protected void btn_RegisterClick(object sender, EventArgs e)
{
lbl_fnFeedback.Visible = false;
lbl_lnFeedback.Visible = false;
lbl_pwdchecker.Visible = false;
lbl_emailFeedback.Visible = false;
lbl_dobFeedback.Visible = false;
lbl_cciFeedback.Visible = false;
bool parse_result;
long cciTest;
DateTime dob;
// Prevent XSS by sanitizing the user input with htmlencode
var firstName = HttpUtility.HtmlEncode(tb_firstName.Text.Trim());
var lastName = HttpUtility.HtmlEncode(tb_lastName.Text.Trim());
var password = HttpUtility.HtmlEncode(tb_password.Text.Trim());
var emailAddress = HttpUtility.HtmlEncode(tb_emailAddress.Text.Trim());
var creditCardInfo = HttpUtility.HtmlEncode(tb_creditCardInfo.Text.Trim());
var pwdStrength = checkPassword(password);
// Validation
var check = true;
if (Regex.IsMatch(firstName, "[^a-zA-z]"))
{
lbl_fnFeedback.Text = "Only uppercase and lowercase letters are allowed for name";
lbl_fnFeedback.ForeColor = Color.Red;
lbl_fnFeedback.Visible = true;
check = false;
}
if (Regex.IsMatch(lastName, "[^a-zA-z]"))
{
lbl_lnFeedback.Text = "Only uppercase and lowercase letters are allowed for name";
lbl_lnFeedback.ForeColor = Color.Red;
lbl_lnFeedback.Visible = true;
check = false;
}
if (firstName.Length == 0)
{
lbl_fnFeedback.Text = "Input required";
lbl_fnFeedback.ForeColor = Color.Red;
lbl_fnFeedback.Visible = true;
check = false;
}
if (lastName.Length == 0)
{
lbl_lnFeedback.Text = "Input required";
lbl_lnFeedback.ForeColor = Color.Red;
lbl_lnFeedback.Visible = true;
check = false;
}
if (emailAddress.Length == 0)
{
lbl_emailFeedback.Text = "Input required";
lbl_emailFeedback.ForeColor = Color.Red;
lbl_emailFeedback.Visible = true;
check = false;
}
parse_result = DateTime.TryParse(tb_dob.Text, out dob);
if (!parse_result)
{
lbl_dobFeedback.Text = "Birth Date is invalid!";
lbl_dobFeedback.ForeColor = Color.Red;
lbl_dobFeedback.Visible = true;
check = false;
}
if (tb_creditCardInfo.Text.Trim().Length != 16)
{
lbl_cciFeedback.Text = $"Invalid credit card details, 16 digits required {tb_creditCardInfo.Text.Trim().Length}";
lbl_cciFeedback.ForeColor = Color.Red;
lbl_cciFeedback.Visible = true;
check = false;
}
var cc_test_result = Int64.TryParse(tb_creditCardInfo.Text.Trim(), out cciTest);
if (cc_test_result == false)
{
lbl_cciFeedback.Text = $"Invalid credit card details, only 16 digits allowed {tb_creditCardInfo.Text.Trim()}";
lbl_cciFeedback.ForeColor = Color.Red;
lbl_cciFeedback.Visible = true;
check = false;
}
if (pwdStrength != 5)
{
checkPasswordFeedback(password);
check = false;
}
// ENSURE ALL USERS USE EXCELLENT PASSWORDS!
// If no problems, create user
if (check == true)
{
// Generate random "salt"
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] saltByte = new byte[8];
// Fills array of bytes with a cryptographically strong sequence of random values
rng.GetBytes(saltByte);
salt = Convert.ToBase64String(saltByte);
SHA512Managed hashing = new SHA512Managed();
string pwdWithSalt = password + salt;
byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(password));
byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt));
finalHash = Convert.ToBase64String(hashWithSalt);
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
// Encrypt Credit Card info
var encryptedCCInfo = Convert.ToBase64String(encryptData(creditCardInfo));
AS_Service_Reference.Service1Client client = new AS_Service_Reference.Service1Client();
int result = client.CreateUser(firstName, lastName, finalHash, salt, emailAddress, encryptedCCInfo, Convert.ToBase64String(IV), Convert.ToBase64String(Key), dob);
if (result == 1)
{
lbl_alertmsg.Text = "You have successfully been registered";
Response.Redirect("~/Success.aspx");
}
else
{
lbl_alertmsg.Text = "Registration failed";
}
}
}