private static bool CheckPassword(string password, User usr) { if (string.IsNullOrEmpty(usr.Password)) { return(true); } string hashedPassword = SaltHashing.ComputeSaltedHash(password, usr.Salt); return(usr.Password == hashedPassword); }
private static void EncodePasswordIfRequired(User usr) { if (!string.IsNullOrEmpty(usr.Password) && usr.Password[0] == '#') { usr.Salt = SaltHashing.CreateRandomSalt(); usr.Password = SaltHashing.ComputeSaltedHash(usr.Password.Substring(1), usr.Salt); } /* * // encode password * if (usr.IsNew) * { * usr.Salt = SaltHashing.CreateRandomSalt(); * usr.Password = SaltHashing.ComputeSaltedHash(usr.Password, usr.Salt); * } * //if not new User then get it from DB * else * { * if (usr.Password == null || usr.Password.Length == 0) * { * // shorj: not really sure if this try/catch has to be exactly here * try * { * User tmp = UserDao.FindById(usr.ID); * if (tmp != null) * { * usr.Password = tmp.Password; * usr.Salt = tmp.Salt; * } * return; * } * catch (Exception ex) * { * throw new LoadException(ex); * } * } * else if (usr.Password[0] == '#') * { * usr.Salt = SaltHashing.CreateRandomSalt(); * usr.Password = SaltHashing.ComputeSaltedHash(usr.Password.Substring(1), usr.Salt); * } * }*/ }
public LoginResult ChangePassword(string oldPassword, string newPassword) { LoginResult res = LoginResult.WrongLogin; User usr = GetCurrentUser(); if (usr != null) { User dbUsr = _UserSvc.GetByLogin(usr.LoginName); if (dbUsr != null) { if (!dbUsr.Active) { res = LoginResult.UserIsInactive; } else { string hashedPassword = SaltHashing.ComputeSaltedHash(oldPassword, usr.Salt); if (string.IsNullOrEmpty(dbUsr.Password) || dbUsr.Password == hashedPassword) { if (string.IsNullOrEmpty(newPassword)) { dbUsr.Password = ""; } else { dbUsr.Password = '******' + newPassword; } dbUsr.ShouldChangePassword = false; _UserSvc.Save(dbUsr); res = LoginResult.Successful; } else { res = LoginResult.WrongPassword; } } } } return(res); }