private void signupButtonClicked(object sender, EventArgs e) { var userName = userNameTextBox.Text; var password = passwordTextBox.Text; var cmd = new SqlCommand(); if (userName.Length < 6 || password.Length < 6 /*use premade libary for this*/) { MessageBox.Show("Need at lease 1 number and blablalba etc..."); return; } HashSalt hashSalt = HashSalt.GenerateSaltedHash(64, password); using (SqlConnection connection = new SqlConnection(Uti.CONSTRING)) { connection.Open(); cmd.Parameters.AddWithValue("@userName", userName); cmd.Parameters.AddWithValue("@hash", hashSalt.Hash); cmd.Parameters.AddWithValue("@salt", hashSalt.Salt); cmd.CommandText = "INSERT INTO Users(Username ,Hash, Salt) VALUES ( @userName, @hash, @salt)"; cmd.Connection = connection; try { cmd.ExecuteNonQuery(); } catch (SqlException ex) { if (ex.Number == 2601 || ex.Number == 2627) { MessageBox.Show("User already exist!"); return; } } MessageBox.Show("New user added!"); } }
private void loginButtonClicked(object sender, EventArgs e) { var cmd = new SqlCommand(); var userName = userNameTextBox.Text; var userHashSalt = new HashSalt(); using (SqlConnection connection = new SqlConnection(Uti.CONSTRING)) { connection.Open(); cmd.Parameters.AddWithValue("@userName", userName); cmd.CommandText = "SELECT TOP 1 * FROM Users WHERE Username=@userName"; cmd.Connection = connection; using (SqlDataReader oReader = cmd.ExecuteReader()) { if (oReader.Read()) { userHashSalt = new HashSalt { Hash = oReader["Hash"].ToString(), Salt = oReader["Salt"].ToString() }; user.id = (int)oReader["Id"]; } else { MessageBox.Show("User or password invalid!" /*no user*/); return; } } bool isPasswordMatched = HashSalt.VerifyPassword(passwordTextBox.Text, userHashSalt.Hash, userHashSalt.Salt); if (isPasswordMatched) { MessageBox.Show("Login success!" /*password match*/); StartTimer(); cmd.Parameters.AddWithValue("@userId", user.id); cmd.Parameters.AddWithValue("@enterTime", user.connectedTime); cmd.CommandText = "INSERT INTO Attendance(EnterTime,UserId) Values(@enterTime,@userId); SELECT SCOPE_IDENTITY();"; user.attendanceId = int.Parse(cmd.ExecuteScalar().ToString()); } else { MessageBox.Show("User or password invalid!" /*Password invalid!*/); return; } } LogInLabel.Text = DateTime.Now.ToString(); statusLabel.ForeColor = Color.LimeGreen; statusLabel.Text = "User Online!"; if (userName == "adminadmin") { using (var adminForm = new AdminForm()) adminForm.ShowDialog(); } }
//public HashSalt(string hash, string salt) { Hash = hash; Salt = salt; } public static HashSalt GenerateSaltedHash(int size, string password) { var saltBytes = new byte[size]; var provider = new RNGCryptoServiceProvider(); provider.GetNonZeroBytes(saltBytes); var salt = Convert.ToBase64String(saltBytes); var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000); var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256)); HashSalt hashSalt = new HashSalt { Hash = hashPassword, Salt = salt }; return(hashSalt); }