public static String generateSecurePassword(String password, String salt) { String returnValue = null; byte[] securePassword = PasswordUtil.hash(Encoding.ASCII.GetBytes(password), Encoding.ASCII.GetBytes(salt)); returnValue = System.Convert.ToBase64String(securePassword); return(returnValue); }
public static bool verifyUserPassword(String providedPassword, String securedPassword, String salt) { bool returnValue = false; // Generate New secure password with the same salt String newSecurePassword = PasswordUtil.generateSecurePassword(providedPassword, salt); // Check if two passwords are equal returnValue = newSecurePassword.Equals(securedPassword); return(returnValue); }
private void btnSave_Click(object sender, EventArgs e) { string stfID = txtStfId.Text; string fName = txtFName.Text; string lName = txtLName.Text; string email = txtEmail.Text; string phone = txtPhone.Text; string nic = txtNIC.Text; string qualification = txtQualification.Text; string experience = txtExperience.Text; string dob = dobPicker.Value.ToShortDateString(); string appdate = appdatePicker.Value.ToShortDateString(); string jdate = jDatePicker.Value.ToShortDateString(); string gender = ""; string password = txtPassword.Text; if (rBtnMale.Checked) { gender = "M"; } else if (rBtnFemale.Checked) { gender = "F"; } string pattern = null; pattern = "^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$"; if (!(stfID == "" || fName == "" || lName == "" || email == "" || phone == "" || nic == "" || qualification == "" || experience == "" || dob == "" || appdate == "" || jdate == "" || gender == "" || password == "")) { if (!(Regex.IsMatch(txtEmail.Text, pattern))) { MessageBox.Show("Email is not correct."); } else if (txtNIC.Text.Length != 10) { MessageBox.Show("NIC is incorrect."); } else { try { sqlCon.Open(); SqlCommand cmd1 = sqlCon.CreateCommand(); cmd1.CommandType = CommandType.Text; cmd1.CommandText = "INSERT INTO Staff VALUES('" + stfID + "', '" + phone + "', '" + fName + "', '" + lName + "','" + email + "','" + nic + "','" + appdate + "','" + jdate + "','" + qualification + "','" + gender + "','" + dob + "')"; cmd1.ExecuteNonQuery(); SqlCommand cmd2 = sqlCon.CreateCommand(); cmd2.CommandType = CommandType.Text; cmd2.CommandText = "INSERT INTO Non_Academic_Staff VALUES('" + stfID + "', '" + experience + "')"; cmd2.ExecuteNonQuery(); string saltpwd = PasswordUtil.getSalt(30); string secpwd = PasswordUtil.generateSecurePassword(password, saltpwd); SqlCommand cmd3 = sqlCon.CreateCommand(); cmd3.CommandType = CommandType.Text; cmd3.CommandText = "INSERT INTO Non_Academic_Staff_Credentials VALUES('" + stfID + "','" + secpwd + "','" + saltpwd + "')"; cmd3.ExecuteNonQuery(); } catch (Exception ex1) { MessageBox.Show("Error: " + ex1); } finally { sqlCon.Close(); } FillDataGridView(); MessageBox.Show("Successfully Inserted!"); clearDetails(); } } else { MessageBox.Show("All fields must be filled."); } }
private void btnLogin_Click(object sender, EventArgs e) { if (txtUsername.Text == "") { MessageBox.Show("Please enter username"); } else if (txtUsername.Text == "") { MessageBox.Show("Please enter password"); } else if (userType.Text == "") { MessageBox.Show("Please select usertype"); } else { string conString = CommonConstants.connnectionString; if (userType.Text.Equals("Academic Staff")) { using (SqlConnection connection = new SqlConnection(conString)) { connection.Open(); SqlCommand command = new SqlCommand(null, connection); command.CommandText = "SELECT * FROM Academic_Staff_Credentials WHERE stfID = @stfID "; SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100); stfID.Value = txtUsername.Text; command.Parameters.Add(stfID); // Call Prepare after setting the Commandtext and Parameters. command.Prepare(); SqlDataReader reader = command.ExecuteReader(); if (reader.Read()) { String secured_pwd_from_db = reader["password"].ToString(); String salt_from_db = reader["salt"].ToString(); String userID_from_db = reader["stfID"].ToString(); if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db)) { User u = new User(); //populate u //u.setuserID(userID_from_db); u = getAcademicStaffObjectWithAllProperties(userID_from_db); //Track Login - Start TrackLogin("Academic Staff", connection, userID_from_db, conString); //Track Login - End UserSessionStore.Instance.setUser(u); AcademicStaffDashBoard objAcdStfDashBoard = new AcademicStaffDashBoard(); this.Hide(); objAcdStfDashBoard.Show(); } else { MessageBox.Show("Your password is incorrect."); } } else { MessageBox.Show("Your Username or password not found."); } connection.Close(); } } else if (userType.Text.Equals("Administrative Staff")) { using (SqlConnection connection = new SqlConnection(conString)) { connection.Open(); SqlCommand command = new SqlCommand(null, connection); command.CommandText = "SELECT * FROM Administrative_Staff_credentials WHERE stfID = @stfID "; SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100); stfID.Value = txtUsername.Text; command.Parameters.Add(stfID); // Call Prepare after setting the Commandtext and Parameters. command.Prepare(); SqlDataReader reader = command.ExecuteReader(); if (reader.Read()) { String secured_pwd_from_db = reader["password"].ToString(); String salt_from_db = reader["salt"].ToString(); String userID_from_db = reader["stfID"].ToString(); if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db)) { User u = new User(); //populate u //u.setuserID(userID_from_db); u = getAdministrativeStaffObjectWithAllProperties(userID_from_db); //Track Login - Start TrackLogin("Administrative Staff", connection, userID_from_db, conString); //Track Login - End UserSessionStore.Instance.setUser(u); AdministrativeStaffDashboard objAdmStfDashBoard = new AdministrativeStaffDashboard(); this.Hide(); objAdmStfDashBoard.Show(); } else { MessageBox.Show("Your password is incorrect."); } } else { MessageBox.Show("Your Username or password not found."); } connection.Close(); } } else if (userType.Text.Equals("Admin")) { using (SqlConnection connection = new SqlConnection(conString)) { connection.Open(); SqlCommand command = new SqlCommand(null, connection); command.CommandText = "SELECT * FROM Admin_credentials WHERE adminID = @adminID "; SqlParameter adminID = new SqlParameter("@adminID", SqlDbType.VarChar, 100); adminID.Value = txtUsername.Text; command.Parameters.Add(adminID); // Call Prepare after setting the Commandtext and Parameters. command.Prepare(); SqlDataReader reader = command.ExecuteReader(); if (reader.Read()) { String secured_pwd_from_db = reader["password"].ToString(); String salt_from_db = reader["salt"].ToString(); String userID_from_db = reader["adminID"].ToString(); if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db)) { User u = new User(); //populate u u.setuserID(userID_from_db); u.Type = "Admin"; //Track Login - Start TrackLogin("Admin", connection, userID_from_db, conString); //Track Login - End UserSessionStore.Instance.setUser(u); AdminDashboard objAdminDashboard = new AdminDashboard(); this.Hide(); objAdminDashboard.Show(); } else { MessageBox.Show("Your password is incorrect."); } } else { MessageBox.Show("Your Username or password not found."); } connection.Close(); } } else if (userType.Text.Equals("Non Academic Staff")) { using (SqlConnection connection = new SqlConnection(conString)) { connection.Open(); SqlCommand command = new SqlCommand(null, connection); command.CommandText = "SELECT * FROM Non_Academic_Staff_Credentials WHERE stfID = @stfID "; SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100); stfID.Value = txtUsername.Text; command.Parameters.Add(stfID); // Call Prepare after setting the Commandtext and Parameters. command.Prepare(); SqlDataReader reader = command.ExecuteReader(); if (reader.Read()) { String secured_pwd_from_db = reader["password"].ToString(); String salt_from_db = reader["salt"].ToString(); String userID_from_db = reader["stfID"].ToString(); if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db)) { User u = new User(); //populate u //u.setuserID(userID_from_db); u = getNonAcademicStaffObjectWithAllProperties(userID_from_db); //Track Login - Start TrackLogin("Non Academic Staff", connection, userID_from_db, conString); //Track Login - End UserSessionStore.Instance.setUser(u); NonAcademicStaffDashboard objNonAcdStfDashboard = new NonAcademicStaffDashboard(); this.Hide(); objNonAcdStfDashboard.Show(); } else { MessageBox.Show("Your password is incorrect."); } } else { MessageBox.Show("Your Username or password not found."); } connection.Close(); } } else { MessageBox.Show("Unknown user type!!!"); } //Login validation end } }
private void button1_Click(object sender, EventArgs e) { if (txtPassword.Text == "" || txtRePassword.Text == "") { MessageBox.Show("Please enter new password and enter it again."); } else if (!(txtPassword.Text.Equals(txtRePassword.Text))) { MessageBox.Show("Passwords are not equal."); } else { //txtPassword.Text; //txtRePassword.Text; string saltpwd = PasswordUtil.getSalt(30); string secpwd = PasswordUtil.generateSecurePassword(txtPassword.Text, saltpwd); string typeString = userType.SelectedItem.ToString(); using (SqlConnection connection = new SqlConnection(conString)) { //try{ connection.Open(); SqlCommand command = new SqlCommand(null, connection); /* * UPDATE Academic_Staff_Credentials * SET password = '******', salt = 'sss' * WHERE stfID = 'iii'; */ if (typeString.Equals("Academic Staff")) { command.CommandText = "UPDATE Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID"; } else if (typeString.Equals("Non Academic Staff")) { command.CommandText = "UPDATE Non_Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID"; } else if (typeString.Equals("Administrative Staff")) { command.CommandText = "UPDATE Administrative_Staff_credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID"; } SqlParameter secPassword = new SqlParameter("@secPassword", SqlDbType.VarChar, 100); secPassword.Value = secpwd; command.Parameters.Add(secPassword); SqlParameter saltPassword = new SqlParameter("@saltPassword", SqlDbType.VarChar, 100); saltPassword.Value = saltpwd; command.Parameters.Add(saltPassword); SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100); stfID.Value = usernameString; command.Parameters.Add(stfID); // Call Prepare after setting the Commandtext and Parameters. command.Prepare(); command.ExecuteNonQuery(); MessageBox.Show("Password updated successfully. Now use your new password to login to the system."); //} //catch(Exception ex) { // MessageBox.Show(ex+"Error occured."); //} finally { // connection.Close(); //} } } }