public static String generateSecurePassword(String password, String salt)
{
String returnValue = null;
byte[] securePassword = PasswordUtil.hash(Encoding.ASCII.GetBytes(password), Encoding.ASCII.GetBytes(salt));
returnValue = System.Convert.ToBase64String(securePassword);
return(returnValue);
}
public static bool verifyUserPassword(String providedPassword, String securedPassword, String salt)
{
bool returnValue = false;
// Generate New secure password with the same salt
String newSecurePassword = PasswordUtil.generateSecurePassword(providedPassword, salt);
// Check if two passwords are equal
returnValue = newSecurePassword.Equals(securedPassword);
return(returnValue);
}
private void btnSave_Click(object sender, EventArgs e)
{
string stfID = txtStfId.Text;
string fName = txtFName.Text;
string lName = txtLName.Text;
string email = txtEmail.Text;
string phone = txtPhone.Text;
string nic = txtNIC.Text;
string qualification = txtQualification.Text;
string experience = txtExperience.Text;
string dob = dobPicker.Value.ToShortDateString();
string appdate = appdatePicker.Value.ToShortDateString();
string jdate = jDatePicker.Value.ToShortDateString();
string gender = "";
string password = txtPassword.Text;
if (rBtnMale.Checked)
{
gender = "M";
}
else if (rBtnFemale.Checked)
{
gender = "F";
}
string pattern = null;
pattern = "^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$";
if (!(stfID == "" || fName == "" || lName == "" || email == "" || phone == "" || nic == "" || qualification == "" || experience == "" ||
dob == "" || appdate == "" || jdate == "" || gender == "" || password == ""))
{
if (!(Regex.IsMatch(txtEmail.Text, pattern)))
{
MessageBox.Show("Email is not correct.");
}
else if (txtNIC.Text.Length != 10)
{
MessageBox.Show("NIC is incorrect.");
}
else
{
try
{
sqlCon.Open();
SqlCommand cmd1 = sqlCon.CreateCommand();
cmd1.CommandType = CommandType.Text;
cmd1.CommandText = "INSERT INTO Staff VALUES('" + stfID + "', '" + phone + "', '" + fName + "', '" + lName
+ "','" + email + "','" + nic + "','" + appdate + "','" + jdate + "','" + qualification + "','" + gender + "','" + dob + "')";
cmd1.ExecuteNonQuery();
SqlCommand cmd2 = sqlCon.CreateCommand();
cmd2.CommandType = CommandType.Text;
cmd2.CommandText = "INSERT INTO Non_Academic_Staff VALUES('" + stfID + "', '" + experience + "')";
cmd2.ExecuteNonQuery();
string saltpwd = PasswordUtil.getSalt(30);
string secpwd = PasswordUtil.generateSecurePassword(password, saltpwd);
SqlCommand cmd3 = sqlCon.CreateCommand();
cmd3.CommandType = CommandType.Text;
cmd3.CommandText = "INSERT INTO Non_Academic_Staff_Credentials VALUES('" + stfID + "','" + secpwd + "','" + saltpwd + "')";
cmd3.ExecuteNonQuery();
}
catch (Exception ex1)
{
MessageBox.Show("Error: " + ex1);
}
finally
{
sqlCon.Close();
}
FillDataGridView();
MessageBox.Show("Successfully Inserted!");
clearDetails();
}
}
else
{
MessageBox.Show("All fields must be filled.");
}
}
private void btnLogin_Click(object sender, EventArgs e)
{
if (txtUsername.Text == "")
{
MessageBox.Show("Please enter username");
}
else if (txtUsername.Text == "")
{
MessageBox.Show("Please enter password");
}
else if (userType.Text == "")
{
MessageBox.Show("Please select usertype");
}
else
{
string conString = CommonConstants.connnectionString;
if (userType.Text.Equals("Academic Staff"))
{
using (SqlConnection connection = new SqlConnection(conString))
{
connection.Open();
SqlCommand command = new SqlCommand(null, connection);
command.CommandText = "SELECT * FROM Academic_Staff_Credentials WHERE stfID = @stfID ";
SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
stfID.Value = txtUsername.Text;
command.Parameters.Add(stfID);
// Call Prepare after setting the Commandtext and Parameters.
command.Prepare();
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
String secured_pwd_from_db = reader["password"].ToString();
String salt_from_db = reader["salt"].ToString();
String userID_from_db = reader["stfID"].ToString();
if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
{
User u = new User();
//populate u
//u.setuserID(userID_from_db);
u = getAcademicStaffObjectWithAllProperties(userID_from_db);
//Track Login - Start
TrackLogin("Academic Staff", connection, userID_from_db, conString);
//Track Login - End
UserSessionStore.Instance.setUser(u);
AcademicStaffDashBoard objAcdStfDashBoard = new AcademicStaffDashBoard();
this.Hide();
objAcdStfDashBoard.Show();
}
else
{
MessageBox.Show("Your password is incorrect.");
}
}
else
{
MessageBox.Show("Your Username or password not found.");
}
connection.Close();
}
}
else if (userType.Text.Equals("Administrative Staff"))
{
using (SqlConnection connection = new SqlConnection(conString))
{
connection.Open();
SqlCommand command = new SqlCommand(null, connection);
command.CommandText = "SELECT * FROM Administrative_Staff_credentials WHERE stfID = @stfID ";
SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
stfID.Value = txtUsername.Text;
command.Parameters.Add(stfID);
// Call Prepare after setting the Commandtext and Parameters.
command.Prepare();
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
String secured_pwd_from_db = reader["password"].ToString();
String salt_from_db = reader["salt"].ToString();
String userID_from_db = reader["stfID"].ToString();
if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
{
User u = new User();
//populate u
//u.setuserID(userID_from_db);
u = getAdministrativeStaffObjectWithAllProperties(userID_from_db);
//Track Login - Start
TrackLogin("Administrative Staff", connection, userID_from_db, conString);
//Track Login - End
UserSessionStore.Instance.setUser(u);
AdministrativeStaffDashboard objAdmStfDashBoard = new AdministrativeStaffDashboard();
this.Hide();
objAdmStfDashBoard.Show();
}
else
{
MessageBox.Show("Your password is incorrect.");
}
}
else
{
MessageBox.Show("Your Username or password not found.");
}
connection.Close();
}
}
else if (userType.Text.Equals("Admin"))
{
using (SqlConnection connection = new SqlConnection(conString))
{
connection.Open();
SqlCommand command = new SqlCommand(null, connection);
command.CommandText = "SELECT * FROM Admin_credentials WHERE adminID = @adminID ";
SqlParameter adminID = new SqlParameter("@adminID", SqlDbType.VarChar, 100);
adminID.Value = txtUsername.Text;
command.Parameters.Add(adminID);
// Call Prepare after setting the Commandtext and Parameters.
command.Prepare();
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
String secured_pwd_from_db = reader["password"].ToString();
String salt_from_db = reader["salt"].ToString();
String userID_from_db = reader["adminID"].ToString();
if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
{
User u = new User();
//populate u
u.setuserID(userID_from_db);
u.Type = "Admin";
//Track Login - Start
TrackLogin("Admin", connection, userID_from_db, conString);
//Track Login - End
UserSessionStore.Instance.setUser(u);
AdminDashboard objAdminDashboard = new AdminDashboard();
this.Hide();
objAdminDashboard.Show();
}
else
{
MessageBox.Show("Your password is incorrect.");
}
}
else
{
MessageBox.Show("Your Username or password not found.");
}
connection.Close();
}
}
else if (userType.Text.Equals("Non Academic Staff"))
{
using (SqlConnection connection = new SqlConnection(conString))
{
connection.Open();
SqlCommand command = new SqlCommand(null, connection);
command.CommandText = "SELECT * FROM Non_Academic_Staff_Credentials WHERE stfID = @stfID ";
SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
stfID.Value = txtUsername.Text;
command.Parameters.Add(stfID);
// Call Prepare after setting the Commandtext and Parameters.
command.Prepare();
SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
String secured_pwd_from_db = reader["password"].ToString();
String salt_from_db = reader["salt"].ToString();
String userID_from_db = reader["stfID"].ToString();
if (PasswordUtil.verifyUserPassword(txtPassword.Text, secured_pwd_from_db, salt_from_db))
{
User u = new User();
//populate u
//u.setuserID(userID_from_db);
u = getNonAcademicStaffObjectWithAllProperties(userID_from_db);
//Track Login - Start
TrackLogin("Non Academic Staff", connection, userID_from_db, conString);
//Track Login - End
UserSessionStore.Instance.setUser(u);
NonAcademicStaffDashboard objNonAcdStfDashboard = new NonAcademicStaffDashboard();
this.Hide();
objNonAcdStfDashboard.Show();
}
else
{
MessageBox.Show("Your password is incorrect.");
}
}
else
{
MessageBox.Show("Your Username or password not found.");
}
connection.Close();
}
}
else
{
MessageBox.Show("Unknown user type!!!");
}
//Login validation end
}
}
private void button1_Click(object sender, EventArgs e)
{
if (txtPassword.Text == "" || txtRePassword.Text == "")
{
MessageBox.Show("Please enter new password and enter it again.");
}
else if (!(txtPassword.Text.Equals(txtRePassword.Text)))
{
MessageBox.Show("Passwords are not equal.");
}
else
{
//txtPassword.Text;
//txtRePassword.Text;
string saltpwd = PasswordUtil.getSalt(30);
string secpwd = PasswordUtil.generateSecurePassword(txtPassword.Text, saltpwd);
string typeString = userType.SelectedItem.ToString();
using (SqlConnection connection = new SqlConnection(conString))
{
//try{
connection.Open();
SqlCommand command = new SqlCommand(null, connection);
/*
* UPDATE Academic_Staff_Credentials
* SET password = '******', salt = 'sss'
* WHERE stfID = 'iii';
*/
if (typeString.Equals("Academic Staff"))
{
command.CommandText = "UPDATE Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
}
else if (typeString.Equals("Non Academic Staff"))
{
command.CommandText = "UPDATE Non_Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
}
else if (typeString.Equals("Administrative Staff"))
{
command.CommandText = "UPDATE Administrative_Staff_credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
}
SqlParameter secPassword = new SqlParameter("@secPassword", SqlDbType.VarChar, 100);
secPassword.Value = secpwd;
command.Parameters.Add(secPassword);
SqlParameter saltPassword = new SqlParameter("@saltPassword", SqlDbType.VarChar, 100);
saltPassword.Value = saltpwd;
command.Parameters.Add(saltPassword);
SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
stfID.Value = usernameString;
command.Parameters.Add(stfID);
// Call Prepare after setting the Commandtext and Parameters.
command.Prepare();
command.ExecuteNonQuery();
MessageBox.Show("Password updated successfully. Now use your new password to login to the system.");
//}
//catch(Exception ex) {
// MessageBox.Show(ex+"Error occured.");
//} finally {
// connection.Close();
//}
}
}
}
