/// <summary>
/// Helper method to sign members up. Writes information to XML.
/// Called upon correct user input of account creation.
/// </summary>
private void signup()
{
int i;
string[] data = new string[4];
byte[] encrypted;
string strEncrypted = "";
string key = "";
string iv = "";
data[0] = txt_username.Text;
Aes aesAlg = Aes.Create();
// store key for de-cryption
for (i = 0; i < aesAlg.Key.Length - 1; i++)
{
key += aesAlg.Key[i].ToString() + ",";
}
key += aesAlg.Key[i].ToString();
data[2] = key;
// store iv for de-cryption
for (i = 0; i < aesAlg.IV.Length - 1; i++)
{
iv += aesAlg.IV[i].ToString() + ",";
}
iv += aesAlg.IV[i].ToString();
data[3] = iv;
// Encrypt
using (aesAlg)
{
encrypted = EncryptDecypt.EncryptStringToBytes_Aes(txt_pass.Text, aesAlg.Key, aesAlg.IV);
}
// encrypted text - password
for (i = 0; i < encrypted.Length - 1; i++)
{
strEncrypted += encrypted[i].ToString() + ",";
}
strEncrypted += encrypted[i].ToString();
data[1] = strEncrypted;
EncryptDecypt.writeXml(data, false);
Session["username"] = data[0];
Session["staff"] = false;
Response.Redirect("~/stockPage.aspx");
}
/// <summary>
/// Event handler for signup button
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btn_signup_Click(object sender, EventArgs e)
{
// clear all error labels
lbl_username_error.Text = "";
lbl_pass_error.Text = "";
lbl_pass_cnfrm_error.Text = "";
lbl_captcha_error.Text = "";
// check if username field is blank
if (txt_username.Text == null || txt_username.Text == "")
{
lbl_username_error.Text = "Email is empty!";
return;
}
// check if password is blank
if (txt_pass.Text == null || txt_pass.Text == "")
{
lbl_pass_error.Text = "Password is empty!";
return;
}
// check if passwords match
if (!txt_pass.Text.Equals(txt_pass_cnfrm.Text))
{
lbl_pass_error.Text = "Passwords do not match!";
lbl_pass_cnfrm_error.Text = "Passwords do not match!";
return;
}
// check if username is taken
string[] usrNmChk = EncryptDecypt.readXml(txt_username.Text, false);
if (usrNmChk != null && !usrNmChk[0].Equals("FILE NOT FOUND"))
{
// username was found in file
lbl_username_error.Text = "Username taken, please choose again";
txt_username.Text = "";
return;
}
// check captcha string
if (!Session["generatedString"].Equals(txt_img_string.Text))
{
lbl_captcha_error.Text = "Incorrect verify string, try again.";
return;
}
//no errors so sign member up
signup();
}
/// <summary>
/// Event handler to add staff members to the staff.xml file.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btn_add_Click(object sender, EventArgs e)
{
int i;
string[] data = new string[4];
byte[] encrypted;
string strEncrypted = "";
string key = "";
string iv = "";
data[0] = txt_username.Text;
Aes aesAlg = Aes.Create();
// store key for de-cryption
for (i = 0; i < aesAlg.Key.Length - 1; i++)
{
key += aesAlg.Key[i].ToString() + ",";
}
key += aesAlg.Key[i].ToString();
data[2] = key;
// store iv for de-cryption
for (i = 0; i < aesAlg.IV.Length - 1; i++)
{
iv += aesAlg.IV[i].ToString() + ",";
}
iv += aesAlg.IV[i].ToString();
data[3] = iv;
using (aesAlg)
{
encrypted = EncryptDecypt.EncryptStringToBytes_Aes(txt_pass.Text, aesAlg.Key, aesAlg.IV);
}
//encrypted text - password
for (i = 0; i < encrypted.Length - 1; i++)
{
strEncrypted += encrypted[i].ToString() + ",";
}
strEncrypted += encrypted[i].ToString();
data[1] = strEncrypted;
EncryptDecypt.writeXml(data, true);
}
/// <summary>
/// Event handler for a login click.
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btn_mber_login_Click(object sender, EventArgs e)
{
// check if the username has been set by the cookie logic.
if (username == null)
{
username = txt_username.Text;
}
string password = txt_pass.Text;
// clear errors
lbl_username_error.Text = "";
lbl_pass_error.Text = "";
// check if username is empty
if (username == null || username == "")
{
lbl_username_error.Text = "username is empty!";
return;
}
// check if password is empty
if (password == null || password == "")
{
lbl_pass_error.Text = "Password is empty!";
return;
}
//check if credentials are correct
string[] passWrdChk = EncryptDecypt.readXml(username, chk_staff.Checked);
if (passWrdChk == null || passWrdChk[0].Equals("FILE NOT FOUND"))
{
lbl_username_error.Text = "Username not found or incorrect, please try again";
txt_username.Text = "";
return;
}
else
{
string[] encryptedPass = passWrdChk[0].Split(',');
byte[] encryptedBytes = new byte[encryptedPass.Length];
for (int i = 0; i < encryptedPass.Length; i++)
{
encryptedBytes[i] = Convert.ToByte(encryptedPass[i]);
}
string[] strKey = passWrdChk[1].Split(',');
byte[] keyBytes = new byte[strKey.Length];
for (int i = 0; i < strKey.Length; i++)
{
keyBytes[i] = Convert.ToByte(strKey[i]);
}
string[] strIV = passWrdChk[2].Split(',');
byte[] ivBytes = new byte[strIV.Length];
for (int i = 0; i < strIV.Length; i++)
{
ivBytes[i] = Convert.ToByte(strIV[i]);
}
string decryptedPass = "";
Aes aesAlg;
using (aesAlg = Aes.Create())
{
decryptedPass = EncryptDecypt.DecryptStringFromBytes_Aes(encryptedBytes, keyBytes, ivBytes);
}
if (password.Equals(decryptedPass))
{
if (chk_remember.Checked)
{
//create user cookie
Response.Cookies["authcookie"]["username"] = username;
Response.Cookies["authcookie"].Expires = DateTime.Now.AddMonths(6);
}
//create user session
Session["username"] = username;
//staff session?
if (chk_staff.Checked)
{
Session["staff"] = true;
}
else
{
Session["staff"] = false;
}
//Access member page if everything worked
Response.Redirect("~/stockPage.aspx");
}
else
{
lbl_pass_error.Text = "Incorrect password, please try again.";
txt_pass.Text = "";
}
}
}
