protected void btn_submitChangePwd_Click(object sender, EventArgs e)
{
AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client();
var current_user = client.GetOneUser(Session["UserEmail"].ToString());
var new_password = HttpUtility.HtmlEncode(tb_changePwd.Text.Trim());
var pwdStrength = checkPassword(new_password);
if (pwdStrength != 5)
{
checkPasswordFeedback(new_password);
}
else
{
salt = current_user.PasswordSalt;
SHA512Managed hashing = new SHA512Managed();
string new_pwdWithSalt = new_password + salt;
byte[] newhashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(new_pwdWithSalt));
var new_finalHash = Convert.ToBase64String(newhashWithSalt);
// If new password match old password
if (new_finalHash == current_user.PasswordHash)
{
lbl_resultMsg.Text = "Error, input same as your current password";
lbl_resultMsg.ForeColor = Color.Red;
return;
}
if (current_user.PasswordChangeCoolDown > DateTime.Now)
{
lbl_resultMsg.Text = "Error, you are not allowed to change passwords repeatedly in a short span of time";
lbl_resultMsg.ForeColor = Color.Red;
return;
}
else
{
// Test whether the salt value are the same
/* lbl_resultMsg.Text = $"{new_finalHash} | {current_user.PasswordHash}";
* lbl_resultMsg.ForeColor = Color.Red;*/
if (new_finalHash == current_user.PasswordHash_1 || new_finalHash == current_user.PasswordHash_2)
{
lbl_resultMsg.Text = "Error, you are not allowed to reuse recent passwords";
lbl_resultMsg.ForeColor = Color.Red;
}
else
{
client.ChangePassword(current_user.Email, new_finalHash, current_user.PasswordHash, current_user.PasswordHash_1, current_user.PasswordHash_2);
lbl_resultMsg.Text = "Password changed successfully";
lbl_resultMsg.ForeColor = Color.Green;
}
}
}
}
