protected void btnAdminLogin_Click(object sender, EventArgs e)
{
string AdminUsername = txtAdminUsername.Text;
string AdminPassword = txtAdminPassword.Text;
AdminObj AdminObject = new AdminObj();
BLLRecruiterWebsiteManager BllManager = new BLL.BLLRecruiterWebsiteManager();
AdminObject = BllManager.GetAdminLogin(AdminUsername, AdminPassword);
bool validUser = PasswordHash.ValidatePassword(AdminPassword, AdminObject.PasswordHash);
if (validUser == true)
{
Session["AdminID"] = AdminObject.Username;
Response.Redirect("~/Admin.aspx");
}
try
{
txtAdminPassword.Text = "Incorrect Password";
}
catch (Exception)
{
throw;
}
}
protected void btnCreateAdmin_Click(object sender, EventArgs e)
{
string Username = txtUsername.Text;
string Password = txtPassword.Text;
string PasswordCon = txtPasswordCon.Text;
string Email = txtEmail.Text;
string EmailPwd = txtEmailPwd.Text;
string EmailPwdConfirm = txtEmailPwdConfirm.Text;
string FavouriteAnimal = txtSecretCode.Text;
if (txtPassword.Text == txtPasswordCon.Text)
{
// hash/ salt password
string saltHashReturned = PasswordHash.CreateHash(txtPassword.Text);
saltHashReturned = PasswordHash.CreateHash(txtPassword.Text);
int commaIndex = saltHashReturned.IndexOf(":");
string extractedString = saltHashReturned.Substring(0, commaIndex);
commaIndex = saltHashReturned.IndexOf(":");
extractedString = saltHashReturned.Substring(commaIndex + 1);
commaIndex = extractedString.IndexOf(":");
string salt = extractedString.Substring(0, commaIndex);
commaIndex = extractedString.IndexOf(":");
extractedString = extractedString.Substring(commaIndex + 1);
string hash = extractedString;
if (txtEmailPwd.Text == txtEmailPwdConfirm.Text)
{
// encrypt email with BLL encryption class
string securedPwd = Crypto.EncryptStringAES(EmailPwd, FavouriteAnimal);
AdminObj adminObj = new AdminObj();
adminObj.Username = Username;
adminObj.PasswordHash = salt;
adminObj.PasswordSalt = saltHashReturned;
/*
didn't know what you wanted me to do with that email.. so both rows in the database are email and email ahas.
*/
// ^^thanks this is what I was looking up for
adminObj.Email = Email;
adminObj.EmailHash = securedPwd;
adminObj.SecretCode = FavouriteAnimal;
BLLRecruiterWebsiteManager SendingAdminObjectToBLL = new BLLRecruiterWebsiteManager();
SendingAdminObjectToBLL.CreateAdminUser(adminObj);
Response.Redirect("~/Admin.aspx");
}
}
}
// create an admin user.
public void CreateAdminUser( AdminObj adminObject)
{
DALRecruiterWebsiteManager DALWebMngr = new DALRecruiterWebsiteManager();
try
{
DALWebMngr.CreateAdminProfile(adminObject);
}
catch (Exception)
{
throw;
}
}
// creates the admin profile
public void CreateAdminProfile(AdminObj adminObject)
{
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using (SqlCommand Cmd = new SqlCommand("spCreateAdmin", Cxn))
{
Cmd.CommandType = CommandType.StoredProcedure;
SqlParameter UserParam = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
SqlParameter PassWordHash = new SqlParameter("@PasswordSalt", SqlDbType.NVarChar, 250);
SqlParameter PassWordSalt = new SqlParameter("@PassWordHash", SqlDbType.NVarChar, 250);
SqlParameter Email = new SqlParameter("@Email", SqlDbType.NVarChar, 50);
SqlParameter EmailHash = new SqlParameter("@EmailEncry", SqlDbType.NVarChar, 250);
SqlParameter SecretCode = new SqlParameter("@SecretCode", SqlDbType.NVarChar, 50);
UserParam.Value = adminObject.Username;
PassWordHash.Value = adminObject.PasswordHash;
PassWordSalt.Value = adminObject.PasswordSalt;
Email.Value = adminObject.Email;
EmailHash.Value = adminObject.EmailHash;
SecretCode.Value = adminObject.SecretCode;
Cmd.Parameters.Add(UserParam);
Cmd.Parameters.Add(PassWordHash);
Cmd.Parameters.Add(PassWordSalt);
Cmd.Parameters.Add(Email);
Cmd.Parameters.Add(EmailHash);
Cmd.Parameters.Add(SecretCode);
Cxn.Open();
Cmd.ExecuteNonQuery();
Cxn.Close();
}
}
}
catch (SqlException ex)
{
throw;
}
}
// log in for admin
public AdminObj GetAdminLogin(string Username, string Password)
{
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using (SqlCommand Cmd = new SqlCommand("spGetAdminLogin", Cxn))
{
Cmd.CommandType = CommandType.StoredProcedure;
SqlParameter UsernameParam = new SqlParameter("@Username", SqlDbType.NVarChar, 125);
UsernameParam.Value = Username;
Cmd.Parameters.Add(UsernameParam);
Cxn.Open();
dr = Cmd.ExecuteReader();
AdminObj AdminObject = new AdminObj();
while (dr.Read())
{
int PrimaryKey = Convert.ToInt32(dr.GetValue(Convert.ToInt32(Admin_Obj.spID)));
string UsernameDB = dr.GetValue(Convert.ToInt32(Admin_Obj.spUsername)).ToString();
string PassWordHash = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordHash)).ToString();
string PassWordSalt = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordSalt)).ToString();
string Email = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmail)).ToString();
string EmailEncrypted = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmailEnc)).ToString();
string secretCode = dr.GetValue(Convert.ToInt32(Admin_Obj.spSecretCode)).ToString();
AdminObject.ID = PrimaryKey;
AdminObject.Username = UsernameDB;
AdminObject.PasswordSalt = PassWordSalt;
AdminObject.PasswordHash = PassWordHash;
AdminObject.Email = Email;
AdminObject.EmailHash = EmailEncrypted;
AdminObject.SecretCode = secretCode;
}
Cxn.Close();
dr.Close();
return AdminObject;
}
}
}
catch (SqlException ex)
{
throw;
}
}
//Populates the grid view of all the Admin User for Admin Secion
public List<AdminObj> GetListOfAllAdminUser()
{
try
{
using (SqlConnection Cxn = new SqlConnection(CxnString))
{
using (SqlCommand Cmd = new SqlCommand("spGetAllAdminUser", Cxn))
{
Cmd.CommandType = CommandType.StoredProcedure;
Cxn.Open();
dr = Cmd.ExecuteReader();
List<AdminObj> ListOfAdminObjects = new List<AdminObj>();
while (dr.Read())
{
int id = Convert.ToInt32(dr.GetValue(Convert.ToInt32(Admin_Obj.spID)));
string UsernameDB = dr.GetValue(Convert.ToInt32(Admin_Obj.spUsername)).ToString();
string PassWordSalt = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordSalt)).ToString();
string PassWordHash = dr.GetValue(Convert.ToInt32(Admin_Obj.spPassWordHash)).ToString();
string Email = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmail)).ToString();
string EmailEncrypted = dr.GetValue(Convert.ToInt32(Admin_Obj.spEmailEnc)).ToString();
string SecretCode = dr.GetValue(Convert.ToInt32(Admin_Obj.spSecretCode)).ToString();
AdminObj AdminObject = new AdminObj(UsernameDB, PassWordSalt, PassWordHash, Email, EmailEncrypted, SecretCode);
AdminObject.ID = id;
ListOfAdminObjects.Add(AdminObject);
}
Cxn.Close();
dr.Close();
return ListOfAdminObjects;
}
}
}
catch (SqlException ex)
{
throw;
}
}