/// <summary> /// Helper method to sign members up. Writes information to XML. /// Called upon correct user input of account creation. /// </summary> private void signup() { int i; string[] data = new string[4]; byte[] encrypted; string strEncrypted = ""; string key = ""; string iv = ""; data[0] = txt_username.Text; Aes aesAlg = Aes.Create(); // store key for de-cryption for (i = 0; i < aesAlg.Key.Length - 1; i++) { key += aesAlg.Key[i].ToString() + ","; } key += aesAlg.Key[i].ToString(); data[2] = key; // store iv for de-cryption for (i = 0; i < aesAlg.IV.Length - 1; i++) { iv += aesAlg.IV[i].ToString() + ","; } iv += aesAlg.IV[i].ToString(); data[3] = iv; // Encrypt using (aesAlg) { encrypted = EncryptDecypt.EncryptStringToBytes_Aes(txt_pass.Text, aesAlg.Key, aesAlg.IV); } // encrypted text - password for (i = 0; i < encrypted.Length - 1; i++) { strEncrypted += encrypted[i].ToString() + ","; } strEncrypted += encrypted[i].ToString(); data[1] = strEncrypted; EncryptDecypt.writeXml(data, false); Session["username"] = data[0]; Session["staff"] = false; Response.Redirect("~/stockPage.aspx"); }
/// <summary> /// Event handler for signup button /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void btn_signup_Click(object sender, EventArgs e) { // clear all error labels lbl_username_error.Text = ""; lbl_pass_error.Text = ""; lbl_pass_cnfrm_error.Text = ""; lbl_captcha_error.Text = ""; // check if username field is blank if (txt_username.Text == null || txt_username.Text == "") { lbl_username_error.Text = "Email is empty!"; return; } // check if password is blank if (txt_pass.Text == null || txt_pass.Text == "") { lbl_pass_error.Text = "Password is empty!"; return; } // check if passwords match if (!txt_pass.Text.Equals(txt_pass_cnfrm.Text)) { lbl_pass_error.Text = "Passwords do not match!"; lbl_pass_cnfrm_error.Text = "Passwords do not match!"; return; } // check if username is taken string[] usrNmChk = EncryptDecypt.readXml(txt_username.Text, false); if (usrNmChk != null && !usrNmChk[0].Equals("FILE NOT FOUND")) { // username was found in file lbl_username_error.Text = "Username taken, please choose again"; txt_username.Text = ""; return; } // check captcha string if (!Session["generatedString"].Equals(txt_img_string.Text)) { lbl_captcha_error.Text = "Incorrect verify string, try again."; return; } //no errors so sign member up signup(); }
/// <summary> /// Event handler to add staff members to the staff.xml file. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void btn_add_Click(object sender, EventArgs e) { int i; string[] data = new string[4]; byte[] encrypted; string strEncrypted = ""; string key = ""; string iv = ""; data[0] = txt_username.Text; Aes aesAlg = Aes.Create(); // store key for de-cryption for (i = 0; i < aesAlg.Key.Length - 1; i++) { key += aesAlg.Key[i].ToString() + ","; } key += aesAlg.Key[i].ToString(); data[2] = key; // store iv for de-cryption for (i = 0; i < aesAlg.IV.Length - 1; i++) { iv += aesAlg.IV[i].ToString() + ","; } iv += aesAlg.IV[i].ToString(); data[3] = iv; using (aesAlg) { encrypted = EncryptDecypt.EncryptStringToBytes_Aes(txt_pass.Text, aesAlg.Key, aesAlg.IV); } //encrypted text - password for (i = 0; i < encrypted.Length - 1; i++) { strEncrypted += encrypted[i].ToString() + ","; } strEncrypted += encrypted[i].ToString(); data[1] = strEncrypted; EncryptDecypt.writeXml(data, true); }
/// <summary> /// Event handler for a login click. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void btn_mber_login_Click(object sender, EventArgs e) { // check if the username has been set by the cookie logic. if (username == null) { username = txt_username.Text; } string password = txt_pass.Text; // clear errors lbl_username_error.Text = ""; lbl_pass_error.Text = ""; // check if username is empty if (username == null || username == "") { lbl_username_error.Text = "username is empty!"; return; } // check if password is empty if (password == null || password == "") { lbl_pass_error.Text = "Password is empty!"; return; } //check if credentials are correct string[] passWrdChk = EncryptDecypt.readXml(username, chk_staff.Checked); if (passWrdChk == null || passWrdChk[0].Equals("FILE NOT FOUND")) { lbl_username_error.Text = "Username not found or incorrect, please try again"; txt_username.Text = ""; return; } else { string[] encryptedPass = passWrdChk[0].Split(','); byte[] encryptedBytes = new byte[encryptedPass.Length]; for (int i = 0; i < encryptedPass.Length; i++) { encryptedBytes[i] = Convert.ToByte(encryptedPass[i]); } string[] strKey = passWrdChk[1].Split(','); byte[] keyBytes = new byte[strKey.Length]; for (int i = 0; i < strKey.Length; i++) { keyBytes[i] = Convert.ToByte(strKey[i]); } string[] strIV = passWrdChk[2].Split(','); byte[] ivBytes = new byte[strIV.Length]; for (int i = 0; i < strIV.Length; i++) { ivBytes[i] = Convert.ToByte(strIV[i]); } string decryptedPass = ""; Aes aesAlg; using (aesAlg = Aes.Create()) { decryptedPass = EncryptDecypt.DecryptStringFromBytes_Aes(encryptedBytes, keyBytes, ivBytes); } if (password.Equals(decryptedPass)) { if (chk_remember.Checked) { //create user cookie Response.Cookies["authcookie"]["username"] = username; Response.Cookies["authcookie"].Expires = DateTime.Now.AddMonths(6); } //create user session Session["username"] = username; //staff session? if (chk_staff.Checked) { Session["staff"] = true; } else { Session["staff"] = false; } //Access member page if everything worked Response.Redirect("~/stockPage.aspx"); } else { lbl_pass_error.Text = "Incorrect password, please try again."; txt_pass.Text = ""; } } }