//this method checks that passwords match in a login attempt
public bool checkPassword()
{
Credentials userCredentials = SecurityUserDAO.getUserCredentials(username);
if (userCredentials != null)
{
byte[] dbPass = Convert.FromBase64String(userCredentials.getPassword());
byte[] userPass = createByteArrayFromString(password);
byte[] dbSalt = createByteArrayFromString(userCredentials.getSalt());
byte[] userSaltedPass = userPass.Concat(dbSalt).ToArray();
HashAlgorithm algorithm = new SHA256Managed();
byte[] hasheduserPass = algorithm.ComputeHash(userSaltedPass);
bool match = compareByteArrays(dbPass, hasheduserPass);
if (match)
{
userId = userCredentials.getUserId();
}
return(match);
}
else
{
return(false);
}
}
public bool createNewAccount()
{
Credentials newPass = generateNewPassword();
bool created = SecurityUserDAO.createAccount(newPass); //send to db for saving, returns true if successful/false for unsuccessful
return(created);
}
//this method changes a user's password
public bool changePassword(String newPass)
{
password = newPass;
Credentials newPassword = generateNewPassword();
bool success = SecurityUserDAO.changePassword(newPassword);
return(success);
}
