protected void registerEventMethod(object sender, EventArgs e)
{
bool methodStatus = true;
if (methodStatus == true)
{
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
conn.Open();
queryStr = "INSERT INTO webapp.customer (cust_first_name, cust_last_name, cust_username, cust_email, cust_phone, slowHashSalt)" +
"Values(?Firstname, ?lastname, ?uname, ?email, ?phone, ?slowHashSalt)";
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
cmd.Parameters.AddWithValue("?firstname", tb_firstname.Text);
cmd.Parameters.AddWithValue("?lastname", tb_lastname.Text);
cmd.Parameters.AddWithValue("?uname", tb_username.Text);
cmd.Parameters.AddWithValue("?email", tb_email.Text);
cmd.Parameters.AddWithValue("?phone", tb_phone.Text);
/* from first : to second : is the salt */
/* from second : to the end is the hash */
string saltHashReturned = PasswordStorage.CreateHash(tb_password.Text);
int commaIndex = saltHashReturned.IndexOf(":");
string extractedString = saltHashReturned.Substring(0, commaIndex);
commaIndex = saltHashReturned.IndexOf(":");
extractedString = saltHashReturned.Substring(commaIndex + 1);
commaIndex = extractedString.IndexOf(":");
string salt = extractedString.Substring(0, commaIndex);
commaIndex = extractedString.IndexOf(":");
extractedString = extractedString.Substring(commaIndex + 1);
string hash = extractedString;
cmd.Parameters.AddWithValue("?slowHashSalt", saltHashReturned);
cmd.ExecuteReader();
Response.Redirect("CusLog.aspx", false);
conn.Close();
}
}
protected void barberRegisterEventMethod(object sender, EventArgs e)
{
string connString = System.Configuration.ConfigurationManager.ConnectionStrings["WebAppConnString"].ToString();
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
conn.Open();
queryString = "INSERT INTO webapp.barber (barber_first_name, barber_last_name, barber_username, barber_email, barber_phone, barber_slowHashSalt, barber_SIN, validated)" +
"VALUE(?firstname, ?lastname, ?uname, ?email, ?phone, ?slowHashSalt, ?SIN, ?validated)";
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryString, conn);
cmd.Parameters.AddWithValue("?firstname", tb_barbFirstName.Text);
cmd.Parameters.AddWithValue("?lastname", tb_barbLastName.Text);
cmd.Parameters.AddWithValue("?uname", tb_barbUsername.Text);
cmd.Parameters.AddWithValue("?email", tb_barbEmail.Text);
cmd.Parameters.AddWithValue("?phone", tb_barbPhone.Text);
cmd.Parameters.AddWithValue("?SIN", tb_barbSIN.Text);
cmd.Parameters.AddWithValue("?validated", "No");
string saltHashReturned = PasswordStorage.CreateHash(tb_barbPassword.Text);
int commaIndex = saltHashReturned.IndexOf(":");
string extractedString = saltHashReturned.Substring(0, commaIndex);
commaIndex = saltHashReturned.IndexOf(":");
extractedString = saltHashReturned.Substring(commaIndex + 1);
commaIndex = extractedString.IndexOf(":");
string salt = extractedString.Substring(0, commaIndex);
commaIndex = extractedString.IndexOf(":");
extractedString = extractedString.Substring(commaIndex + 1);
string hash = extractedString;
cmd.Parameters.AddWithValue("?slowHashSalt", saltHashReturned);
cmd.ExecuteReader();
Response.Redirect("BarLog.aspx", false);
conn.Close();
}
protected void submitEventMethod(object sender, EventArgs e)
{
List <string> saltHashList = null;
List <string> nameList = null;
/* is used to make a checkpoint */
bool isLoggedIn = false;
try
{
string connString = System.Configuration.ConfigurationManager.ConnectionStrings["WebAppConnString"].ToString();
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
conn.Open();
queryStr = "SELECT barberID, barber_slowHashSalt, barber_first_name, barber_last_name, barber_username, validated from webapp.barber " +
"WHERE barber_username =?uname";
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
cmd.Parameters.AddWithValue("?uname", tb_BarberUname.Text.Trim());
reader = cmd.ExecuteReader();
if (!reader.HasRows)
{
lb_invalid.Text = "Wrong username and/or password";
}
while (reader.HasRows && reader.Read())
{
if (saltHashList == null)
{
saltHashList = new List <string>();
nameList = new List <string>();
}
string saltHashes = reader.GetString(reader.GetOrdinal("barber_slowHashSalt"));
saltHashList.Add(saltHashes);
string fullName = reader.GetString(reader.GetOrdinal("barber_first_name")) + " " + reader.GetString(reader.GetOrdinal("barber_last_name"));
nameList.Add(fullName);
}
if (saltHashList != null)
{
for (int i = 0; i < saltHashList.Count; i++)
{
queryStr = "";
bool validUser = PasswordStorage.VerifyPassword(tb_BarberPass.Text, saltHashList[i]);
if (validUser == true)
{
Session["uname"] = nameList[i];
isLoggedIn = true;
}
else
{
lb_invalid.Text = "Wrong username and/or password";
}
}
}
if (isLoggedIn)
{
/* check validated column */
string isValidated = reader.GetString(reader.GetOrdinal("validated"));
if (isValidated == "No")
{
lb_invalid.Text = "Account is not validated, please contact administrator";
}
else
{
// barber is logged in & validated
int barberId = reader.GetInt32(reader.GetOrdinal("barberID"));
Response.BufferOutput = true;
Response.Redirect("BarberManageBooking.aspx?id=" + barberId, false);
}
}
reader.Close();
}
catch (Exception ex)
{
lb_invalid.Text = ex.ToString();
}
}
protected void submitEventMethod(object sender, EventArgs e)
{
List <String> saltHashList = null;
List <String> namesList = null;
try
{
String connString = System.Configuration.ConfigurationManager.ConnectionStrings["WebAppConnString"].ToString();
conn = new MySql.Data.MySqlClient.MySqlConnection(connString);
conn.Open();
queryStr = "SELECT customerID, slowHashSalt, cust_first_name, cust_last_name FROM webapp.customer WHERE cust_username=?uname";
cmd = new MySql.Data.MySqlClient.MySqlCommand(queryStr, conn);
cmd.Parameters.AddWithValue("?uname", tb_username.Text);
reader = cmd.ExecuteReader();
if (!reader.HasRows)
{
lb_invalid.Text = "Wrong username and/or password";
}
while (reader.HasRows && reader.Read())
{
if (saltHashList == null)
{
saltHashList = new List <String>();
namesList = new List <String>();
}
String saltHashes = reader.GetString(reader.GetOrdinal("slowHashSalt"));
saltHashList.Add(saltHashes);
String fullName = reader.GetString(reader.GetOrdinal("cust_first_name")) + " " + reader.GetString(reader.GetOrdinal("cust_last_name"));
namesList.Add(fullName);
}
if (saltHashList != null)
{
for (int i = 0; i < saltHashList.Count; i++)
{
queryStr = "";
bool validUser = PasswordStorage.VerifyPassword(tb_password.Text, saltHashList[i]);
if (validUser == true)
{
int customerId = reader.GetInt32(reader.GetOrdinal("customerID"));
Session["uname"] = namesList[i];
Response.BufferOutput = true;
Response.Redirect($"CustomerManageBooking.aspx?customerId={customerId}&barberId=0", false);
}
else
{
lb_invalid.Text = "Wrong username and/or password";
}
}
}
reader.Close();
}
catch (Exception ex)
{
lb_invalid.Text = ex.ToString();
}
}