protected void SignInButton_Click(object sender, EventArgs e)
{
string Emailadress = SignInEmailTB.Text.ToLower();
string PassWord = SignInPasswordTB.Text;
Entities.User result1 = new Entities.User();
//vul user credentials met email en wachtwoord+hashtouniqueid
string uniqueId = "";
using (MD5 md5 = MD5.Create())
{
byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(Emailadress));
uniqueId = PassWordSecurity.NameUUIDFromBytes(hash);
}
UserCredentials = new Entities.User();
UserCredentials.PassWordHash = uniqueId + BLL.PassWordSecurity.Hash(PassWord);
UserCredentials.EmailAdress = Emailadress;
if (UserCredentials != null)
{
if (!string.IsNullOrEmpty(UserCredentials.EmailAdress) && !string.IsNullOrEmpty(UserCredentials.PassWordHash))
{
BLL.LogInHelper logInHelper = new BLL.LogInHelper();
try
{
//probeer in te loggen met ingevulde gegevens
result1 = logInHelper.LoginAtPageLoad(UserCredentials);
if (result1 != null || result1.ID != 0)
{
//inlog geaccepteerd
ShowMessagerAlert("U bent ingelogd");
Session["User"] = result1;
SiteMaster.setLoggedInText(UserCredentials.EmailAdress, "/Account");
Response.Redirect("/Account.aspx");
}
else
{
SiteMaster.setLoggedInText("Inloggen", "/SignIn");
ShowMessagerAlert("Deze combinatie van gebruikersnaam en wachtwoord is niet gevonden");
}
}
catch (Exception ex)
{
ShowMessagerAlert("Probleem bij ophalen van gebruikergegevens: " + ex.Message);
}
}
else
{
ShowMessagerAlert("Er zijn geen gebruikersnaam of wachtwoord ingevuld");
}
}
else
{
SiteMaster.setLoggedInText("Inloggen", "/SignIn");
ShowMessagerAlert("Er zijn geen gebruikersnaam of wachtwoord ingevuld");
}
//do postback zodat inloggen vervangen wordt door emailadress
ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "DoPostBack", "__doPostBack(sender, e)", true);
}
public Entities.User GetUserSignInCredentials(string username, string passwordHash)
{
string uniqueId;
using (MD5 md5 = MD5.Create())
{
byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(username.ToLower()));
uniqueId = PassWordSecurity.NameUUIDFromBytes(hash);
}
using (MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand("Select * from user where Lower(user.EmailAdress) =Lower(@Username) and user.PasswordHash =@password", con))
{
cmd.Parameters.AddWithValue("@Username", username ?? throw new Exception("Username is leeg"));
cmd.Parameters.AddWithValue("@password", passwordHash ?? throw new Exception("Password is leeg"));
Entities.User usercredentials = new Entities.User();
try
{
con.Open();
MySqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
usercredentials.EmailAdress = (string)reader["EmailAdress"];
usercredentials.PassWordHash = (string)reader["PasswordHash"];
usercredentials.Confirmed = (bool)reader["Confirmed"];
usercredentials.UniqueUserID = (string)reader["UniqueID"];
usercredentials.PhoneNumber = (string)reader["PhoneNumber"];
usercredentials.FirstName = (string)reader["FirstName"];
usercredentials.LastName = (string)reader["LastName"];
usercredentials.BsnNumber = (string)reader["BsnNumber"];
usercredentials.RoleID = (int)reader["RoleID"];
usercredentials.ID = (int)reader["ID"];
}
}
catch (Exception ex)
{
if (con.State != System.Data.ConnectionState.Closed)
{
con.Close();
}
throw new Exception(ex.Message);
}
if (con.State != System.Data.ConnectionState.Closed)
{
con.Close();
}
if (!string.IsNullOrEmpty(usercredentials.EmailAdress) && !string.IsNullOrEmpty(usercredentials.PassWordHash))
{
return(usercredentials);
}
else
{
return(null);
}
}
}
void AddUser(string FirstName, string LastName, string Password, string EmailAdress, string BsnNumber, string PhoneNumber)
{
Entities.User newUser = new Entities.User();
newUser.FirstName = FirstName;
newUser.LastName = LastName;
newUser.PassWordHash = Password;
newUser.EmailAdress = EmailAdress;
newUser.BsnNumber = BsnNumber;
newUser.PhoneNumber = PhoneNumber;
string input = EmailAdress;
string uniqueId;
using (MD5 md5 = MD5.Create())
{
byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(input.ToLower()));
uniqueId = PassWordSecurity.NameUUIDFromBytes(hash);
}
newUser.UniqueUserID = uniqueId;
DAL.DBUserConnection userDB = new DAL.DBUserConnection();
userDB.AddUser(newUser);
}
/// <summary>
/// Adds a user
/// </summary>
/// <param name="user"></param>
public void AddUser(Entities.User user)
{
using (MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand("INSERT INTO user VALUES (0,@BsnNumber, @PhoneNumber,@FirstName,@LastName,@EmailAdress,@PasswordHash,@Confirmed,@UniqueID,0,0)", con))
{
cmd.Parameters.AddWithValue("@BsnNumber", user.BsnNumber ?? throw new Exception("BSN nummer is leeg"));
cmd.Parameters.AddWithValue("@PhoneNumber", user.PhoneNumber ?? "");
cmd.Parameters.AddWithValue("@FirstName", user.FirstName ?? throw new Exception("Voornaam is leeg"));
cmd.Parameters.AddWithValue("@LastName", user.LastName ?? throw new Exception("Achternaam is leeg"));
cmd.Parameters.AddWithValue("@EmailAdress", user.EmailAdress ?? throw new Exception("EmailAdress is leeg"));
if (string.IsNullOrEmpty(user.PassWordHash))
{
throw new Exception("Wachtwoord is leeg");
}
else
{
if (user.UniqueUserID == null)
{
throw new Exception("uniek id is leeg");
}
else
{
cmd.Parameters.AddWithValue("@UniqueID", user.UniqueUserID);
}
cmd.Parameters.AddWithValue("@PasswordHash", user.UniqueUserID.ToString() + PassWordSecurity.Hash(user.PassWordHash));
}
cmd.Parameters.AddWithValue("@Confirmed", user.Confirmed);
try
{
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
catch (Exception ex)
{
if (con.State != System.Data.ConnectionState.Closed)
{
con.Close();
}
throw new Exception(ex.Message);
}
}
}
private string Login(string Emailadress, string PassWord)
{
try
{
try
{
string uniqueId;
using (MD5 md5 = MD5.Create())
{
byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(Emailadress));
uniqueId = PassWordSecurity.NameUUIDFromBytes(hash);
}
UserCredentials = userDB.GetUserSignInCredentials(Emailadress, uniqueId + BLL.PassWordSecurity.Hash(PassWord));
}
catch (Exception)
{
return("Er is een fout opgetreden bij het ophalen van de gebruiker gegevens uit het database");
}
if (UserCredentials != null)
{
string DBemail = UserCredentials.EmailAdress;
string DBpassword = UserCredentials.PassWordHash;
bool DBconfirmed = UserCredentials.Confirmed;
string DBUniqueId = UserCredentials.UniqueUserID;
if (DBconfirmed)
{
string TBPassword = PassWordSecurity.Hash(PassWord);
string uniqueId;
using (MD5 md5 = MD5.Create())
{
byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(DBemail));
uniqueId = PassWordSecurity.NameUUIDFromBytes(hash);
}
if (TBPassword == DBpassword && DBUniqueId == uniqueId)
{
//wachtwoord is gecontroleerd en goedgekeurd gebruiker mag worden ingelogd.
Session["User"] = UserCredentials;
Response.Redirect("/");
return("U wordt ingelogd");
}
else
{
// wachtwoord fout
return("Combinatie van gebruikersnaam en wachtwoord is niet goed");
}
}
else
{
//gebruiker mag niet inloggen!!
return("U bent nog niet geaccepteerd door één van de beheerders");
}
}
else
{
return("Er is een fout opgetreden: 'UserCredentials was null'");
}
}
catch (Exception)
{
return("Er is een fout opgetreden, probeer later opnieuw");
}
}
