private void SignIn_Load(object sender, EventArgs e) { try { connLogin = new OleDbConnection(connLoginString); //Make a connection to the database using the connection string connLogin.Open(); //Open the new connection } catch (Exception ex) { throw new ApplicationException("Could not open database connection: ", ex); } txtPass.MaxLength = 12; //Set the maximum input for the password box txtPass.PasswordChar = '*'; //Hide the user's password with * currentUser = Environment.UserName; //Pull the user's windows login ID try { OleDbCommand check_User_Name = new OleDbCommand("SELECT COUNT(*) FROM Accounts WHERE (UserID ='" + @currentUser + "')", connLogin); //Check to see if the user's ID is in the database by pulling the count int UserExist = (int)check_User_Name.ExecuteScalar(); //Run the sql and convert the query results into an int if (UserExist == 1) //If the query we ran is = 1, user exists, enter their name into the user text box { txtUser.Text = Environment.UserName; } else { MessageBox.Show("Your user does not exist within the database.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } } catch (Exception ex) { throw new ApplicationException("There was an issue checking your username in the database: ", ex); } try { OleDbCommand checkReset = new OleDbCommand("SELECT Reset FROM Login WHERE UserID = '" + currentUser + "'", connLogin); //Query to check and see if the user needs a password reset bool userReset = (bool)checkReset.ExecuteScalar(); if (userReset) //if the user does need a reset, this will load the reset form { PasswordReset pwForm = new PasswordReset(connLogin, currentUser); pwForm.Owner = this; pwForm.Show(); } PasswordVerifier pwResetCheck = new PasswordVerifier(); //make a new password verifier object bool verifiedPW = pwResetCheck.ExpirationReset(connLogin, currentUser, out errorMessage); //Pass the connection, current user and take back any error message if (verifiedPW && errorMessage != null) //if the error message does not come back as null, shows the warning. { MessageBox.Show(errorMessage, "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning); Show(); } else if (!verifiedPW) //if verified password comes back false, show the error and make user reset password { DialogResult resultOK = MessageBox.Show(errorMessage, "Password has expired", MessageBoxButtons.OK, MessageBoxIcon.Error); if (resultOK == DialogResult.OK) { PasswordReset pwForm = new PasswordReset(connLogin, currentUser); //pass login and user variables to the password form pwForm.Owner = this; //bring the password form up front by making it the owner. pwForm.Show(); } } } catch (Exception ex) { throw new ApplicationException("Application encountered an error while attempting to extract the password reset information from database: ", ex); } }
private void btnOK_Click(object sender, EventArgs e) { if (txtNewPW.Text == txtRetypePW.Text) //Checks to make sure that the user entered two identical passwords { try { string errorMessage; PasswordVerifier pwVerifier = new PasswordVerifier(); //New password verifier object bool verifiedPW = pwVerifier.ValidatePassword(connlogin, currentuser, txtNewPW.Text, txtOldPW.Text, out errorMessage); //Send the connection, user, and new/old password inputs to the validate password method and return an errorMessage if (verifiedPW) //If the password is verified without error { string newPWHashed; PasswordHasher newPWHasher = new PasswordHasher(); newPWHasher.passwordHasher(txtNewPW.Text, out newPWHashed); //Send the newly entered password to be salted and hashed OleDbCommand updatePW = new OleDbCommand("UPDATE Login SET [Password] = '" + @newPWHashed + "' WHERE [UserID] = '" + @currentuser + "'", connlogin); //Query to update the password updatePW.ExecuteScalar(); OleDbCommand updateReset = new OleDbCommand("UPDATE Login SET [Reset] = False WHERE [UserID] = '" + @currentuser + "'", connlogin); //Query to update the Needs a Reset flag updateReset.ExecuteScalar(); var addToday = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss"); OleDbCommand updateLastPWReset = new OleDbCommand("UPDATE Accounts SET [LastReset] = '" + @addToday + "' WHERE [UserID] = '" + @currentuser + "'", connlogin); //Query to update the Last Reset date/time updateLastPWReset.ExecuteScalar(); OleDbCommand historyQuery = new OleDbCommand("SELECT Password FROM PasswordHistory WHERE UserID = '" + @currentuser + "'", connlogin); // Query to update the password history OleDbDataAdapter historyAdapter = new OleDbDataAdapter(historyQuery); //The adapter to translate the information from the query DataTable historyTable = new DataTable(); historyAdapter.Fill(historyTable); //Add the information from the adapter to the table int totalRows = historyTable.Rows.Count; //Count the total rows in the returned table if (totalRows >= 5) //Only saving 5 passwords in the history per person { OleDbCommand updateQuery = new OleDbCommand("SELECT MIN(UpdateDate) FROM PasswordHistory WHERE UserID = '" + @currentuser + "'", connlogin); //Query to select the oldest update reset date var oldestPW = updateQuery.ExecuteScalar(); OleDbCommand deleteOldest = new OleDbCommand("DELETE FROM PasswordHistory WHERE UpdateDate = '" + @oldestPW + "'", connlogin); //Query to delete the oldest date that we just pulled deleteOldest.ExecuteNonQuery(); var updateTime = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss"); //This is the current time down to seconds for when the //new Password History entry was made string pwIDGen = DateTime.Now.ToString("yyMMddHHmmss"); //Using this date time string as the password ID. OleDbCommand insertNewPW = new OleDbCommand("INSERT INTO PasswordHistory VALUES (@pwIDGen, @currentuser, @hashedPass, @updateTime)", connlogin); //Query to add a new Password History entry //The following commands update the @ values in the query with the variables being attached insertNewPW.Parameters.AddWithValue("@pwIDGen", pwIDGen); insertNewPW.Parameters.AddWithValue("@currentuser", currentuser); insertNewPW.Parameters.AddWithValue("@hashedPass", newPWHashed); insertNewPW.Parameters.AddWithValue("@updateTime", updateTime); insertNewPW.ExecuteNonQuery(); } else { //If the password history doesnt have 5 entries, just add the new entry without deleting anything var updateTime = DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss"); string pwIDGen = DateTime.Now.ToString("yyMMddHHmmss"); OleDbCommand insertNewPW = new OleDbCommand("INSERT INTO PasswordHistory VALUES (@pwIDGen, @currentuser, @hashedPass, @updateTime)", connlogin); insertNewPW.Parameters.AddWithValue("@pwIDGen", pwIDGen); insertNewPW.Parameters.AddWithValue("@currentuser", currentuser); insertNewPW.Parameters.AddWithValue("@hashedPass", newPWHashed); insertNewPW.Parameters.AddWithValue("@updateTime", updateTime); insertNewPW.ExecuteNonQuery(); } Close(); } else { MessageBox.Show(errorMessage, "Password Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } catch (Exception ex) { throw new ApplicationException("There was an error while updating your password: "******"Passwords Do Not Match.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }