コード例 #1
0
        protected void btnAdminLogin_Click(object sender, EventArgs e)
        {

            string AdminUsername = txtAdminUsername.Text;
            string AdminPassword = txtAdminPassword.Text;

            AdminObj AdminObject = new AdminObj();

            BLLRecruiterWebsiteManager BllManager = new BLL.BLLRecruiterWebsiteManager();

            AdminObject = BllManager.GetAdminLogin(AdminUsername, AdminPassword);

            bool validUser = PasswordHash.ValidatePassword(AdminPassword, AdminObject.PasswordHash);

            if (validUser == true)
            {
                Session["AdminID"] = AdminObject.Username;
                Response.Redirect("~/Admin.aspx");
            }

            try
            {

                txtAdminPassword.Text = "Incorrect Password";

            }
            catch (Exception)
            {

                throw;
            }


        }
コード例 #2
0
        protected void btnCreateAdmin_Click(object sender, EventArgs e)
        {

            string Username = txtUsername.Text;
            string Password = txtPassword.Text;
            string PasswordCon = txtPasswordCon.Text;
            string Email = txtEmail.Text;
            string EmailPwd = txtEmailPwd.Text;
            string EmailPwdConfirm = txtEmailPwdConfirm.Text;
            string FavouriteAnimal = txtSecretCode.Text;


            if (txtPassword.Text == txtPasswordCon.Text)
            {
                // hash/ salt password
                string saltHashReturned = PasswordHash.CreateHash(txtPassword.Text);

                saltHashReturned = PasswordHash.CreateHash(txtPassword.Text);

                int commaIndex = saltHashReturned.IndexOf(":");
                string extractedString = saltHashReturned.Substring(0, commaIndex);
                commaIndex = saltHashReturned.IndexOf(":");
                extractedString = saltHashReturned.Substring(commaIndex + 1);
                commaIndex = extractedString.IndexOf(":");
                string salt = extractedString.Substring(0, commaIndex);
                commaIndex = extractedString.IndexOf(":");
                extractedString = extractedString.Substring(commaIndex + 1);
                string hash = extractedString;
                if (txtEmailPwd.Text == txtEmailPwdConfirm.Text)
                {

                    // encrypt email with BLL encryption class
                    string securedPwd = Crypto.EncryptStringAES(EmailPwd, FavouriteAnimal);


                    AdminObj adminObj = new AdminObj();

                    adminObj.Username = Username;
                    adminObj.PasswordHash = salt;
                    adminObj.PasswordSalt = saltHashReturned;
                    /*
                     didn't know what you wanted me to do with that email.. so both rows in the database are email and email ahas. 
                     */
                    // ^^thanks this is what I was looking up for
                    adminObj.Email = Email;
                    adminObj.EmailHash = securedPwd;
                    adminObj.SecretCode = FavouriteAnimal;

                    BLLRecruiterWebsiteManager SendingAdminObjectToBLL = new BLLRecruiterWebsiteManager();

                    SendingAdminObjectToBLL.CreateAdminUser(adminObj);

                    Response.Redirect("~/Admin.aspx");
                }
               
            }

        }
コード例 #3
0
        // create an admin user. 

        public void CreateAdminUser( AdminObj adminObject)
        {
            DALRecruiterWebsiteManager DALWebMngr = new DALRecruiterWebsiteManager();

            try
            {
                DALWebMngr.CreateAdminProfile(adminObject);
            }
            catch (Exception)
            {
                
                throw;
            }
        }
コード例 #4
0
        // creates the admin profile
        
        public void CreateAdminProfile(AdminObj adminObject)
        {
            try
            {

                using (SqlConnection Cxn = new SqlConnection(CxnString))
                {
                    using (SqlCommand Cmd = new SqlCommand("spCreateAdmin", Cxn))
                    {
                        Cmd.CommandType = CommandType.StoredProcedure;

                        SqlParameter UserParam = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
                        SqlParameter PassWordHash = new SqlParameter("@PasswordSalt", SqlDbType.NVarChar, 250);
                        SqlParameter PassWordSalt = new SqlParameter("@PassWordHash", SqlDbType.NVarChar, 250);
                        SqlParameter Email = new SqlParameter("@Email", SqlDbType.NVarChar, 50);
                        SqlParameter EmailHash = new SqlParameter("@EmailEncry", SqlDbType.NVarChar, 250);
                        SqlParameter SecretCode = new SqlParameter("@SecretCode", SqlDbType.NVarChar, 50);

                        UserParam.Value = adminObject.Username;
                        PassWordHash.Value = adminObject.PasswordHash;
                        PassWordSalt.Value = adminObject.PasswordSalt;
                        Email.Value = adminObject.Email;
                        EmailHash.Value = adminObject.EmailHash;
                        SecretCode.Value = adminObject.SecretCode;

                        Cmd.Parameters.Add(UserParam);
                        Cmd.Parameters.Add(PassWordHash);
                        Cmd.Parameters.Add(PassWordSalt);
                        Cmd.Parameters.Add(Email);
                        Cmd.Parameters.Add(EmailHash);
                        Cmd.Parameters.Add(SecretCode);

                        Cxn.Open();
                        Cmd.ExecuteNonQuery();
                        Cxn.Close();


                    }
                }


            }
            catch (SqlException ex)
            {

                throw;
            }
        }
コード例 #5
0
        // log in for admin

        public AdminObj GetAdminLogin(string Username, string Password)
        {
            try
            {
                using (SqlConnection Cxn = new SqlConnection(CxnString))
                {
                    using (SqlCommand Cmd = new SqlCommand("spGetAdminLogin", Cxn))
                    {
                        Cmd.CommandType = CommandType.StoredProcedure;

                        SqlParameter UsernameParam = new SqlParameter("@Username", SqlDbType.NVarChar, 125);

                        UsernameParam.Value = Username;

                        Cmd.Parameters.Add(UsernameParam);

                        Cxn.Open();
                        dr = Cmd.ExecuteReader();
                        AdminObj AdminObject = new AdminObj();
                        
                        while (dr.Read())
                        {

                            int PrimaryKey = Convert.ToInt32(dr.GetValue(Convert.ToInt32(Admin_Obj.spID)));
                            string UsernameDB = dr.GetValue(Convert.ToInt32(Admin_Obj.spUsername)).ToString();
                            
                            string PassWordHash = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordHash)).ToString();
                            
                            string PassWordSalt = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordSalt)).ToString();
                          
                            string Email = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmail)).ToString();
                            
                            string EmailEncrypted = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmailEnc)).ToString();
                            string secretCode = dr.GetValue(Convert.ToInt32(Admin_Obj.spSecretCode)).ToString();


                            AdminObject.ID = PrimaryKey;
                            AdminObject.Username = UsernameDB;
                            AdminObject.PasswordSalt = PassWordSalt;
                            AdminObject.PasswordHash = PassWordHash;
                            AdminObject.Email = Email;
                            AdminObject.EmailHash = EmailEncrypted;
                            AdminObject.SecretCode = secretCode;



                        }
                        
                        Cxn.Close();
                        dr.Close();

                        return AdminObject;
                    }
                }

            }
            catch (SqlException ex)
            {

                throw;
            }

           
        }
コード例 #6
0
        //Populates the grid view of all the Admin User for Admin Secion

        public List<AdminObj> GetListOfAllAdminUser()
        {
            try
            {
                using (SqlConnection Cxn = new SqlConnection(CxnString))
                {
                    using (SqlCommand Cmd = new SqlCommand("spGetAllAdminUser", Cxn))
                    {
                        Cmd.CommandType = CommandType.StoredProcedure;

                        Cxn.Open();
                        dr = Cmd.ExecuteReader();
                        List<AdminObj> ListOfAdminObjects = new List<AdminObj>();
                        while (dr.Read())
                        {

                            int id = Convert.ToInt32(dr.GetValue(Convert.ToInt32(Admin_Obj.spID)));
                            string UsernameDB = dr.GetValue(Convert.ToInt32(Admin_Obj.spUsername)).ToString();
                            string PassWordSalt = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordSalt)).ToString();

                            string PassWordHash = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordHash)).ToString();

                            string Email = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmail)).ToString();

                            string EmailEncrypted = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmailEnc)).ToString();
                            string SecretCode = dr.GetValue(Convert.ToInt32(Admin_Obj.spSecretCode)).ToString();
                            AdminObj AdminObject = new AdminObj(UsernameDB, PassWordSalt, PassWordHash, Email, EmailEncrypted, SecretCode);
                            AdminObject.ID = id;
                            
                            ListOfAdminObjects.Add(AdminObject);

                        }

                        Cxn.Close();
                        dr.Close();

                        return ListOfAdminObjects;
                        
                    }
                }
            }
            catch (SqlException ex)
            {

                throw;
            }

            
        }