Esempio n. 1
0
        protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e)
        {
            if (FormsAuthentication.CookiesSupported == true)
            {
                if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
                {
                    try
                    {
                        //let us take out the username now
                        string username   = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
                        string signInType = "";

                        if (Request.Cookies["UserCookie"] != null)
                        {
                            var cookie = Request.Cookies["UserCookie"];
                            signInType = ClassHashing.basicDecryption(cookie.Values["SignInType"].ToString());
                        }


                        //let us extract the roles from our own custom cookie
                        string roles = UserVerification.GetUserRoles(username, signInType);

                        //Let us set the Pricipal with our user specific details
                        e.User = new System.Security.Principal.GenericPrincipal(
                            new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';'));
                    }
                    catch (Exception ex)
                    {
                        throw new Exception(ex.ToString());
                    }
                }
            }
        }
        protected void Button1_Click(object sender, EventArgs e)
        {
            byte[] generatedSalt = ClassHashing.generateSalt();
            byte[] hashPassword  = ClassHashing.generateSaltedHash(txtPassword.Text, generatedSalt);



            //string abc = "Salt:" + Convert.ToBase64String(generatedSalt) + "\n";
            //abc = abc + "hashedPassword 1:" + Convert.ToBase64String(hashPassword) + "\n";
            //abc = abc + "hashedPassword 2:" + Convert.ToBase64String(ClassHashing.generateSaltedHash(TextBox3.Text, generatedSalt));
            //Button1.Text = abc;

            try
            {
                SqlConnection conPrint;
                string        connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
                conPrint = new SqlConnection(connStr);
                conPrint.Open();

                string     strInsert;
                SqlCommand cmdInsert;

                strInsert = "Insert Into Customer (CustomerName, CustomerEmail, CustomerPassword, CustomerDOB, CustomerPhoneNo, CustomerContactMethod, CustomerSalt) Values ( @CustomerName, @CustomerEmail, @CustomerPassword, @CustomerDOB, @CustomerPhoneNo, @CustomerContactMethod, @CustomerSalt)";


                cmdInsert = new SqlCommand(strInsert, conPrint);
                //cmdInsert.Parameters.AddWithValue("@CustomerID", TextBox6.Text); (not neccessary as database will handle with trigger)
                cmdInsert.Parameters.AddWithValue("@CustomerName", txtName.Text);
                cmdInsert.Parameters.AddWithValue("@CustomerEmail", txtEmail.Text);
                cmdInsert.Parameters.AddWithValue("@CustomerPassword", hashPassword);
                cmdInsert.Parameters.AddWithValue("@CustomerDOB", Convert.ToDateTime(txtDOB.Text));
                cmdInsert.Parameters.AddWithValue("@CustomerPhoneNo", txtPhoneNumber.Text);
                cmdInsert.Parameters.AddWithValue("@CustomerContactMethod", rblMethod.SelectedValue);
                cmdInsert.Parameters.AddWithValue("@CustomerSalt", generatedSalt);

                int n = cmdInsert.ExecuteNonQuery();

                if (n > 0)
                {
                    MessageBox.Show("Sign up done. Redirecting to homepage.", "Congratulation !!",
                                    MessageBoxButtons.OK,
                                    MessageBoxIcon.Exclamation,
                                    MessageBoxDefaultButton.Button1);
                    //Response.Write("<script LANGUAGE='JavaScript' >alert('Register Successfully')</script>");
                    Response.Redirect("Login.aspx");
                }
                else
                {
                    Response.Write("<script LANGUAGE='JavaScript' >alert('sign up failded')</script>");
                }
                conPrint.Close();
            }
            catch (SqlException ex)
            {
                Response.Write("<script LANGUAGE='JavaScript' >alert('Something gone wrong with the database.')</script>");
            }
        }
        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            if (ViewState["StaffID"] != null)
            {
                SqlConnection conPrintDB;
                string        connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
                conPrintDB = new SqlConnection(connStr);
                conPrintDB.Open();
                try
                {
                    string     strUpdate;
                    SqlCommand cmdUpdate;

                    strUpdate = "Update CompanyStaff SET StaffPassword = @password ,StaffSalt = @salt WHERE StaffID = @staffID";

                    byte[] generatedSalt = ClassHashing.generateSalt();
                    byte[] hashPassword  = ClassHashing.generateSaltedHash(txtPassword.Text, generatedSalt);


                    cmdUpdate = new SqlCommand(strUpdate, conPrintDB);
                    cmdUpdate.Parameters.AddWithValue("@password", hashPassword);
                    cmdUpdate.Parameters.AddWithValue("@salt", generatedSalt);
                    cmdUpdate.Parameters.AddWithValue("@staffID", ClassHashing.basicDecryption((string)ViewState["StaffID"]));


                    int n = cmdUpdate.ExecuteNonQuery();
                    if (n > 0)
                    {
                        Response.Write("<script LANGUAGE='JavaScript' >alert('Successfully activated your account. Redirecting to login page.')</script>");
                        Response.Redirect("Login.aspx");
                    }
                    else
                    {
                        lblMessage.Text       = "Unable to update account inforation. Please try again later.";
                        messageHolder.Visible = true;
                    }
                }
                catch (Exception ex)
                {
                    lblMessage.Text       = "An error occured when setting the password to the account :" + ex.ToString();
                    messageHolder.Visible = true;
                }
                finally
                {
                    conPrintDB.Close();
                }
            }
            else
            {
                lblMessage.Text       = "Unable to retrieve account inforation. Please try again later.";
                messageHolder.Visible = true;
            }
        }
        protected void Button2_Click(object sender, EventArgs e)
        {
            try
            {
                if (txtNewPassword.Text.Equals(txtComfirmPassword.Text))
                {
                    byte[] generatedSalt = ClassHashing.generateSalt();
                    byte[] hashPassword  = ClassHashing.generateSaltedHash(txtNewPassword.Text, generatedSalt);

                    //received customerID from forgetPassword.
                    string customerID = (string)(Session["CustomerID"]);

                    SqlConnection conPrint;
                    string        connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;
                    conPrint = new SqlConnection(connStr);
                    conPrint.Open();

                    string     strInsert;
                    SqlCommand cmdInsert;


                    strInsert = "Update Customer SET CustomerPassword = @CustomerPassword, CustomerSalt = @CustomerSalt WHERE CustomerID = @customerID";


                    cmdInsert = new SqlCommand(strInsert, conPrint);
                    cmdInsert.Parameters.AddWithValue("@CustomerPassword", hashPassword);
                    cmdInsert.Parameters.AddWithValue("@CustomerSalt", generatedSalt);
                    cmdInsert.Parameters.AddWithValue("@customerID", customerID);

                    int n = cmdInsert.ExecuteNonQuery();

                    conPrint.Close();

                    Response.Write("<script LANGUAGE='JavaScript' >alert('Successful ResetPassword.')</script>");
                    Response.Redirect("Login.aspx");
                }
                else
                {
                    Response.Write("<script LANGUAGE='JavaScript' >alert('Comfirm Password invalid.')</script>");
                }
            }
            catch {
                Response.Write("<script LANGUAGE='JavaScript' >alert('Please fill in the password.')</script>");
            }
        }
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                try
                {
                    if (Request.QueryString["VC"] != null)
                    {
                        string verificationCode = Request.QueryString["VC"];
                        string staffID          = UserVerification.activateStaff(verificationCode);

                        if (staffID != null)
                        {
                            showPassForm();
                            messageHolder.Visible = false;
                            ViewState["StaffID"]  = ClassHashing.basicEncryption(staffID);
                        }
                        else
                        {
                            lblMessage.Text       = "The link is not valid. Please make sure you get the right link.";
                            messageHolder.Visible = true;
                            hidePassForm();
                        }
                    }
                    else
                    {
                        lblMessage.Text       = "The link is not valid. Please make sure you get the right link.";
                        messageHolder.Visible = true;
                        hidePassForm();
                    }
                } catch (Exception ex)
                {
                    lblMessage.Text       = "The link is not valid. Please make sure you get the right link.";
                    messageHolder.Visible = true;
                    hidePassForm();
                }
            }
        }
        protected void btnCompanySubmit_Click1(object sender, EventArgs e)
        {
            byte[] generatedSalt = ClassHashing.generateSalt();
            byte[] hashPassword  = ClassHashing.generateSaltedHash(txtStaffPassword.Text, generatedSalt);


            //try
            //{



            SqlConnection conPrint;
            SqlConnection conOwner;

            string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString;

            conPrint = new SqlConnection(connStr);
            conOwner = new SqlConnection(connStr);

            conPrint.Open();

            string     strInsert;
            SqlCommand cmdInsert;

            strInsert = "Insert Into Company (CompanyName, CompanyAddress, CompanyContactNo, CompanyEmail) Values ( @CompanyName, @CompanyAddress, @CompanyContactNo, @CompanyEmail);SELECT MAX(CompanyID) from Company where CompanyName=@CompanyName and CompanyContactNo=@CompanyContactNo ";


            cmdInsert = new SqlCommand(strInsert, conPrint);
            cmdInsert.Parameters.AddWithValue("@CompanyName", txtName.Text);
            cmdInsert.Parameters.AddWithValue("@CompanyAddress", txtAddress.Text);
            cmdInsert.Parameters.AddWithValue("@CompanyContactNo", txtContNo.Text);
            cmdInsert.Parameters.AddWithValue("@CompanyEmail", txtEmail.Text);
            var getCompanyId = cmdInsert.ExecuteScalar();


            if (getCompanyId != null)
            {
                conOwner.Open();

                string     strOwnerInsert;
                SqlCommand cmdCompanyInsert;
                strOwnerInsert = "Insert Into CompanyStaff (StaffName, StaffEmail, StaffPassword, StaffNRIC, StaffDOB, StaffPhoneNo, StaffSalt, StaffRole, CompanyID) Values ( @StaffName, @StaffEmail, @StaffPassword, @StaffNRIC, @StaffDOB, @StaffPhoneNo, @StaffSalt, @StaffRole, @CompanyID)";

                cmdCompanyInsert = new SqlCommand(strOwnerInsert, conOwner);
                cmdCompanyInsert.Parameters.AddWithValue("@StaffName", txtStaffName.Text);
                cmdCompanyInsert.Parameters.AddWithValue("@StaffEmail", txtStaffEmail.Text);
                cmdCompanyInsert.Parameters.AddWithValue("@StaffPassword", hashPassword);
                cmdCompanyInsert.Parameters.AddWithValue("@StaffNRIC", txtStaffNRIC.Text);
                cmdCompanyInsert.Parameters.AddWithValue("@StaffDOB", Convert.ToDateTime(txtCalender.Text));
                cmdCompanyInsert.Parameters.AddWithValue("@StaffPhoneNo", txtStaffPhoneNumber.Text);
                cmdCompanyInsert.Parameters.AddWithValue("@StaffSalt", generatedSalt);
                cmdCompanyInsert.Parameters.AddWithValue("@StaffRole", UserVerification.ROLE_ADMIN);
                cmdCompanyInsert.Parameters.AddWithValue("@CompanyID", getCompanyId);
                cmdCompanyInsert.ExecuteNonQuery();

                conOwner.Close();

                Response.Write("<script LANGUAGE='JavaScript' >alert('Login Successful')</script>");
                Response.Redirect("~/Login.aspx");
            }
            else
            {
                Response.Write("<script LANGUAGE='JavaScript' >alert('sign up failded')</script>");
            }



            conPrint.Close();

            //}
            //catch (SqlException ex)
            //{
            //    Response.Write("<script LANGUAGE='JavaScript' >alert('Something gone wrong with the database.')</script>");
            //}
        }