private void btnRegister_Click(object sender, EventArgs e) { if (txtUsername.Text == "" || txtPassword.Text == "" || txtPassword2.Text == "") { MessageBox.Show("All fields are mandatory, please fill them in.", "One or more fields are blank", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } bool uniqueUsername = Database.checkUsernameUnique(txtUsername.Text); bool passwordSame = verifyPassword(); // show an error message displaying incorrect requirements if (!uniqueUsername || !passwordSame) { string errorMessage = ""; if (!uniqueUsername) { errorMessage += String.Format("Username '{0}' is already taken, please choose another username.", txtUsername.Text); } if (!passwordSame) { errorMessage += String.Format("The passwords do not match. Please re-enter your password and ensure they are identical."); } string title = "Incorrect username or password requirements"; MessageBox.Show(errorMessage, title, MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } else { // generate a salt and hash the password byte[] salt = PasswordHashWithPBKDF2.generateSalt(); byte[] hash = PasswordHashWithPBKDF2.hashPassword(txtPassword.Text, salt); // create a new user in the database Database.createUser(txtUsername.Text, hash, salt); // clear the data so a new user can register clearData(); returnToLogin(); } }
public static bool authenticateUser(string username, string password) { MySqlConnection con = getDBConection(); MySqlCommand cmd = new MySqlCommand("SELECT UserID, PasswordHash, PasswordSalt FROM users WHERE Username = @uname", con); cmd.Parameters.Add(new MySqlParameter("@uname", username)); //Console.WriteLine(String.Format("sql: {0}", cmd.CommandText)); MySqlDataReader reader; byte[] salt = null; byte[] storedPw = null; try { con.Open(); cmd.ExecuteNonQuery(); reader = cmd.ExecuteReader(); if (reader.Read()) { User.UserID = reader.GetInt32("UserID"); salt = (byte[])reader["PasswordSalt"]; storedPw = (byte[])reader["PasswordHash"]; } else { Console.WriteLine(String.Format("Username '{0}' not found.", username)); } reader.Close(); } catch (Exception ex) { throw ex; } finally { con.Close(); } if (salt == null || storedPw == null) { return(false); } return(PasswordHashWithPBKDF2.compareWithStoredPassword(password, storedPw, salt)); }