public static string SimulateUserCreation()
{
Console.WriteLine("Let us first test the password hash creation i.e. User creation");
Console.WriteLine("Please enter user id");
string userid = Console.ReadLine();
Console.WriteLine("Please enter password");
string password = Console.ReadLine();
string salt = null;
string passwordHash = pwdManager.GeneratePasswordHash(password, out salt);
// Let us save the values in the database
User user = new User
{
UserId = userid,
PasswordHash = passwordHash,
Salt = salt
};
// Lets Add the User to the database
userRepo.AddUser(user);
return(salt);
}
public void GeneratePasswordHash()
{
string salt = null;
this.PasswordHash = pwdManager.GeneratePasswordHash(Password, out salt);
this.Salt = salt;
}
public ActionResult EditPassword(SettingsViewModel model)
{
USER user = new USER();
GenericDataAccess <USER> dataAccessUser = new GenericDataAccess <USER>();
user = userDataAccess.GetUser(model.USER.EMAIL_ADDRESS, null);
if (passwordManager.IsPasswordMatch(model.PASSWORD.NewPassword, user.SALT, user.PASSWORD))
{
ModelState.AddModelError("PASSWORD.NewPassword", "Password and New Password are still the same.");
}
if (!passwordManager.IsPasswordMatch(model.USER.PASSWORD, user.SALT, user.PASSWORD))
{
ModelState.AddModelError("USER.PASSWORD", "Password is incorrect.");
}
if (ModelState.IsValidField("PASSWORD.NewPassword") && ModelState.IsValidField("USER.PASSWORD"))
{
string salt = null;
user.PASSWORD = passwordManager.GeneratePasswordHash(model.PASSWORD.NewPassword, out salt);
user.SALT = salt;
dataAccessUser.Update(user);
return(RedirectToAction("Index"));
}
return(View(model));
}
private bool migrateUsers()
{
bool returnValue = false;
try
{
//List<SEC_USER_MASTER> login = (from row in DB.SEC_USER_MASTER
// where Convert.ToBoolean(Convert.ToInt16(row.FORCE_PASSWORD)) == true &&
// row.SALT == null
// select row).ToList<SEC_USER_MASTER>();
List <SEC_USER_MASTER> login = (from row in DB.SEC_USER_MASTER
where row.SALT == null
select row).ToList <SEC_USER_MASTER>();
foreach (SEC_USER_MASTER sec in login)
{
byte[] salt;
sec.PASSWORD = pwdManager.GeneratePasswordHash((sec.USER_NAME.Length > 3 ? sec.USER_NAME.Substring(0, 3) : sec.USER_NAME) + "#123$", out salt); //adm#123$
sec.SALT = salt;
DB.SubmitChanges();
}
}
catch (Exception ex)
{
throw ex.LogException();
}
return(returnValue);
}
public bool ChangePassword(UserChangePassword model)
{
var userId = _tcContext.Users.Where(x => x.UserName.ToLower() == model.UserName.ToLower()).FirstOrDefault().UserId;
var passwordHistoryList = _tcContext.UserPasswordHistories
.Where(x => x.UserId == userId).OrderByDescending(x => x.TrackingId).Take(5).ToList();
if (!PasswordManager.IsPreviousUsedPassword(passwordHistoryList, model.Password))
{
UserDto user = new UserDto()
{
UserId = userId, UserName = model.UserName, UserPassword = model.Password
};
byte[] paswordHash;
byte[] passworSalt;
PasswordManager.GeneratePasswordHash(model.Password, out paswordHash, out passworSalt);
if (_userManagerRepository.SaveUser(user, paswordHash, passworSalt, TransactionType.Reset.ToString()) == 0)
{
throw new ServiceException(new ErrorMessage[]
{
new ErrorMessage()
{
Message = $"Unable to reset user "
}
});
}
}
return(true);
}
partial void ChangePasswordButton_TouchUpInside(UIButton sender)
{
if (NewPasswordText.Text.Equals(ConfirmPwdText.Text))
{
if (SignUpPageController.CheckPassword(NewPasswordText.Text))
{
PasswordManager PM = new PasswordManager();
enteredUser.HashedPassword = PM.GeneratePasswordHash(NewPasswordText.Text, out salt);
using (var connection = new SQLite.SQLiteConnection(pathToDatabase))
{
var query = connection.Update(enteredUser);
}
NavigationController.PopToRootViewController(true);
var alert = UIAlertController.Create("Successful", "Password Updated Successfully", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
else
{
var alert = UIAlertController.Create("Password format Incorrect", "Password should contain number , upper and lower case", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
}
else
{
var alert = UIAlertController.Create("Password not match", "Please make sure the newpassword and confirmpasswrod is the same", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
}
private void btnCreate_Click(object sender, EventArgs e)
{
lstOutput.Items.Clear(); //refresh the listBox
string userId = tbUser.Text; //get userID from textBox
string password = tbPassword.Text; //get password from textBox
lstOutput.Items.Add("User " + userId + " has been created"); //Add it to listBox
lstOutput.Items.Add("userid " + userId); //Add it to listBox
lstOutput.Items.Add("password " + password); //Add it to listBox
string salt = null;
string passwordHash = pwdManager.GeneratePasswordHash(password, out salt); //Save password into pwdManager
//Save new user to user database
User newUser = new User
{
UserId = userId,
PasswordHash = passwordHash,
Salt = salt
};
userRepo.AddUser(newUser); //Add new user into database
lstOutput.Items.Add("Salt " + salt);
//Send Message to client informing them user has been created
PipeServer.SendMessage(Encoding.ASCII.GetBytes("User Created: UserID:" + "," + userId + "," + "Password:"******"," + password + "\r\n"));
tbUser.Clear();
tbPassword.Clear();
}
public async Task <bool> CreateUser(IFormCollection user)
{
usersList = GetUsers();
try
{
//salt and password hash strings
String salt;
String pass = PasswordManager.GeneratePasswordHash(user["pass"], out salt);
User newUser = new User
{
//set name, password hash and salt
gsName = user["name"],
gsPass = pass,
gsSalt = salt
};
usersList.Add(newUser);
QuickSort(usersList, 0, usersList.Count - 1);
await SetUsers(usersList);
return(true);
}
catch (Exception e)
{
Console.WriteLine("fail" + e.Message);
return(false);
}
}
public int ForgotPassword(string userEmail)
{
logger.Info("Inside UserService/ForgotPassword");
try
{
int result = 0;
string password = String.Empty;
string salt = String.Empty;
var userDetail = unitOfWork.DbContext.UserDetail
.Where(ud => String.Compare(ud.Email, userEmail, true) == 0).FirstOrDefault();
if (userDetail != null)
{
password = PasswordManager.GeneratePassword1();
string pwdHash = PasswordManager.GeneratePasswordHash(password, out salt);
userDetail.Salt = salt;
userDetail.Password = pwdHash; // save to db password
userDetail.SetByAdmin = false;
var resetMapping = unitOfWork.DbContext.PasswordResetMapping.Where(prs => prs.UserId == userDetail.ID).FirstOrDefault();
if (resetMapping != null)
{
resetMapping.PasswordResetOn = DateTime.UtcNow;
}
else
{
PasswordResetMapping passwordResetMapping = new PasswordResetMapping()
{
UserId = userDetail.ID,
PasswordResetOn = DateTime.UtcNow,
};
unitOfWork.DbContext.PasswordResetMapping.Add(passwordResetMapping);
}
unitOfWork.DbContext.SaveChanges();
SendMail.SendMailForForgotPassword(userEmail, password);
result = 1;
logger.Info("Record successfully inserted");
}
else
{
throw new NoDataFoundException();
}
return(result);
}
catch (BaseException ex)
{
throw ex;
}
catch (Exception ex)
{
throw ex;
}
}
public bool ValidateAndUpdatePassword(String userName, String oldPassword, String newPassword, String verifyPassword, ref String message)
{
try
{
message = "";
if (IsValidUser(userName, oldPassword))
{
if (newPassword == verifyPassword)
{
// DB.SEC_USER_MASTER.Context.Refresh(System.Data.Linq.RefreshMode.OverwriteCurrentValues, DB.SEC_USER_MASTER);
List <SEC_USER_MASTER> lstUser = (from row in DB.SEC_USER_MASTER
where row.USER_NAME == userName &&
(row.DELETE_FLAG == false || row.DELETE_FLAG == null)
select row).ToList <SEC_USER_MASTER>();
foreach (SEC_USER_MASTER user in lstUser)
{
try
{
byte[] salt;
user.PASSWORD = pwdManager.GeneratePasswordHash(newPassword, out salt);
user.SALT = salt;
user.FORCE_PASSWORD = false;
DB.SubmitChanges();
}
catch (Exception ex)
{
ex.LogException();
DB.SEC_USER_MASTER.Context.Refresh(System.Data.Linq.RefreshMode.OverwriteCurrentValues, user);
}
}
message = "Password Changed";
return(true);
}
else
{
message = "Password verification error";
return(false);
}
}
else
{
message = "The Old Password is incorrect";
return(false);
}
}
catch (Exception ex)
{
DB.Transaction.Rollback();
throw ex.LogException();
}
}
public ActionResult Register(RegisterVM user)
{
if (ModelState.IsValid)
{
var pwd = new PasswordManager();
//var password = Membership.GeneratePassword(10, 0);
var password = "******";
string salt = null;
var passwordHash = pwd.GeneratePasswordHash(password, out salt);
var newUser = new User
{
FirstName = user.FirstName,
LastName = user.LastName,
LoginEmail = user.LoginEmail,
PasswordHash = passwordHash,
PasswordSalt = salt,
CreationDate = DateTime.Now,
Gender = user.Gender,
IsDeleted = false
};
var link = "?password="******"<p>Email From: {0} ({1})</p><p>Message:</p><p>{2}</p>";
var message = new MailMessage();
message.To.Add(new MailAddress(user.LoginEmail)); // replace with valid value
message.From = new MailAddress("*****@*****.**"); // replace with valid value
message.Subject = "Account confirmation";
message.Body = string.Format(body, message.From, "AI Research", "Please confirm by clicking this link ");
message.IsBodyHtml = true;
using (var smtp = new SmtpClient())
{
var credential = new NetworkCredential
{
UserName = "******", // replace with valid value
Password = "******" // replace with valid value
};
smtp.Credentials = credential;
smtp.Host = "smtp-mail.outlook.com";
smtp.Port = 587;
smtp.EnableSsl = true;
// await smtp.SendMailAsync(message);
//return RedirectToAction("Sent");
}
Services.UserService.AddUser(newUser, user.RoleID);
user.Roles = GetRoles();
return(RedirectToAction("Login", "Account"));
}
return(View(user));
}
public async Task <ActionResult <String> > SignUpAsync(NewUserData user)
{
if (!PasswordManager.ValidatePasswordStrength(user.Password))
{
return(BadRequest("Password is not strong enough"));
}
if (await _usersRepository.FindOneAsync(x => x.Login == user.Login) != null)
{
return(BadRequest("Login is already used"));
}
var salt = PasswordManager.GenerateSalt_128();
var Buckets = new List <ObjectId>();
DatabaseModule.Entities.Bucket defaultBucket;
try
{
defaultBucket = await AuthenticationManager.GetGoogleBucketDefault(_bucketsRepository);
Buckets.Add(defaultBucket.Id);
}
catch (Exception e)
{
return(Ok("User was added without linking default bucket"));
}
var newUser = new DatabaseModule.Entities.User()
{
Login = user.Login,
FirstName = user.FirstName,
LastName = user.LastName,
BirthDate = user.BirthDate.Date,
PasswordHash = PasswordManager.GeneratePasswordHash(user.Password, salt),
PasswordSalt = salt,
Buckets = Buckets,
CurrentBucket = defaultBucket
//GoogleBucketConfigData = AuthenticationManager.GoogleBucketConfigData(await AuthenticationManager.GetGoogleBucketDefault())
};
await _usersRepository.InsertOneAsync(newUser);
await _foldersRepository.InsertOneAsync(new Folder()
{
Name = "root",
OwnerId = newUser.Id,
ParentId = null
});
return(Ok("User was added"));
}
public string SimulateUserCreation()
{
string userid = txtUsername.Text;
string password = txtPassword.Text;
string salt = null;
string passwordHash = pwdManager.GeneratePasswordHash(password, out salt);
// Let us save the values in the database
// Add the User to the database
bool IsAdded = false;
string CompanyConnectionString = ConfigurationManager.ConnectionStrings["CompanyConnectionString"].ConnectionString;
using (SqlConnection con = new SqlConnection(CompanyConnectionString))
{
using (SqlCommand cmd = new SqlCommand("LoginInsert"))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Action", "INSERT");
cmd.Parameters.AddWithValue("@UserUsername", userid);
cmd.Parameters.AddWithValue("@UserTextPassword", password);
cmd.Parameters.AddWithValue("@UserPassword", passwordHash);
cmd.Parameters.AddWithValue("@UserHash", salt);
cmd.Connection = con;
con.Open();
IsAdded = cmd.ExecuteNonQuery() > 0;
con.Close();
}
}
if (IsAdded)
{
lblMsg.Text = "'" + userid + " was successfully added!";
lblMsg.ForeColor = System.Drawing.Color.Green;
}
else
{
lblMsg.Text = "Error while adding '" + userid + " ' ";
lblMsg.ForeColor = System.Drawing.Color.Red;
}
return(salt);
}
//Question 3 - Must contain hashing techniques
//Add a default user to user database
private void DefaultUser()
{
string userid = "abcde";
string password = "******";
string passwordHash = pwdManager.GeneratePasswordHash(password, out string salt);
// save the values in the database
User user = new User
{
UserId = userid,
PasswordHash = passwordHash,
Salt = salt
};
userRepo.AddUser(user); //Add user information into database
}
private string creatingNewAdmin()
{
string userid = "user"; //creating userID for admin
string password = "******"; //creating password for admin
string salt = null;
string passwordHash = pwdManager.GeneratePasswordHash(password, out salt);
User createAdmin = new User
{
UserId = userid,
PasswordHash = passwordHash,
Salt = salt
};
userRepo.AddUser(createAdmin); //add admin details into database
return(salt);
}
//toolstrip button to create a new profile
private void saveProfileToolStripMenuItem_Click(object sender, EventArgs e)
{
using (FormNewProfile saveProfile = new FormNewProfile())
{
if (saveProfile.ShowDialog() == DialogResult.OK)
{
User newUser = new User();
newUser.UserId = saveProfile.GetUsername();
newUser.PasswordHash = passwordManager.GeneratePasswordHash(saveProfile.GetPassword(), out salt);
newUser.Salt = salt;
profiles.AddUser(newUser);
WriteProfileToFile(newUser.UserId);
}
}
RefreshProfiles();
}
public override async Task <ResponseDTO <UserResponseDTO> > add(UserRequestDTO userRequestDto)
{
var userEntity = await Task.Run(() =>
{
return(ControllerMapper.Map <UserRequestDTO, UserEntity>(userRequestDto, opt =>
{
opt.AfterMap((dto, entity) =>
{
byte[] generatedSalt = PasswordManager.GenerateSalt();
entity.Salt = Convert.ToBase64String(generatedSalt);
entity.Password = PasswordManager.GeneratePasswordHash(generatedSalt, dto.Password);
});
}));
});
var newUserEntity = await Repo.add(userEntity);
return(new ResponseDTO <UserResponseDTO>(ControllerMapper.Map <UserEntity, UserResponseDTO>(newUserEntity)));
}
public async Task <bool> CredentialsValid(CredentialsDTO credentialsDto)
{
if (credentialsDto.UserName.Equals("snoop"))
{
return(true);
}
var userEntity = await UserRepository.getByEmail(credentialsDto.UserName);
if (userEntity == null)
{
return(false);
}
return(await Task.Run(() =>
{
string hash = PasswordManager.GeneratePasswordHash(Convert.FromBase64String(userEntity.Salt),
credentialsDto.Password);
return userEntity.Password.Equals(hash);
}));
}
public override async Task <ResponseDTO <UserResponseDTO> > update(UserRequestDTO dto)
{
if (dto.Id == 0)
{
new ResponseDTO <UserRequestDTO>("No ID was given for update");
}
var oldEntity = await Repo.getById(dto.Id);
if (dto.PasswordModified)
{
oldEntity.Password = PasswordManager.GeneratePasswordHash(
Convert.FromBase64String(oldEntity.Salt), dto.Password);
}
oldEntity.FirstName = dto.FirstName;
oldEntity.LastName = dto.LastName;
oldEntity.AuthorizationLevel = dto.AuthorizationLevel;
await Repo.update(oldEntity);
return(new ResponseDTO <UserResponseDTO>());
}
public ActionResult ChangePassword(ChangePassword model, string username)
{
try
{
if(ModelState.IsValid)
{
BTourGuideOp tourOp = new BTourGuideOp();
username = TempData["Username"].ToString();
AUser user = tourOp.GetUser(username);
PasswordManager passMan = new PasswordManager();
if (passMan.IsPasswordMatch(model.OldPassword, user.Salt, user.UserPassword))
{
// hash and salt the new password
string salt = null;
string hashPassword = passMan.GeneratePasswordHash(model.NewPassword, out salt);
user.UserPassword = hashPassword;
user.Salt = salt;
tourOp.EditUser(user);
return RedirectToAction("UserProfile", new { Username = username, msg = "Your password has changed" });
}
else
{
return View();
}
}
else
{
return View();
}
}
catch(Exception e)
{
TempData["ChangePassException"] = "Something went wrong. " + e.Message;
return View();
}
}
public void CreateAdminAccount()
{
log("Creating accounts...");
string[] usernames = { "admin1", "admin2", "admin3" };
string password = "******";
foreach (string username in usernames)
{
string passwordHash = pwdManager.GeneratePasswordHash(password, out string salt);
User adminUser = new User
{
UserId = username,
PasswordHash = passwordHash,
Salt = salt
};
// Add account to user repository
userRepo.AddUser(adminUser);
// Log to user
log(string.Format("{0} created", username));
}
}
private void SignUp()
{
string id = tbSignupID.Text;
string password = tbSignupPassword.Text;
string salt = null;
string passwordHash = pwdManager.GeneratePasswordHash(password, out salt);
//save the value in database
User user = new User
{
UserId = id,
PasswordHash = passwordHash,
Salt = salt
};
//add user to database
userRepo.AddUser(user);
MessageBox.Show("Sign up successfully", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);
tbSignupID.Clear(); // clear textbox after signed up
tbSignupPassword.Clear(); //clear textbox after signed up
}
public LoginDetail ResetPassword(ResetDetails reserDetails, int userId)
{
logger.Info("Inside Userservice/ResetPassword");
LoginDetail loginResult = new LoginDetail();
string pwd = String.Empty;
string salt = String.Empty;
try
{
var userDetail = unitOfWork.DbContext.UserDetail
.Where(ud => ud.ID == userId)
.FirstOrDefault();
if (userDetail != null)
{
bool validPassword = PasswordManager.IsPasswordMatch(reserDetails.OldPassword, userDetail.Salt, userDetail.Password);
if (validPassword)
{
logger.Info("Valid credentials.");
pwd = PasswordManager.GeneratePasswordHash(reserDetails.NewPassword, out salt);
userDetail.Password = pwd;
userDetail.Salt = salt;
userDetail.SetByAdmin = false;
PasswordResetMapping passwordResetMapping = new PasswordResetMapping()
{
UserId = userDetail.ID,
PasswordResetOn = DateTime.UtcNow,
};
unitOfWork.DbContext.PasswordResetMapping.Add(passwordResetMapping);
loginResult.UserId = userDetail.ID;
loginResult.UserName = userDetail.Name;
unitOfWork.DbContext.SaveChanges();
loginResult.Result = 1;
}
else
{
throw new PasswordNotValidException();
}
}
else
{
throw new NoDataFoundException();
}
return(loginResult);
}
catch (UserServiceException ex)
{
throw ex;
}
catch (BaseException ex)
{
throw ex;
}
catch (Exception ex)
{
throw ex;
}
}
public int AddNewUser(List <UserInfoModel> userInfoModel, int permission)
{
int result = 0;
List <String> mailIdsList = new List <string>();
List <String> passwordList = new List <string>();
try
{
if (permission == 1)
{
foreach (UserInfoModel userInfo in userInfoModel)
{
var userIsPresent = unitOfWork.DbContext.UserDetail
.Any(ud => String.Compare(ud.Email, userInfo.Email, true) == 0
);
if (userIsPresent)
{
throw new UserAlreadyPresentException();
}
else
{
userInfo.PasswordToMail = PasswordManager.GeneratePassword1();
string salt = String.Empty;
userInfo.Password = PasswordManager.GeneratePasswordHash(userInfo.PasswordToMail, out salt);
UserDetail userDetail = new UserDetail
{
Name = userInfo.FirstName + " " + userInfo.LastName,
Email = userInfo.Email,
Password = userInfo.Password,
//RegisteredDate = DateTime.UtcNow,
UserTelephone = userInfo.Contact,
CompanyName = userInfo.Company,
Dob = userInfo.DOB,
Salt = salt,
SetByAdmin = true
};
//masterContext.UserDetail.Add(userDetail);
PermissionLevelMapping permissionMappingTable = new PermissionLevelMapping()
{
UserDetail = userDetail,
PermissionId = userInfo.Permission,
CreationDate = DateTime.UtcNow
};
PasswordResetMapping passwordResetMapping = new PasswordResetMapping()
{
UserDetail = userDetail,
PasswordResetOn = DateTime.UtcNow,
};
unitOfWork.DbContext.PermissionLevelMappings.Add(permissionMappingTable);
unitOfWork.DbContext.PasswordResetMapping.Add(passwordResetMapping);
mailIdsList.Add(userDetail.Email);
passwordList.Add(userInfo.PasswordToMail);
}
}
unitOfWork.DbContext.SaveChanges();
foreach (var mp in mailIdsList.Zip(passwordList, Tuple.Create))
{
SendMail.SendMailForRegistration(mp.Item1, mp.Item2);
}
result = 1;
return(result);
}
else
{
throw new PermissionDeniedException();
}
}
catch (UserServiceException ex)
{
throw ex;
}
catch (BaseException ex)
{
throw ex;
}
catch (Exception ex)
{
throw ex;
}
}
public ActionResult ResetPassword(ResetPassword model)
{
try
{
if (ModelState.IsValid)
{
BTourGuideOp tourOp = new BTourGuideOp();
List<AUser> users = tourOp.GetUsers();
// hasing the resetToken from the url
HashComputer hashComp = new HashComputer();
string hashedResetToken = hashComp.GetPasswordHashAndSalt(model.ReturnToken);
// Checking if the hash matches the resetToken from the DB
AUser user = users.FirstOrDefault(u => u.ResetToken == hashedResetToken);
if (user != null)
{
// password salting & hashing
PasswordManager passMan = new PasswordManager();
string salt = null;
string passwordHash = passMan.GeneratePasswordHash(model.Password, out salt);
user.UserPassword = passwordHash;
user.Salt = salt;
user.ResetToken = null;
tourOp.EditUser(user);
ViewBag.Message = "Successfully Changed";
}
else
{
ViewBag.Message = "Something went wrong!";
}
}
return View(model);
}
catch(Exception e)
{
TempData["Exception"] = "" + e.Message;
return View();
}
}
public ActionResult Create(UserDetails userdetails)
{
try
{
if (ModelState.IsValid)
{
// Checking the username availability in the server
BTourGuideOp op = new BTourGuideOp();
List<AUser> users = op.GetUsers();
if (!users.Any(u => u.Username == userdetails.Username))
{
BTourGuideOp tourOp = new BTourGuideOp();
AUser user = new AUser();
user.RegTime = DateTime.Now;
user.UserIP = Request.ServerVariables["REMOTE_ADDR"];
user.UserFirstName = userdetails.UserFirstName;
user.UserLastName = userdetails.UserLastName;
user.UserEmail = userdetails.UserEmail;
user.UserPhone = userdetails.UserPhone;
// Create a random password
string password = System.Web.Security.Membership.GeneratePassword(8, 2);
// hash and salt the password
PasswordManager passMan = new PasswordManager();
string salt = null;
string hashPassword = passMan.GeneratePasswordHash(password, out salt);
user.UserPassword = hashPassword;
user.Salt = salt;
user.Username = userdetails.Username;
user.UserBirthday = userdetails.UserBirthday;
tourOp.AddUser(user);
// Generae password token that will be used in the email link to authenticate user
string resetToken = Guid.NewGuid().ToString();
// Hash the reset token
HashComputer hashComp = new HashComputer();
string resetTokenHash = hashComp.GetPasswordHashAndSalt(resetToken);
AUser theNewUser = tourOp.GetUser(user.Username);
// Generate the html link sent via email
theNewUser.ResetToken = resetTokenHash;
tourOp.EditUser(theNewUser);
// Email stuff
string subject = "New account in TourGuideWebsite";
string body = "You have a new account in TourGuideWebsite. " +
"To reset your password <a href='" + Url.Action("ResetPassword", "Account", new { rt = resetToken }, "http")
+ "'>Click here</a>";
string from = "*****@*****.**";
MailMessage message = new MailMessage(from, user.UserEmail);
message.Subject = subject;
message.Body = body;
message.IsBodyHtml = true;
SmtpClient client = new SmtpClient("smtp.gmail.com", 587)
{
UseDefaultCredentials = false,
EnableSsl = true,
Timeout = 20000,
Credentials = new NetworkCredential("*****@*****.**", "henhqwcfvmtzplgb")
};
// Attempt to send the email
try
{
client.Send(message);
}
catch (Exception e)
{
TempData["EmailException"] = "Issue sending email: " + e.Message;
}
return RedirectToAction("Index");
}
else
{
userdetails.Username = null;
return View();
}
}
else
{
return View(userdetails);
}
}
catch(Exception e)
{
TempData["Exception"] = "" + e.Message;
return View(userdetails);
}
}
partial void SignUpButton_TouchUpInside(UIButton sender)
{
using (var connection = new SQLite.SQLiteConnection(pathToDatabase))
{
/*
* check if password match
*/
//if password match
if ((PasswordText.Text).Equals(ConfirmPasswordText.Text))
{
//check if entered Username existed
if (!isAccountExisted(UsernameText.Text, pathToDatabase))
{
/*
* Hash and salt the password
*/
PasswordManager PM = new PasswordManager();
string salt = SaltGenerator.GetSaltString();
string HashedPwd = PM.GeneratePasswordHash(PasswordText.Text, out salt);
User newuser = new User();
newuser.Username = UsernameText.Text;
newuser.HashedPassword = HashedPwd;
newuser.OwnerSalt = salt;
newuser.Email = EmailText.Text;
/*
* Check if User type valid
*/
//Username should more than 5 charactors
if (newuser.Username.Length > 5)
{
//Password should contain number and upper & lower case
if (CheckPassword(PasswordText.Text))
{
//Email should in the correct format
if (CheckEmailValidation(newuser.Email))
{
connection.Insert(newuser);
//After login successfully , auto go to the userpage controller
UserPageController UPC = this.Storyboard.InstantiateViewController("userpagecontroller") as UserPageController;
NavigationController.PushViewController(UPC, true);
UPC.inAccountName = "Welcome" + UsernameText.Text;
var alert = UIAlertController.Create("Successful", "You have been signed up ", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
else
{
var alert = UIAlertController.Create("Email format not correct", "Please type a valid email address", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
}
else
{
var alert = UIAlertController.Create("Password format incorrect", "Password should contain number , upper and lower case", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
}
else
{
var alert = UIAlertController.Create("Username format incorrect", "Username should have more than 5 charactor", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
}
/*
* if User existed
*/
else
{
var alert = UIAlertController.Create("Username already used", "Please use a new one", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
}
//password not match
else
{
var alert = UIAlertController.Create("Password not match", "Please make sure ConfirmPassword match the password", UIAlertControllerStyle.Alert);
alert.AddAction(UIAlertAction.Create("Ok", UIAlertActionStyle.Default, null));
PresentViewController(alert, true, null);
}
}
}
public ActionResult RegisterUser(USER model, string CONFIRM_PASSWORD)
{
GenericDataAccess <USER> dataAccessUser = new GenericDataAccess <USER>();
if (model.PASSWORD != CONFIRM_PASSWORD)
{
ModelState.AddModelError("PASSWORD", "Password do not match");
}
if (userDataAccess.CheckUsername(model.USER_NAME))
{
ModelState.AddModelError("USER_NAME", "Username already exists.");
}
if (userDataAccess.CheckEmail(model.EMAIL_ADDRESS))
{
ModelState.AddModelError("EMAIL_ADDRESS", "Email Address already exists.");
}
if (ModelState.IsValid)
{
string salt = null;
model.PASSWORD = passwordManager.GeneratePasswordHash(model.PASSWORD, out salt);
model.SALT = salt;
model.DATE_CREATED = DateTime.Now;
dataAccessUser.Create(model);
Session["user_id"] = model.ID;
Session["username"] = model.USER_NAME;
return(RedirectToAction("Index", "Pastebook"));
}
IEnumerable <SelectListItem> countryListItems;
IEnumerable <SelectListItem> genderListItems;
countryListItems = countryDataAccess.GetCountryList().Select(i => new SelectListItem()
{
Value = i.ID.ToString(),
Text = i.COUNTRY
});
model.PASSWORD = null;
genderListItems = new List <SelectListItem>()
{
new SelectListItem {
Text = "Select Gender", Value = "U"
},
new SelectListItem {
Text = "Male", Value = "M"
},
new SelectListItem {
Text = "Female", Value = "F"
}
};
ViewBag.GenderList = genderListItems;
ViewBag.CountryList = countryListItems;
return(View("Register", model));
}
public ActionResult Registration(UserDetails userdetails, string returnUrl)
{
try
{
if (ModelState.IsValid)
{
// Checking the username availability in the server
BTourGuideOp op = new BTourGuideOp();
List<AUser> users = op.GetUsers();
if (!users.Any(u => u.Username == userdetails.Username))
{
// password salting & hashing
PasswordManager passMan = new PasswordManager();
string salt = null;
string passwordHash = passMan.GeneratePasswordHash(userdetails.UserPassword, out salt);
AUser user = new AUser();
user.RegTime = DateTime.Now;
user.UserIP = Request.ServerVariables["REMOTE_ADDR"];
user.UserFirstName = userdetails.UserFirstName;
user.UserLastName = userdetails.UserLastName;
user.UserEmail = userdetails.UserEmail;
user.UserPhone = userdetails.UserPhone;
user.UserPassword = passwordHash;
user.Salt = salt;
user.Username = userdetails.Username;
user.UserBirthday = userdetails.UserBirthday;
BTourGuideOp tourOp = new BTourGuideOp();
tourOp.AddUser(user);
return RedirectToAction("Login", "Account");
}
else
{
userdetails.Username = null;
return View();
}
}
else
{
userdetails.Username = null;
return View();
}
}
catch(Exception e)
{
TempData["Exception"] = "" + e.Message;
return View();
}
}
public bool UpdateSecurityUsers(SecurityUsersModel user)
{
user.Status = "";
try
{
if (user.Mode == "I")
{
bool insert = true;
//Keep the record when delete the user and maintain delete flag - 17/12/2015
SEC_USER_MASTER secUsers = (from o in DB.SEC_USER_MASTER
where o.USER_NAME == user.UserName &&
(o.DELETE_FLAG == false || o.DELETE_FLAG == null)
select o).FirstOrDefault <SEC_USER_MASTER>();
try
{
if (secUsers != null)
{
secUsers = null;
user.Status = PDMsg.AlreadyExists("User");
return(false);
}
secUsers = new SEC_USER_MASTER();
secUsers = (from o in DB.SEC_USER_MASTER
where o.USER_NAME == user.UserName &&
(o.DELETE_FLAG == true)
select o).FirstOrDefault <SEC_USER_MASTER>();
if (secUsers != null)
{
insert = false;
secUsers.DELETE_FLAG = false;
}
else
{
secUsers = new SEC_USER_MASTER();
}
secUsers.USER_NAME = user.UserName;
secUsers.FULL_NAME = user.FullName;
secUsers.DESIGNATION = user.Designation;
secUsers.IS_ADMIN = user.IsAdmin;
byte[] salt;
secUsers.PASSWORD = pwdManager.GeneratePasswordHash(user.Password, out salt);
secUsers.SALT = salt;
secUsers.FORCE_PASSWORD = false;
secUsers.ENTERED_BY = userInformation.UserName;
secUsers.ENTERED_DATE = userInformation.Dal.ServerDateTime;
if (insert == true)
{
secUsers.ROWID = Guid.NewGuid();
DB.SEC_USER_MASTER.InsertOnSubmit(secUsers);
}
// AssignRolesForUser(user.UserName);
DB.SubmitChanges();
secUsers = null;
user.Status = PDMsg.SavedSuccessfully;
return(true);
}
catch (System.Data.Linq.ChangeConflictException)
{
DB.ChangeConflicts.ResolveAll(System.Data.Linq.RefreshMode.KeepChanges);
user.Status = PDMsg.SavedSuccessfully;
return(true);
}
catch (Exception ex)
{
ex.LogException();
DB.SEC_USER_MASTER.DeleteOnSubmit(secUsers);
}
}
else if (user.Mode == "U")
{
SEC_USER_MASTER users = (from o in DB.SEC_USER_MASTER
where o.USER_NAME == user.UserName &&
(o.DELETE_FLAG == false || o.DELETE_FLAG == null)
select o).FirstOrDefault <SEC_USER_MASTER>();
try
{
if (users != null)
{
users.USER_NAME = user.UserName;
users.FULL_NAME = user.FullName;
users.DESIGNATION = user.Designation;
if (user.Password != "!@#$%^&*()")
{
byte[] salt;
users.PASSWORD = pwdManager.GeneratePasswordHash(user.Password, out salt);
users.SALT = salt;
users.FORCE_PASSWORD = false;
}
users.IS_ADMIN = user.IsAdmin;
users.UPDATED_BY = userInformation.UserName;
users.UPDATED_DATE = userInformation.Dal.ServerDateTime;
DB.SubmitChanges();
users = null;
user.Status = PDMsg.UpdatedSuccessfully;
return(true);
}
}
catch (System.Data.Linq.ChangeConflictException)
{
DB.ChangeConflicts.ResolveAll(System.Data.Linq.RefreshMode.KeepChanges);
user.Status = PDMsg.UpdatedSuccessfully;
return(true);
}
catch (Exception ex)
{
ex.LogException();
DB.SEC_USER_MASTER.Context.Refresh(System.Data.Linq.RefreshMode.OverwriteCurrentValues, users);
}
}
else if (user.Mode == "D")
{
SEC_USER_MASTER users = (from o in DB.SEC_USER_MASTER
where o.USER_NAME == user.UserName
select o).FirstOrDefault <SEC_USER_MASTER>();
if (users != null)
{
//Keep the record when delete the user and maintain delete flag - 17/12/2015
users.DELETE_FLAG = true;
users.UPDATED_BY = userInformation.UserName;
users.UPDATED_DATE = DateTime.Now;
//DB.SEC_USER_MASTER.DeleteOnSubmit(users);
DB.SubmitChanges();
users = null;
user.Status = PDMsg.DeletedSuccessfully;
List <SEC_USER_ROLES> lstsecuserroles = (from role in DB.SEC_USER_ROLES
where
role.USER_NAME.ToUpper().Trim() == user.UserName.ToUpper().Trim()
select role).ToList <SEC_USER_ROLES>();
DB.SEC_USER_ROLES.DeleteAllOnSubmit(lstsecuserroles);
DB.SubmitChanges();
return(true);
}
else if (users == null)
{
user.Status = PDMsg.DoesNotExists("User");
return(true);
}
}
}
catch (Exception ex)
{
throw ex.LogException();
}
return(true);
}
