private void btn_Login(object sender, EventArgs e)
{
//Checks for Username and Password. If it finds each (as a pair) in the Database, it will login,
//otherwise a Messagebox will pop up, telling the user, the login attempt failed.
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("@usr", txt_username.Text);
con.Open();
//Create a Reader, who just executes the Command, it should have a User now. Hash that password and verify it with the plaintext, the user just entered.
MySqlDataReader reader = cmd.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
if (BCrypt.CheckPassword(txt_password.Text, reader.GetString(2)))
{
this.Hide();
LoadingScreen ls = new LoadingScreen();
ls.Show();
//Reactivate after finishing
//System.Threading.Thread.Sleep(3000);
ls.Close();
ls.Dispose();
//Send the User ID (which is at Array[0]), so that the main program actually knows, who its working with.
MainForm mw = new MainForm(reader.GetInt32(0));
mw.Show();
}
}
}
else
{
MessageBox.Show("Falsche Login Daten", "Fehler", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
con.Close();
}
/// <summary>
/// Hash a password using the OpenBSD bcrypt scheme.
/// </summary>
/// <param name="password">The password to hash.</param>
/// <param name="salt">The salt to hash with (perhaps generated
/// using <c>BCrypt.GenerateSalt</c>).</param>
/// <returns>The hashed password.</returns>
public static string HashPassword(string password, string salt)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
if (salt == null)
{
throw new ArgumentNullException("salt");
}
char minor = (char)0;
if (salt[0] != '$' || salt[1] != '2')
{
throw new ArgumentException("Invalid salt version");
}
int offset;
if (salt[1] != '$')
{
minor = salt[2];
if (minor != 'a' || salt[3] != '$')
{
throw new ArgumentException("Invalid salt revision");
}
offset = 4;
}
else
{
offset = 3;
}
// Extract number of rounds
if (salt[offset + 2] > '$')
{
throw new ArgumentException("Missing salt rounds");
}
int rounds = Int32.Parse(salt.Substring(offset, 2), NumberFormatInfo.InvariantInfo);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password + (minor >= 'a' ? "\0" : String.Empty));
byte[] saltBytes = DecodeBase64(salt.Substring(offset + 3, 22),
BCRYPT_SALT_LEN);
BCrypt bcrypt = new BCrypt();
byte[] hashed = bcrypt.CryptRaw(passwordBytes, saltBytes, rounds);
StringBuilder rs = new StringBuilder();
rs.Append("$2");
if (minor >= 'a')
{
rs.Append(minor);
}
rs.Append('$');
if (rounds < 10)
{
rs.Append('0');
}
rs.Append(rounds);
rs.Append('$');
rs.Append(EncodeBase64(saltBytes, saltBytes.Length));
rs.Append(EncodeBase64(hashed,
(bf_crypt_ciphertext.Length * 4) - 1));
return(rs.ToString());
}
private void btn_Create_Click(object sender, EventArgs e)
{
if (string.IsNullOrWhiteSpace(txt_username.Text) || string.IsNullOrWhiteSpace(txt_password.Text) || string.IsNullOrWhiteSpace(cmb_role.SelectedItem.ToString()))
{
MessageBox.Show("Bitte füllen Sie alle angegebenen Felder sorgfältig aus.", "Fehler", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
MySqlConnection con = new MySqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["MySql"].ConnectionString);
String HashedPassword = BCrypt.HashPassword(txt_password.Text, BCrypt.GenerateSalt());
MySqlCommand cmd = new MySqlCommand("INSERT INTO `Login` (`id`, `username`, `password`, `role`) VALUES (NULL, '" + txt_username.Text + "', '" + HashedPassword + "', '" + cmb_role.SelectedItem.ToString() + "');", con);
try
{
con.Open();
cmd.ExecuteNonQuery();
con.Close();
this.Close();
}
catch (Exception ex)
{
MessageBox.Show("Ein unerwarteter Fehler ist beim Erstellen eines neuen Benutzers aufgetreten. Bitte versuchen Sie es erneut.", "Fehler", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}