//this method checks that passwords match in a login attempt public bool checkPassword() { Credentials userCredentials = SecurityUserDAO.getUserCredentials(username); if (userCredentials != null) { byte[] dbPass = Convert.FromBase64String(userCredentials.getPassword()); byte[] userPass = createByteArrayFromString(password); byte[] dbSalt = createByteArrayFromString(userCredentials.getSalt()); byte[] userSaltedPass = userPass.Concat(dbSalt).ToArray(); HashAlgorithm algorithm = new SHA256Managed(); byte[] hasheduserPass = algorithm.ComputeHash(userSaltedPass); bool match = compareByteArrays(dbPass, hasheduserPass); if (match) { userId = userCredentials.getUserId(); } return(match); } else { return(false); } }
public bool createNewAccount() { Credentials newPass = generateNewPassword(); bool created = SecurityUserDAO.createAccount(newPass); //send to db for saving, returns true if successful/false for unsuccessful return(created); }
//this method changes a user's password public bool changePassword(String newPass) { password = newPass; Credentials newPassword = generateNewPassword(); bool success = SecurityUserDAO.changePassword(newPassword); return(success); }