/// <summary> /// Event handler to click to save the new password into the database /// </summary> /// <param name="sender">The parameter is not used.</param> /// <param name="e">The parameter is not used.</param> private void BtnSaveNewPasswordClick(object sender, EventArgs e) { try { using (var context = new db_sft_2172Entities()) { var userQuery = from u in context.Users where u.UserID.Equals(Program.CurrentUser) select u; var userResult = userQuery.FirstOrDefault(); if (SaltedHash.Verify(userResult.PasswordSalt, userResult.Password, this.txtCurrentPassword.Text)) { if (!string.IsNullOrEmpty(this.txtNewPassword.Text) || !string.IsNullOrEmpty(this.txtConfirmPassword.Text)) { if (this.txtNewPassword.Text == this.txtConfirmPassword.Text) { // Generate salt and salted hash SaltedHash sh = new SaltedHash(this.txtNewPassword.Text); userResult.Password = sh.Hash; userResult.PasswordSalt = sh.Salt; userResult.ResetPassword = null; context.SaveChanges(); this.txtCurrentPassword.Text = string.Empty; this.txtNewPassword.Text = string.Empty; this.txtConfirmPassword.Text = string.Empty; MessageBox.Show(@"Your passsword has been saved!"); this.Close(); } else { MessageBox.Show(@"Passwords do not match!"); } } else { MessageBox.Show(@"New password or confirm password is empty!"); } } else { MessageBox.Show(@"Your current password is incorrect!"); } } } catch (SqlException sqlEx) { MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message); } catch (Exception ex) { MessageBox.Show(ex.Message); } }
/// <summary> /// Event handler to set temporary access code /// </summary> /// <param name="sender">The parameter is not used.</param> /// <param name="e">The parameter is not used.</param> private void BtnUpdateClick(object sender, EventArgs e) { // Verify that the two entered passwords match if (!this.txtTempCode.Text.Equals(this.txtConfirmTempCode.Text)) { MessageBox.Show(@"Sorry, the temporary passwords do not match. Please try again!"); // Clear the password boxes this.txtTempCode.Text = string.Empty; this.txtConfirmTempCode.Text = string.Empty; this.txtTempCode.Focus(); } else if (this.txtTempCode.Text.Equals(string.Empty)) { MessageBox.Show(@"Please enter a temporary password."); // Clear the password boxes this.txtTempCode.Text = string.Empty; this.txtConfirmTempCode.Text = string.Empty; this.txtTempCode.Focus(); } else { // Find current user, then update password in database try { using (var context = new db_sft_2172Entities()) { // Run query to get user data var userQuery = from users in context.Users where users.UserID.Equals(this.CurrentUserId) select users; User currentUser = userQuery.FirstOrDefault(); if (currentUser != null) { // Generate salt and salted hash SaltedHash sh = new SaltedHash(this.txtTempCode.Text); currentUser.Password = sh.Hash; currentUser.PasswordSalt = sh.Salt; currentUser.ResetPassword = "******"; context.SaveChanges(); // Show confirmation if save is successful MessageBox.Show(@"Temporary password updated successfully!"); } } } catch (SqlException sqlEx) { MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message); } catch (Exception ex) { MessageBox.Show(ex.Message); } // Close the form when finished this.Close(); } }
/// <summary> /// Method to match password with the database (using salted hash), then login and load the role form /// </summary> /// <param name="username">The username string entered by the user</param> /// <param name="password">The password string entered by the user</param> private void Login(string username, string password) { try { using (db_sft_2172Entities context = new db_sft_2172Entities()) { var userQuery = from u in context.Users where u.UserID.Equals(username) select u; if (userQuery.Any()) { var userResult = userQuery.FirstOrDefault(); // Determine whether user is active. If not, display a message and Logout. if (!userResult.IsActive) { MessageBox.Show( @"Sorry, this user is inactive. Please contact an administrator if you need to reactivate your account."); Program.Logout(); return; } /*************************************************************/ /** Applying salted hash technique to verify password **/ /** **/ /** If you wish to use a non-encrypted password, uncomment **/ /** the first "if" statement below **/ /** Otherwise, uncomment the second "if" to use encryption. **/ /*************************************************************/ if (SaltedHash.Verify(userResult.PasswordSalt, userResult.Password, password)) { // Update static variable containing User ID Program.CurrentUser = userResult.UserID; // If flag is set to reset password, load the Change Password form. if (userResult.ResetPassword != null) { MessageBox.Show( @"Your password is outdated and needs to be changed. Please reset your password now."); ResetMyPassword changePassword = new ResetMyPassword(); changePassword.ShowDialog(); } else { // If any of these three values are true, update static variables if (userResult.IsSupervisor) { Program.IsSupervisor = true; } if (userResult.IsAdmin) { Program.IsAdmin = true; } // Close window once finished this.Close(); } } else { MessageBox.Show(@"Sorry, invalid username or password. Please try again!"); this.txtUsername.Text = string.Empty; this.txtPassword.Text = string.Empty; this.txtUsername.Focus(); } } else { MessageBox.Show(@"Sorry, invalid username or password. Please try again!"); this.txtUsername.Text = string.Empty; this.txtPassword.Text = string.Empty; this.txtUsername.Focus(); } } } catch (SqlException sqlEx) { MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message); } catch (Exception ex) { MessageBox.Show(ex.Message); } }