protected void btnAddEmployee_Click(object sender, EventArgs e) { try { int employeeID = 0; string username = ""; string password = ""; string passwordSalt = ""; string passwordHash = ""; //get data from textboxes employeeID = Convert.ToInt32(txtEmployeeID.Text); username = txtUsername.Text; password = txtPassword.Text; System.Data.SqlClient.SqlConnection con2 = new System.Data.SqlClient.SqlConnection(); con2.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;"; con2.Open(); System.Data.SqlClient.SqlCommand command2 = new System.Data.SqlClient.SqlCommand(); command2.Connection = con2; command2.CommandText = "select top 1 UserName from dbo.Login where UserName = @UserName"; command2.Parameters.AddWithValue("@UserName", username); System.Data.SqlClient.SqlDataReader reader = command2.ExecuteReader(); if (!reader.Read()) { reader.Close(); //Make the password hash passwordHash = Login_Class.ComputeHash(password, "MD5", null); passwordSalt = "trial"; //Create login class object & save to login table Login_Class newLoginCreds = new Login_Class(employeeID, username, password, passwordHash, passwordSalt); errorMsgTxt.Text = "Login Created for EmployeeID: " + employeeID; txtUsername.Text = ""; txtPassword.Text = ""; txtEmployeeID.Text = ""; con2.Close(); } else { errorMsgTxt.Text = "Username Already Exists."; } } catch (Exception) { errorMsgTxt.Text = "Employee Already Has Login Information."; } }
protected void btnChangePswd_Click(object sender, EventArgs e) { // need to check if entered password matches password in db then go ahead ahd change password in db string currentPswdEntered = txtCurrentPswd.Text; string newPassword = txtNewPassword.Text; string confirmNewPswd = txtConfirmNew.Text; string newPasswordHash; // get password has from the database string passwordHash = ""; System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(); con.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;"; con.Open(); System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand(); command.Connection = con; command.CommandText = "select top 1 PasswordHash from dbo.login where EmployeeID = @EmployeeID"; command.Parameters.AddWithValue("@EmployeeID", Session["EmployeeID"]); passwordHash = (string)command.ExecuteScalar(); bool verify = Login_Class.VerifyHash(currentPswdEntered, "MD5", passwordHash); if (verify.ToString().Equals("True")) { // check if the new password matches the confirm new password if (confirmNewPswd.Equals(newPassword)) { // change password in database // create new hash newPasswordHash = Login_Class.ComputeHash(confirmNewPswd, "MD5", null); // update table in database //Database Connection System.Data.SqlClient.SqlConnection sc = new System.Data.SqlClient.SqlConnection(); sc.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;"; System.Data.SqlClient.SqlCommand update = new System.Data.SqlClient.SqlCommand(); update.Connection = sc; // UPDATE STATEMENT sc.Open(); update.CommandText = "update Login set Password = @newPassword, PasswordHash = @passwordHash where EmployeeID = @CurrentEmpId"; update.Parameters.AddWithValue("@newPassword", newPassword); update.Parameters.AddWithValue("@passwordHash", newPasswordHash); update.Parameters.AddWithValue("@CurrentEmpId", Session["EmployeeID"]); update.ExecuteNonQuery(); sc.Close(); //clear all textbozes and hide change password controls lblTitleChangePswd.Visible = false; lblNewPassword.Visible = false; lblCurrentPswd.Visible = false; lblConfirmNew.Visible = false; btnCancel.Visible = false; btnChangePswd.Visible = false; lblChangePswdError.Text = ""; lblChangePswdError.Visible = false; txtNewPassword.Text = ""; txtCurrentPswd.Text = ""; txtConfirmNew.Text = ""; txtConfirmNew.Visible = false; txtCurrentPswd.Visible = false; txtNewPassword.Visible = false; } else { lblChangePswdError.Text = "The Confirm New Password must match the New Password entry."; } } else { lblChangePswdError.Text = "Incorrect password."; } }
protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e) { // the Login object has both UserName and Password properties string userName = Login1.UserName; string password = Login1.Password; // the Authenticated property of the AuthenitaceEventArgs object is what // determines whether to authenticate the login or not...here we assume no e.Authenticated = false; // setting up SqlConnection and SqlCommand System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(); con.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;"; con.Open(); System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand(); command.Connection = con; // performing the query to get the person with the entered firstname command.CommandText = "select top 1 UserName, PasswordHash, PasswordSalt from dbo.login where UserName = @userName"; command.Parameters.AddWithValue("@userName", userName); System.Data.SqlClient.SqlDataReader reader = command.ExecuteReader(); // if there is such a record, read it if (reader.HasRows) { reader.Read(); String pwHash = reader["PasswordHash"].ToString(); // retrieve the password hash // use the SimpleHash object to verify the user's entered password bool verify = Login_Class.VerifyHash(password, "MD5", pwHash); // the result of the VerifyHash is a boolean; we use this to determine authentication e.Authenticated = verify; reader.Close(); if (e.Authenticated = verify) { System.Data.SqlClient.SqlConnection con1 = new System.Data.SqlClient.SqlConnection(); con1.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;"; con1.Open(); System.Data.SqlClient.SqlCommand command1 = new System.Data.SqlClient.SqlCommand(); command1.Connection = con1; command1.CommandText = "select top 1 EmployeeID from dbo.login where UserName = @userName"; command1.Parameters.AddWithValue("@userName", userName); System.Data.SqlClient.SqlDataReader reader1 = command1.ExecuteReader(); if (reader1.HasRows) { reader1.Read(); currentEmpID = reader1["EmployeeID"].ToString(); int EmpID = Int32.Parse(currentEmpID); Session.Add("EmployeeID", EmpID); reader1.Close(); } con1.Close(); System.Data.SqlClient.SqlConnection con2 = new System.Data.SqlClient.SqlConnection(); con2.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;"; con2.Open(); System.Data.SqlClient.SqlCommand command2 = new System.Data.SqlClient.SqlCommand(); command2.Connection = con2; command2.CommandText = "select top 1 ProfilePicture from dbo.Account where EmployeeID = @EmployeeID"; command2.Parameters.AddWithValue("@EmployeeID", Session["EmployeeID"]); System.Data.SqlClient.SqlDataReader reader2 = command2.ExecuteReader(); if (reader2.HasRows) { reader2.Read(); string UserPic = reader2["ProfilePicture"].ToString(); Session.Add("UserPic", UserPic); // creating session variable for user profile pic reader2.Close(); } con2.Close(); } // at this point the authentication has been determined // We will put the result in a Session variable so that other pages in the application can // see the value Session["loggedIn"] = e.Authenticated.ToString(); if (Session["loggedIn"].ToString() == "True") { int EmpId = (int)Session["EmployeeID"]; //if (EmpId == 1) //{ //Response.Redirect("~/Admin_Dashboard.Aspx"); //} //else Response.Redirect("~/Dashboard.Aspx"); } } con.Close(); }