protected void Button1_Click(object sender, EventArgs e) // on login { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(email_tb.Text.Trim()); // gets staff account var pass = true; if (user == null) // if staff doesnt exist { error_lb.Text = "Invalid credentials"; // generic error message to prevent brute forcing pass = false; } else { var suspended = client.CheckSuspended(user.Email); // retuns boolean, checks if staff account is suspended if (suspended) { int span = 30 - Convert.ToInt16(DateTime.Now.Subtract(Convert.ToDateTime(user.Locked_Since)).TotalMinutes); error_lb.Text = "Your account has been locked. Please wait " + span + " minutes before trying again."; // error message updates staff on the duration their account is locked for pass = false; } else // if not suspended, check password { string salt = user.Password_Salt; // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after string saltedpw = password_tb.Text.Trim() + salt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); if (hashedpw == user.Password) // if password is correct { client.CheckAttempts(user.Email, true); pass = true; } else // if password is incorrect, reduce attempts left by 1 { client.CheckAttempts(user.Email, false); error_lb.Text = "Invalid credentials"; // generic error message to prevent brute forcing pass = false; } } } if (!ValidateCaptcha()) // in the even that the captcha detects that the user is a bot { error_lb.Text = error_lb.Text + "Something went wrong, please refresh and try again."; pass = false; } if (pass) { // log in Session["LoggedIn"] = user.Email; Session["Role"] = user.Type; // sets user role as a session variable for future checks string guid = Guid.NewGuid().ToString(); Session["AuthToken"] = guid; Response.Cookies.Add(new HttpCookie("AuthToken", guid)); client.UpdateLastLogin(user.Email); Response.Redirect("Staff_Home.aspx"); } }