public static DataTable userLogin(string email, string pass)
{
//this trys to find the account
DataTable dt = new DataTable();
//gets salt
string salt = getUserSalt(email);
//hashes password with user salt and supplied password.
string password = SystemMethods.hash(pass, salt);
SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["SE265_Huth"].ConnectionString);
SqlCommand cmd = new SqlCommand("stpLogin", cn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@email", SqlDbType.VarChar).Value = email;
cmd.Parameters.Add("@pass", SqlDbType.VarChar).Value = password;
SqlDataAdapter data = new SqlDataAdapter(cmd);
try
{
cn.Open();
data.Fill(dt);
}
catch (Exception ex)
{
}
finally
{
cn.Close();
}
return(dt);
}
protected void btnChange_Click(object sender, EventArgs e)
{
//checks your new password.
if (txtPass.Text != null && txtPass.Text == txtPass2.Text)
{
string salt = SystemMethods.saltMaker();
string hashed = SystemMethods.hash(txtPass.Text, salt);
try
{
//changes password. then hasthem login
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Request.Cookies["mysite.ASPXAUTH"].Value);
SystemMethods.executeStoredProcedureWithVars("stpUserUpdatePassword", new string[3, 3] {
{ "@userId", Int32.Parse(ticket.Name).ToString(), "int" },
{ "@pass", hashed, "varChar" },
{ "@salt", salt, "varChar" }
});
Response.Redirect("~/login.aspx");
}
catch (Exception ex)
{
Response.Redirect("~/login.aspx");
}
}
else
{
labError.Text = "Please Enter New password.";
}
}
protected void btnDelete_Click(object sender, EventArgs e)
{
if (btnDelete.Text[0] == 'A')
{
//error check
if (txtFirstName.Text == null || txtLastName.Text == null || txtEmployeeId == null || txtEmail.Text == null || txtChangePassword.Text == null)
{
labError.Text = "Please fill out all info.";
}
else
{
//adds user
string thesalt = SystemMethods.saltMaker();
string password = SystemMethods.hash(txtChangePassword.Text, thesalt);
SystemMethods.executeStoredProcedureWithVars("stpInsertUser", new string[7, 3] {
{ "@firstName", txtFirstName.Text, "varChar" },
{ "@lastName", txtLastName.Text, "varChar" },
{ "@email", txtEmail.Text, "varChar" },
{ "@employeeId", txtEmployeeId.Text, "varChar" },
{ "@pass", password, "varChar" },
{ "@salt", thesalt, "varChar" },
{ "@role", drpRole.SelectedValue, "int" }
});
}
Response.Redirect("~/lvl1_adminUser.aspx");
}
else if (btnDelete.Text[0] == 'D')
{
//makes sure you are not deleteing yourself or a superUser.
//you also can not downgrade yourself.
//this is to make sure there will always be 1 super admin left.
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(Request.Cookies["mysite.ASPXAUTH"].Value);
if (ticket.Name.ToString() == Page.RouteData.Values["userId"].ToString())
{
labError.Text = "you can not delete yourself";
}
else
{
if (SystemMethods.getDataTableFromStoredProcedureWithVars("stpGetUserRole",
new string[1, 3] {
{ "@userId", Page.RouteData.Values["userId"].ToString(), "varChar" }
}
).Rows[0]["roleId"].ToString()
== "4" && ticket.UserData.ToString() != "4"
)
{
labError.Text = "you can not delete superUser";
}
else
{
SystemMethods.executeStoredProcedureWithVars("stpDeleteUser", new string[1, 3] {
{ "@userId", Page.RouteData.Values["userId"].ToString(), "int" }
});
Response.Redirect("~/lvl1_adminUser.aspx");
}
}
}
}
private void updatePass()
{
//hashes pass and sends data also.
string thesalt = SystemMethods.saltMaker();
SystemMethods.executeStoredProcedureWithVars("stpUpdatePassword", new string[3, 3] {
{ "@userId", Page.RouteData.Values["userId"].ToString(), "int" },
{ "@pass", SystemMethods.hash(txtChangePassword.Text, thesalt), "varChar" },
{ "@salt", thesalt, "varChar" }
});
}
public static bool createUser(string firstname, string lastname, string email, string empId, string password, string salt, int role)
{
try
{
//this creates a user...
SystemMethods.executeStoredProcedureWithVars("stpInsertUser",
new string[7, 3] {
{ "@firstName", firstname, "varchar" },
{ "@lastName", lastname, "varchar" },
{ "@email", email, "varchar" },
{ "@employeeId", empId, "varchar" },
{ "@pass", SystemMethods.hash(password, salt), "varchar" },
{ "@salt", salt, "varchar" },
{ "@role", role.ToString(), "int" },
}
);
}
catch (Exception ex)
{
return(false);
}
return(true);
}