["passwordhash"];
Object objrole = dt.Rows[0]["role"];
Object objphone = dt.Rows[0]["phone"];
Object objaddress = dt.Rows[0]["address"];
Object objgender = dt.Rows[0]["gender"];
Object objenabled = dt.Rows[0]["enabled"];
string password = txtPassword.Text;
string storedpasswordhash = objpasswordhash.ToString();
PBKDF2Hash PwdHash = new PBKDF2Hash(password, storedpasswordhash);
bool passwordcheck = PwdHash.PasswordCheck;
bool enabled = Convert.ToBoolean(objenabled);
if (passwordcheck == true && enabled == true)
{
Session["username"] = txtUserName.Text;
Session["role"] = objrole;
Session["phone"] = objphone;
Session["address"] = objaddress;
Session["gender"] = objgender;
if (Session["role"].ToString() == "admin")
{
Response.Redirect("EditDeleteItems.aspx");
}
else if (Session["role"].ToString() == "user")
{
Response.Redirect("Default.aspx");
}
else
{
Response.Redirect("Default.aspx");
}
Session.RemoveAll();
}
else
{
lblStatus.Text = "You're username and/or password is incorrect";
lblStatus.ForeColor = System.Drawing.Color.Red;
}
}
}
public void text_is_hashed_with_specified_salt()
{
PBKDF2Hash.HashedBytes expected = new PBKDF2Hash.HashedBytes("Csf0jEKmYUVfsfk7UHVIKFmsyj8jrTiVWPNxEp4NEdDdKcOTd2YCUX+RPJncsSu5unRbCDgeAtWFTbtsIHZe0w==", "5000.thisisasalt");
ArrayList actualResult = (ArrayList)PBKDF2Hash.PBKDF2HashList("12345", "5000.thisisasalt");
PBKDF2Hash.HashedBytes actual = (PBKDF2Hash.HashedBytes)actualResult[0];
Assert.AreEqual(expected.Hash, actual.Hash);
Assert.AreEqual(expected.Salt, actual.Salt);
}
protected void ButtonLogin_Click(object sender, EventArgs e)
{
string sql = "SELECT * FROM Customer WHERE cust_name=@cust_name";
SqlConnection conn = new SqlConnection(ConfigurationManager.
ConnectionStrings["ConnStringStoreDB"].ConnectionString);
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@cust_name", TextBoxUsernameLogin.Text);
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count > 0)
{
Object objpasswordhash = dt.Rows[0]["passwordhash"];
Object objrole = dt.Rows[0]["role"];
Object objenabled = dt.Rows[0]["enabled"];
string password = TextBoxPasswordLogin.Text;
string storedpasswordhash = objpasswordhash.ToString();
PBKDF2Hash PwdHash = new PBKDF2Hash(password, storedpasswordhash);
bool passwordcheck = PwdHash.PasswordCheck;
bool enabled = Convert.ToBoolean(objenabled);
if (passwordcheck == true && enabled == true)
{
Session["cust_name"] = TextBoxUsernameLogin.Text;
Session["role"] = objrole;
if (Session["role"].ToString() == "admin")
{
Response.Redirect("AddProduct.aspx");
}
else if (Session["role"].ToString() == "user")
{
Response.Redirect("CustomerHomepage.aspx");
}
else
{
Response.Redirect("CustomerHomepage.aspx");
}
Session.RemoveAll();
}
else
{
LabelStatus.Text = "Your username or password is incorrect";
LabelStatus.ForeColor = System.Drawing.Color.Red;
}
Session.RemoveAll();
}
else
{
LabelStatus.Text = "You're username or password is incorrect";
LabelStatus.ForeColor = System.Drawing.Color.Red;
}
}
protected void btnRegister_Click(object sender, EventArgs e)
{
string email = txtUserName.Text;
string password = txtPassword.Text;
string role = "user";
string phone = txtPhone.Text;
string address = txtAddress.Text;
string gender = radioGender.SelectedItem.Value.ToString();
PBKDF2Hash PwdHash = new PBKDF2Hash(password);
string passwordhash = PwdHash.HashedPassword;
//lblPasswordHash.Text = passwordhash;
bool enabled = true;
SqlConnection conn = new SqlConnection(ConfigurationManager.
ConnectionStrings["ConnectionString"].ConnectionString);
string sql = @"INSERT INTO user_reg (username, passwordhash, role, phone, address, gender, enabled)
VALUES (@username, @passwordhash, @role, @phone, @address, @gender, @enabled)";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@username", email);
cmd.Parameters.AddWithValue("@passwordhash", passwordhash);
cmd.Parameters.AddWithValue("@role", role);
cmd.Parameters.AddWithValue("@phone", phone);
cmd.Parameters.AddWithValue("@address", address);
cmd.Parameters.AddWithValue("@gender", gender);
cmd.Parameters.AddWithValue("@enabled", enabled);
try
{
conn.Open(); cmd.ExecuteNonQuery();
//lblStatus.Text = "Status: Data successfully saved.";
}
catch (SqlException ex)
{
//lblStatus.Text = ex.Message;
}
finally
{
conn.Close();
}
}
private bool ChangeUserPassword()
{
string password = txtNewPassword.Text;
PBKDF2Hash PwdHash = new PBKDF2Hash(password);
string passwordhash = PwdHash.HashedPassword;
List <SqlParameter> paramList = new List <SqlParameter>()
{
new SqlParameter()
{
ParameterName = "@GUID",
Value = Request.QueryString["uid"]
},
new SqlParameter()
{
ParameterName = "@password",
#pragma warning disable CS0618 // Type or member is obsolete
Value = passwordhash
#pragma warning restore CS0618 // Type or member is obsolete
}
};
return(ExecuteSP("spChangePassword", paramList));
}
public ActionResult Login(User user)
{
if (ModelState.IsValid)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["StoreContext"].ConnectionString);
SqlCommand cmd = new SqlCommand("spGetLoginData", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Email", user.Email);
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count > 0)
{
Object objUserid = dt.Rows[0]["Userid"];
Object objName = dt.Rows[0]["Name"];
Object objICpass = dt.Rows[0]["ICpass"];
Object objEmail = dt.Rows[0]["Email"];
Object objPassword = dt.Rows[0]["Password"];
Object objRole = dt.Rows[0]["Role"];
Object objDateRegistered = dt.Rows[0]["DateRegistered"];
string passwordEntered = user.Password;
string passwordFromDb = objPassword.ToString();
PBKDF2Hash PwdHash = new PBKDF2Hash(passwordEntered, passwordFromDb);
bool passwordCheck = PwdHash.PasswordCheck;
if (passwordCheck == true)
{
Session["UserId"] = user.UserId;
Session["Name"] = user.Name;
Session["ICPass"] = user.ICpass;
Session["Email"] = user.Email;
Session["Password"] = user.Password;
Session["Role"] = user.Role;
Session["DateRegistered"] = user.DateRegistered;
if (Session["Role"].ToString().Equals("user"))
{
return(RedirectToAction("Index"));
}
else if (Session["Role"].ToString().Equals("admin"))
{
return(RedirectToAction("UserLists"));
}
else
{
return(RedirectToAction("Index"));
}
}
else
{
return(View());
}
}
else
{
return(View());
}
}
else
{
return(View());
}
}
protected void ButtonRegister_Click(object sender, EventArgs e)
{
string password = TextBoxPassword.Text;
PBKDF2Hash PwdHash = new PBKDF2Hash(password);
string passwordhash = PwdHash.HashedPassword;
bool enabled = true;
SqlConnection conn = new SqlConnection(ConfigurationManager.
ConnectionStrings["ConnStringStoreDB"].ConnectionString);
string sql = @"INSERT INTO admin VALUES(@adminname, @email, @phoneNo, @address, @passwordhash, @role, @enabled)";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@adminname", TextBoxAdminName.Text);
cmd.Parameters.AddWithValue("@email", TextBoxEmail.Text);
cmd.Parameters.AddWithValue("@phoneNo", TextBoxPhoneNo.Text);
cmd.Parameters.AddWithValue("@address", TextBoxAddress.Text);
cmd.Parameters.AddWithValue("@passwordhash", passwordhash);
cmd.Parameters.AddWithValue("@role", "admin");
cmd.Parameters.AddWithValue("@enabled", enabled);
try
{
conn.Open();
cmd.ExecuteNonQuery();
LabelStatus.Text = "Register Success";
LabelStatus.ForeColor = System.Drawing.Color.Green;
}
catch (SqlException ex)
{
LabelStatus.Text = ex.Message;
}
finally
{
conn.Close();
}
// Email users after done registered
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.Port = 587;
smtp.Credentials = new System.Net.NetworkCredential("*****@*****.**", "admin_1234");
smtp.EnableSsl = true;
MailMessage msg = new MailMessage();
msg.Subject = "New Users Registeration Details";
msg.Body = "New Registration Details \n\n-------------------\n\nName : " + TextBoxAdminName.Text + "\n\nEmail Address :" + TextBoxEmail.Text + "\n\nPhone Number:" + TextBoxPhoneNo.Text + "\n\nAddress:" + TextBoxAddress.Text;
string toaddress = (TextBoxEmail.Text);
msg.To.Add(toaddress);
string fromaddress = ("*****@*****.**");
msg.From = new MailAddress(fromaddress);
try
{
smtp.Send(msg);
ScriptManager.RegisterStartupScript(this, this.GetType(), "popup", "alert('Registration email has been send succesfully');", true);
}
catch
{
throw;
}
}
