protected void btn_RegisterClick(object sender, EventArgs e) { lbl_fnFeedback.Visible = false; lbl_lnFeedback.Visible = false; lbl_pwdchecker.Visible = false; lbl_emailFeedback.Visible = false; lbl_dobFeedback.Visible = false; lbl_cciFeedback.Visible = false; bool parse_result; long cciTest; DateTime dob; // Prevent XSS by sanitizing the user input with htmlencode var firstName = HttpUtility.HtmlEncode(tb_firstName.Text.Trim()); var lastName = HttpUtility.HtmlEncode(tb_lastName.Text.Trim()); var password = HttpUtility.HtmlEncode(tb_password.Text.Trim()); var emailAddress = HttpUtility.HtmlEncode(tb_emailAddress.Text.Trim()); var creditCardInfo = HttpUtility.HtmlEncode(tb_creditCardInfo.Text.Trim()); var pwdStrength = checkPassword(password); // Validation var check = true; if (Regex.IsMatch(firstName, "[^a-zA-z]")) { lbl_fnFeedback.Text = "Only uppercase and lowercase letters are allowed for name"; lbl_fnFeedback.ForeColor = Color.Red; lbl_fnFeedback.Visible = true; check = false; } if (Regex.IsMatch(lastName, "[^a-zA-z]")) { lbl_lnFeedback.Text = "Only uppercase and lowercase letters are allowed for name"; lbl_lnFeedback.ForeColor = Color.Red; lbl_lnFeedback.Visible = true; check = false; } if (firstName.Length == 0) { lbl_fnFeedback.Text = "Input required"; lbl_fnFeedback.ForeColor = Color.Red; lbl_fnFeedback.Visible = true; check = false; } if (lastName.Length == 0) { lbl_lnFeedback.Text = "Input required"; lbl_lnFeedback.ForeColor = Color.Red; lbl_lnFeedback.Visible = true; check = false; } if (emailAddress.Length == 0) { lbl_emailFeedback.Text = "Input required"; lbl_emailFeedback.ForeColor = Color.Red; lbl_emailFeedback.Visible = true; check = false; } parse_result = DateTime.TryParse(tb_dob.Text, out dob); if (!parse_result) { lbl_dobFeedback.Text = "Birth Date is invalid!"; lbl_dobFeedback.ForeColor = Color.Red; lbl_dobFeedback.Visible = true; check = false; } if (tb_creditCardInfo.Text.Trim().Length != 16) { lbl_cciFeedback.Text = $"Invalid credit card details, 16 digits required {tb_creditCardInfo.Text.Trim().Length}"; lbl_cciFeedback.ForeColor = Color.Red; lbl_cciFeedback.Visible = true; check = false; } var cc_test_result = Int64.TryParse(tb_creditCardInfo.Text.Trim(), out cciTest); if (cc_test_result == false) { lbl_cciFeedback.Text = $"Invalid credit card details, only 16 digits allowed {tb_creditCardInfo.Text.Trim()}"; lbl_cciFeedback.ForeColor = Color.Red; lbl_cciFeedback.Visible = true; check = false; } if (pwdStrength != 5) { checkPasswordFeedback(password); check = false; } // ENSURE ALL USERS USE EXCELLENT PASSWORDS! // If no problems, create user if (check == true) { // Generate random "salt" RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] saltByte = new byte[8]; // Fills array of bytes with a cryptographically strong sequence of random values rng.GetBytes(saltByte); salt = Convert.ToBase64String(saltByte); SHA512Managed hashing = new SHA512Managed(); string pwdWithSalt = password + salt; byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(password)); byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt)); finalHash = Convert.ToBase64String(hashWithSalt); RijndaelManaged cipher = new RijndaelManaged(); cipher.GenerateKey(); Key = cipher.Key; IV = cipher.IV; // Encrypt Credit Card info var encryptedCCInfo = Convert.ToBase64String(encryptData(creditCardInfo)); AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client(); int result = client.CreateUser(firstName, lastName, finalHash, salt, emailAddress, encryptedCCInfo, Convert.ToBase64String(IV), Convert.ToBase64String(Key), dob); if (result == 1) { lbl_alertmsg.Text = "You have successfully been registered"; Response.Redirect("~/Success.aspx"); } else { lbl_alertmsg.Text = "Registration failed"; } } }