protected void btnAddEmployee_Click(object sender, EventArgs e)
{
try
{
int employeeID = 0;
string username = "";
string password = "";
string passwordSalt = "";
string passwordHash = "";
//get data from textboxes
employeeID = Convert.ToInt32(txtEmployeeID.Text);
username = txtUsername.Text;
password = txtPassword.Text;
System.Data.SqlClient.SqlConnection con2 = new System.Data.SqlClient.SqlConnection();
con2.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;";
con2.Open();
System.Data.SqlClient.SqlCommand command2 = new System.Data.SqlClient.SqlCommand();
command2.Connection = con2;
command2.CommandText = "select top 1 UserName from dbo.Login where UserName = @UserName";
command2.Parameters.AddWithValue("@UserName", username);
System.Data.SqlClient.SqlDataReader reader = command2.ExecuteReader();
if (!reader.Read())
{
reader.Close();
//Make the password hash
passwordHash = Login_Class.ComputeHash(password, "MD5", null);
passwordSalt = "trial";
//Create login class object & save to login table
Login_Class newLoginCreds = new Login_Class(employeeID, username, password, passwordHash, passwordSalt);
errorMsgTxt.Text = "Login Created for EmployeeID: " + employeeID;
txtUsername.Text = "";
txtPassword.Text = "";
txtEmployeeID.Text = "";
con2.Close();
}
else
{
errorMsgTxt.Text = "Username Already Exists.";
}
}
catch (Exception)
{
errorMsgTxt.Text = "Employee Already Has Login Information.";
}
}
protected void btnChangePswd_Click(object sender, EventArgs e)
{
// need to check if entered password matches password in db then go ahead ahd change password in db
string currentPswdEntered = txtCurrentPswd.Text;
string newPassword = txtNewPassword.Text;
string confirmNewPswd = txtConfirmNew.Text;
string newPasswordHash;
// get password has from the database
string passwordHash = "";
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection();
con.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;";
con.Open();
System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand();
command.Connection = con;
command.CommandText = "select top 1 PasswordHash from dbo.login where EmployeeID = @EmployeeID";
command.Parameters.AddWithValue("@EmployeeID", Session["EmployeeID"]);
passwordHash = (string)command.ExecuteScalar();
bool verify = Login_Class.VerifyHash(currentPswdEntered, "MD5", passwordHash);
if (verify.ToString().Equals("True"))
{
// check if the new password matches the confirm new password
if (confirmNewPswd.Equals(newPassword))
{
// change password in database
// create new hash
newPasswordHash = Login_Class.ComputeHash(confirmNewPswd, "MD5", null);
// update table in database
//Database Connection
System.Data.SqlClient.SqlConnection sc = new System.Data.SqlClient.SqlConnection();
sc.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;";
System.Data.SqlClient.SqlCommand update = new System.Data.SqlClient.SqlCommand();
update.Connection = sc;
// UPDATE STATEMENT
sc.Open();
update.CommandText = "update Login set Password = @newPassword, PasswordHash = @passwordHash where EmployeeID = @CurrentEmpId";
update.Parameters.AddWithValue("@newPassword", newPassword);
update.Parameters.AddWithValue("@passwordHash", newPasswordHash);
update.Parameters.AddWithValue("@CurrentEmpId", Session["EmployeeID"]);
update.ExecuteNonQuery();
sc.Close();
//clear all textbozes and hide change password controls
lblTitleChangePswd.Visible = false;
lblNewPassword.Visible = false;
lblCurrentPswd.Visible = false;
lblConfirmNew.Visible = false;
btnCancel.Visible = false;
btnChangePswd.Visible = false;
lblChangePswdError.Text = "";
lblChangePswdError.Visible = false;
txtNewPassword.Text = "";
txtCurrentPswd.Text = "";
txtConfirmNew.Text = "";
txtConfirmNew.Visible = false;
txtCurrentPswd.Visible = false;
txtNewPassword.Visible = false;
}
else
{
lblChangePswdError.Text = "The Confirm New Password must match the New Password entry.";
}
}
else
{
lblChangePswdError.Text = "Incorrect password.";
}
}
protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e)
{
// the Login object has both UserName and Password properties
string userName = Login1.UserName;
string password = Login1.Password;
// the Authenticated property of the AuthenitaceEventArgs object is what
// determines whether to authenticate the login or not...here we assume no
e.Authenticated = false;
// setting up SqlConnection and SqlCommand
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection();
con.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;";
con.Open();
System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand();
command.Connection = con;
// performing the query to get the person with the entered firstname
command.CommandText = "select top 1 UserName, PasswordHash, PasswordSalt from dbo.login where UserName = @userName";
command.Parameters.AddWithValue("@userName", userName);
System.Data.SqlClient.SqlDataReader reader = command.ExecuteReader();
// if there is such a record, read it
if (reader.HasRows)
{
reader.Read();
String pwHash = reader["PasswordHash"].ToString(); // retrieve the password hash
// use the SimpleHash object to verify the user's entered password
bool verify = Login_Class.VerifyHash(password, "MD5", pwHash);
// the result of the VerifyHash is a boolean; we use this to determine authentication
e.Authenticated = verify;
reader.Close();
if (e.Authenticated = verify)
{
System.Data.SqlClient.SqlConnection con1 = new System.Data.SqlClient.SqlConnection();
con1.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;";
con1.Open();
System.Data.SqlClient.SqlCommand command1 = new System.Data.SqlClient.SqlCommand();
command1.Connection = con1;
command1.CommandText = "select top 1 EmployeeID from dbo.login where UserName = @userName";
command1.Parameters.AddWithValue("@userName", userName);
System.Data.SqlClient.SqlDataReader reader1 = command1.ExecuteReader();
if (reader1.HasRows)
{
reader1.Read();
currentEmpID = reader1["EmployeeID"].ToString();
int EmpID = Int32.Parse(currentEmpID);
Session.Add("EmployeeID", EmpID);
reader1.Close();
}
con1.Close();
System.Data.SqlClient.SqlConnection con2 = new System.Data.SqlClient.SqlConnection();
con2.ConnectionString = "Data Source=aaixxyrfluc2wz.ctt4oijc6ckc.us-east-1.rds.amazonaws.com;Initial Catalog=Lab4;User ID=Tweedljm;Password=Promise96!;";
con2.Open();
System.Data.SqlClient.SqlCommand command2 = new System.Data.SqlClient.SqlCommand();
command2.Connection = con2;
command2.CommandText = "select top 1 ProfilePicture from dbo.Account where EmployeeID = @EmployeeID";
command2.Parameters.AddWithValue("@EmployeeID", Session["EmployeeID"]);
System.Data.SqlClient.SqlDataReader reader2 = command2.ExecuteReader();
if (reader2.HasRows)
{
reader2.Read();
string UserPic = reader2["ProfilePicture"].ToString();
Session.Add("UserPic", UserPic); // creating session variable for user profile pic
reader2.Close();
}
con2.Close();
}
// at this point the authentication has been determined
// We will put the result in a Session variable so that other pages in the application can
// see the value
Session["loggedIn"] = e.Authenticated.ToString();
if (Session["loggedIn"].ToString() == "True")
{
int EmpId = (int)Session["EmployeeID"];
//if (EmpId == 1)
//{
//Response.Redirect("~/Admin_Dashboard.Aspx");
//}
//else
Response.Redirect("~/Dashboard.Aspx");
}
}
con.Close();
}
