public void UpdatePassword(object obj) { //gets password box values from command parameters on view var pswBoxes = obj as List <object>; PasswordBox pwdBox = pswBoxes[0] as PasswordBox; PasswordBox pwdBoxRepeat = pswBoxes[1] as PasswordBox; var password = pwdBox.Password; var passwordRepeat = pwdBoxRepeat.Password; if (string.IsNullOrEmpty(password)) { MessageBox.Show("Missing password!"); } else if (password != passwordRepeat) { MessageBox.Show("Passwords don't match!"); } else { //hashing data var hashSalt = HashSalt.GenerateSaltedHash(64, password); Queries.UpdatePassword(UserLogin, hashSalt); } }
public static void UpdatePassword(string userLogin, HashSalt hashSalt) { int userId = GetUserId(userLogin); try { // get connection string from Connections Helper Class SqlConnection conn = new SqlConnection(Connections.ConnectionString); string sql = "UPDATE dbo.Users " + "SET UserPassword, Hash=@Hash, Salt=@Salt" + " WHERE UserId=@UserId"; conn.Open(); SqlCommand cmd = new SqlCommand(sql, conn); cmd.Parameters.Add("@UserId", SqlDbType.Int).Value = userId; cmd.Parameters.Add("@Hash", SqlDbType.VarChar).Value = hashSalt.Hash; cmd.Parameters.Add("@Salt", SqlDbType.VarChar).Value = hashSalt.Salt; int result = cmd.ExecuteNonQuery(); if (result > 0) { MessageBox.Show("Data Updated!"); } } catch (SqlException ex) { string errorMessage = $"Error: {ex}"; MessageBox.Show(errorMessage); } }
public static HashSalt GenerateSaltedHash(int size, string password) { var saltBytes = new byte[size]; var provider = new RNGCryptoServiceProvider(); provider.GetNonZeroBytes(saltBytes); var salt = Convert.ToBase64String(saltBytes); var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000); var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256)); HashSalt hashSalt = new HashSalt { Hash = hashPassword, Salt = salt }; return(hashSalt); }
public LoginModel LoginUser(string password) { LoginModel login = new LoginModel { UserName = UserLogin, UserPassword = password, IsValidated = false }; if (string.IsNullOrWhiteSpace(login.UserName)) { MessageBox.Show("Missing Login!"); } else if (string.IsNullOrEmpty(login.UserPassword)) { MessageBox.Show("Missing Password!"); } else { LoginModel user = Queries.GetUser(login.UserName); if (user.UserName != null) { bool isValidated = HashSalt.VerifyPassword(password, user.Hash, user.Salt); if (isValidated) { login.UserId = user.UserId; CurrentLogin.UserId = login.UserId; login.IsValidated = true; MessageBox.Show("Login Sucessfull!"); } else { login.IsValidated = false; MessageBox.Show("Wrong Password!"); } } } return(login); }
/// <summary> /// creates user account bassed on credentials provided in create account view /// </summary> public bool CreateAccount(object obj) { //gets password box values from command parameters on view var pswBoxes = obj as List <object>; PasswordBox pwdBox = pswBoxes[0] as PasswordBox; PasswordBox pwdBoxRepeat = pswBoxes[1] as PasswordBox; var password = pwdBox.Password; var passwordRepeat = pwdBoxRepeat.Password; if (string.IsNullOrEmpty(password)) { MessageBox.Show("Missing password!"); } else if (password != passwordRepeat) { MessageBox.Show("Passwords don't match!"); } else { //hashing data var hashSalt = HashSalt.GenerateSaltedHash(64, password); AccountModel account = new AccountModel { UserLogin = UserLogin.Trim(), UserBirthday = UserBirthday, UserHeight = UserHeight, UserName = UserName, UserMail = UserMail, UserGender = UserGender, SecretQuestion = SelectedItem.Symbol, SecretAnswer = SecretAnswer, HashSalt = hashSalt }; Queries.CreateUserAccount(account); } return(true); }