private static string hashPassword(string pass)
{
var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
var random = new Random();
var result = new string(Enumerable.Repeat(chars, 32).Select(s => s[random.Next(s.Length)]).ToArray());
CCMSBusinessLayer md = new CCMSBusinessLayer();
string hash = "";
string source = pass + result;
using (MD5 md5Hash = MD5.Create())
{
hash = md.getMd5Hash(md5Hash, source);
}
string combinedPassword = hash + ":" + result;
return(combinedPassword);
}
protected void UserLogin(object sender, EventArgs e)
{
String cmdStr = null;
string concatenateDomain = "@deerwalk.edu.np";
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["dbConnection"].ConnectionString);
//check whether the username contains @deerwalk.edu.np
if (txtUserName.Text.Contains('@'))
{
cmdStr = "select UserId from Users where userEmail = '" + txtUserName.Text + "'";
}
else
{
cmdStr = "select UserId from Users where userEmail = '" + txtUserName.Text + concatenateDomain + "'";
}
SqlCommand CheckUser = new SqlCommand(cmdStr, con);
con.Open();
object UserID = CheckUser.ExecuteScalar();
if (UserID != null)
{
if (Convert.ToInt32(UserID.ToString()) >= 1)
{
String cmdStr2 = "select password,Role,isPasswordUpdated from Users where UserId = " + UserID;
SqlCommand pass = new SqlCommand(cmdStr2, con);
SqlDataAdapter sqlAdapter = new SqlDataAdapter();
DataTable userDetail = new DataTable();
sqlAdapter.SelectCommand = pass;
sqlAdapter.Fill(userDetail);
CCMSBusinessLayer md = new CCMSBusinessLayer();
if (userDetail.Rows.Count > 0)
{
string inputPass = txtPassword.Text;
string hash;
string password = userDetail.Rows[0][0].ToString();
string isPasswordUpdated = userDetail.Rows[0][2].ToString();
if (password.Contains(':'))
{
string[] passSplit = password.Split(':');
string hashValue = passSplit[0];
string saltValue = passSplit[1];
string pass_salt = txtPassword.Text + saltValue;
using (MD5 md5Hash = MD5.Create())
{
hash = md.getMd5Hash(md5Hash, pass_salt);
}
if (hashValue == hash)
{
Session["UserId"] = UserID;
Session["Role"] = userDetail.Rows[0][1].ToString();
Session["isPasswordUpdated"] = userDetail.Rows[0][2].ToString();
Session["password"] = txtPassword.Text;
if (isPasswordUpdated.Equals(""))
{
Panel p = (Panel)Master.FindControl("menubar");
p.Visible = false;
ContentPlaceHolder cp = (ContentPlaceHolder)Master.FindControl("menu");
cp.Visible = false;
ContentPlaceHolder cpuser = (ContentPlaceHolder)Master.FindControl("menuuser");
cpuser.Visible = false;
Response.Redirect("FirstLoginPasswordChange.aspx");
}
else
{
Response.Redirect("TimeEntry.aspx");
}
}
else
{
lblMessage.Visible = true;
lblMessage.ForeColor = Color.Red;
lblMessage.Text = "Invalid password .........!!";
}
}
else
{
if (password == txtPassword.Text)
{
Session["UserId"] = UserID;
Session["Role"] = userDetail.Rows[0][1].ToString();
Session["isPasswordUpdated"] = userDetail.Rows[0][2].ToString();
Session["password"] = txtPassword.Text;
if (isPasswordUpdated.Equals("False"))
{
Response.Redirect("FirstLoginPasswordChange.aspx");
}
else
{
Response.Redirect("TimeEntry.aspx");
}
}
else
{
lblMessage.Visible = true;
lblMessage.ForeColor = Color.Red;
lblMessage.Text = "Invalid password .........!!";
}
}
con.Close();
}
else
{
lblMessage.Visible = true;
lblMessage.ForeColor = Color.Red;
lblMessage.Text = "Invalid userName.....!!";
}
}
}
}
public void updatePassword(Object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(originalPassword.Text) && !string.IsNullOrEmpty(newPassword.Text) && !string.IsNullOrEmpty(confirmedPassword.Text))
{
if (originalPassword.Text != Session["password"].ToString())
{
lblMessage.Visible = true;
lblMessage.Text = "Original Password entry incorrect.";
}
else if (!Regex.Equals(confirmedPassword.Text, newPassword.Text))
{
lblMessage.Visible = true;
lblMessage.Text = "Password doesnot match.";
}
else
{
var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
var random = new Random();
var result = new string(Enumerable.Repeat(chars, 32).Select(s => s[random.Next(s.Length)]).ToArray());
CCMSBusinessLayer md = new CCMSBusinessLayer();
string hash = "";
string source = confirmedPassword.Text + result;
using (MD5 md5Hash = MD5.Create())
{
hash = md.getMd5Hash(md5Hash, source);
}
string combinedPassword = hash + ":" + result;
CreateConnection();
cmd = new SqlCommand();
cmd.Connection = conDatabase;
cmd.CommandText = "Update users set password = @password,isPasswordUpdated = 'true' where UserID = @User ";
cmd.Parameters.AddWithValue("@password", combinedPassword);
cmd.Parameters.AddWithValue("@User", Convert.ToInt32(Session["UserId"].ToString()));
try
{
OpenConnection();
int affectedRows = cmd.ExecuteNonQuery();
if (affectedRows > 0)
{
ContinueAfterPasswordChange();
Session["password"] = confirmedPassword.Text;
Session["isPasswordUpdated"] = "true";
}
}
catch (SqlException ex)
{
throw ex;
}
finally
{
if (conDatabase != null)
{
conDatabase.Close();
}
}
}
}
}
