protected void Button1_Click(object sender, EventArgs e)
{
DbLayer db = new DbLayer();
// Validation Old Password
bool bCheckPwdOld = PasswordCheck.IsValidPassword(tbOldPwd.Text, 8, 4, true, true, true, true);
if (!bCheckPwdOld)
{
string script = "alert(\"At least 8 characters, all strong conditions met (>= 8 chars with 1 or more UC letters, LC letters, digits & special chars)\");";
ScriptManager.RegisterStartupScript(this, GetType(),
"ServerControlScript", script, true);
return;
} //A1contact!
string passwordHashSha256 = db.getUserPwd(tbEmail.Text);
if (passwordHashSha256 == null)
{
string script = "alert(\"Try Again!\");";
ScriptManager.RegisterStartupScript(this, GetType(),
"ServerControlScript", script, true);
return;
}
// Hashing Password
string pwdOldCheck = "";
if (Request.Cookies["user"].Value.Length / 3 == 0)
{
pwdOldCheck = SimpleHash.VerifyHash(tbOldPwd.Text, "SHA2", passwordHashSha256).ToString();
}
else if (Request.Cookies["user"].Value.Length / 3 == 2)
{
pwdOldCheck = SimpleHash.VerifyHash(tbOldPwd.Text, "SHA256", passwordHashSha256).ToString();
}
else
{
pwdOldCheck = SimpleHash.VerifyHash(tbOldPwd.Text, "SHA512", passwordHashSha256).ToString();
}
if (pwdOldCheck.Equals("False"))
{
string script = "alert(\"Input Correct Password!\");";
ScriptManager.RegisterStartupScript(this, GetType(),
"ServerControlScript", script, true);
return;
}
// Validation Password
bool bCheckPwd = PasswordCheck.IsValidPassword(tbRegPwd.Text, 8, 4, true, true, true, true);
if (!bCheckPwd)
{
string script = "alert(\"At least 8 characters, all strong conditions met (>= 8 chars with 1 or more UC letters, LC letters, digits & special chars)\");";
ScriptManager.RegisterStartupScript(this, GetType(),
"ServerControlScript", script, true);
return;
} //A1contact!
string pwd = "";
if (tbUserName.Text.Length / 3 == 0)
{
pwd = SimpleHash.ComputeHash(tbRegPwd.Text, "SHA1", null);
}
else if (tbUserName.Text.Length / 3 == 2)
{
pwd = SimpleHash.ComputeHash(tbRegPwd.Text, "SHA256", null);
}
else
{
pwd = SimpleHash.ComputeHash(tbRegPwd.Text, "SHA512", null);
}
//int id = db.getMaxUser();
db.UpdateUserPwd(userID, pwd);
Response.Redirect("Login.aspx");
}
static void Main(string[] args)
{
string password = "******"; // original password
string wrongPassword = "******"; // wrong password
string passwordHashMD5 =
SimpleHash.ComputeHash(password, "MD5", null);
string passwordHashSha1 =
SimpleHash.ComputeHash(password, "SHA1", null);
string passwordHashSha256 =
SimpleHash.ComputeHash(password, "SHA256", null);
string passwordHashSha384 =
SimpleHash.ComputeHash(password, "SHA384", null);
string passwordHashSha512 =
SimpleHash.ComputeHash(password, "SHA512", null);
Console.WriteLine("COMPUTING HASH VALUES\r\n");
Console.WriteLine("MD5 : {0}", passwordHashMD5);
Console.WriteLine("SHA1 : {0}", passwordHashSha1);
Console.WriteLine("SHA256: {0}", passwordHashSha256);
Console.WriteLine("SHA384: {0}", passwordHashSha384);
Console.WriteLine("SHA512: {0}", passwordHashSha512);
Console.WriteLine("");
Console.WriteLine("COMPARING PASSWORD HASHES\r\n");
Console.WriteLine("MD5 (good): {0}",
SimpleHash.VerifyHash(
password, "MD5",
passwordHashMD5).ToString());
Console.WriteLine("MD5 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "MD5",
passwordHashMD5).ToString());
Console.WriteLine("SHA1 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA1",
passwordHashSha1).ToString());
Console.WriteLine("SHA1 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA1",
passwordHashSha1).ToString());
Console.WriteLine("SHA256 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA256",
passwordHashSha256).ToString());
Console.WriteLine("SHA256 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA256",
passwordHashSha256).ToString());
Console.WriteLine("SHA384 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA384",
passwordHashSha384).ToString());
Console.WriteLine("SHA384 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA384",
passwordHashSha384).ToString());
Console.WriteLine("SHA512 (good): {0}",
SimpleHash.VerifyHash(
password, "SHA512",
passwordHashSha512).ToString());
Console.WriteLine("SHA512 (bad) : {0}",
SimpleHash.VerifyHash(
wrongPassword, "SHA512",
passwordHashSha512).ToString());
}
