protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs e) { if (FormsAuthentication.CookiesSupported == true) { if (Request.Cookies[FormsAuthentication.FormsCookieName] != null) { try { //let us take out the username now string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name; string signInType = ""; if (Request.Cookies["UserCookie"] != null) { var cookie = Request.Cookies["UserCookie"]; signInType = ClassHashing.basicDecryption(cookie.Values["SignInType"].ToString()); } //let us extract the roles from our own custom cookie string roles = UserVerification.GetUserRoles(username, signInType); //Let us set the Pricipal with our user specific details e.User = new System.Security.Principal.GenericPrincipal( new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';')); } catch (Exception ex) { throw new Exception(ex.ToString()); } } } }
protected void Button1_Click(object sender, EventArgs e) { byte[] generatedSalt = ClassHashing.generateSalt(); byte[] hashPassword = ClassHashing.generateSaltedHash(txtPassword.Text, generatedSalt); //string abc = "Salt:" + Convert.ToBase64String(generatedSalt) + "\n"; //abc = abc + "hashedPassword 1:" + Convert.ToBase64String(hashPassword) + "\n"; //abc = abc + "hashedPassword 2:" + Convert.ToBase64String(ClassHashing.generateSaltedHash(TextBox3.Text, generatedSalt)); //Button1.Text = abc; try { SqlConnection conPrint; string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString; conPrint = new SqlConnection(connStr); conPrint.Open(); string strInsert; SqlCommand cmdInsert; strInsert = "Insert Into Customer (CustomerName, CustomerEmail, CustomerPassword, CustomerDOB, CustomerPhoneNo, CustomerContactMethod, CustomerSalt) Values ( @CustomerName, @CustomerEmail, @CustomerPassword, @CustomerDOB, @CustomerPhoneNo, @CustomerContactMethod, @CustomerSalt)"; cmdInsert = new SqlCommand(strInsert, conPrint); //cmdInsert.Parameters.AddWithValue("@CustomerID", TextBox6.Text); (not neccessary as database will handle with trigger) cmdInsert.Parameters.AddWithValue("@CustomerName", txtName.Text); cmdInsert.Parameters.AddWithValue("@CustomerEmail", txtEmail.Text); cmdInsert.Parameters.AddWithValue("@CustomerPassword", hashPassword); cmdInsert.Parameters.AddWithValue("@CustomerDOB", Convert.ToDateTime(txtDOB.Text)); cmdInsert.Parameters.AddWithValue("@CustomerPhoneNo", txtPhoneNumber.Text); cmdInsert.Parameters.AddWithValue("@CustomerContactMethod", rblMethod.SelectedValue); cmdInsert.Parameters.AddWithValue("@CustomerSalt", generatedSalt); int n = cmdInsert.ExecuteNonQuery(); if (n > 0) { MessageBox.Show("Sign up done. Redirecting to homepage.", "Congratulation !!", MessageBoxButtons.OK, MessageBoxIcon.Exclamation, MessageBoxDefaultButton.Button1); //Response.Write("<script LANGUAGE='JavaScript' >alert('Register Successfully')</script>"); Response.Redirect("Login.aspx"); } else { Response.Write("<script LANGUAGE='JavaScript' >alert('sign up failded')</script>"); } conPrint.Close(); } catch (SqlException ex) { Response.Write("<script LANGUAGE='JavaScript' >alert('Something gone wrong with the database.')</script>"); } }
protected void btnSubmit_Click(object sender, EventArgs e) { if (ViewState["StaffID"] != null) { SqlConnection conPrintDB; string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString; conPrintDB = new SqlConnection(connStr); conPrintDB.Open(); try { string strUpdate; SqlCommand cmdUpdate; strUpdate = "Update CompanyStaff SET StaffPassword = @password ,StaffSalt = @salt WHERE StaffID = @staffID"; byte[] generatedSalt = ClassHashing.generateSalt(); byte[] hashPassword = ClassHashing.generateSaltedHash(txtPassword.Text, generatedSalt); cmdUpdate = new SqlCommand(strUpdate, conPrintDB); cmdUpdate.Parameters.AddWithValue("@password", hashPassword); cmdUpdate.Parameters.AddWithValue("@salt", generatedSalt); cmdUpdate.Parameters.AddWithValue("@staffID", ClassHashing.basicDecryption((string)ViewState["StaffID"])); int n = cmdUpdate.ExecuteNonQuery(); if (n > 0) { Response.Write("<script LANGUAGE='JavaScript' >alert('Successfully activated your account. Redirecting to login page.')</script>"); Response.Redirect("Login.aspx"); } else { lblMessage.Text = "Unable to update account inforation. Please try again later."; messageHolder.Visible = true; } } catch (Exception ex) { lblMessage.Text = "An error occured when setting the password to the account :" + ex.ToString(); messageHolder.Visible = true; } finally { conPrintDB.Close(); } } else { lblMessage.Text = "Unable to retrieve account inforation. Please try again later."; messageHolder.Visible = true; } }
protected void Button2_Click(object sender, EventArgs e) { try { if (txtNewPassword.Text.Equals(txtComfirmPassword.Text)) { byte[] generatedSalt = ClassHashing.generateSalt(); byte[] hashPassword = ClassHashing.generateSaltedHash(txtNewPassword.Text, generatedSalt); //received customerID from forgetPassword. string customerID = (string)(Session["CustomerID"]); SqlConnection conPrint; string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString; conPrint = new SqlConnection(connStr); conPrint.Open(); string strInsert; SqlCommand cmdInsert; strInsert = "Update Customer SET CustomerPassword = @CustomerPassword, CustomerSalt = @CustomerSalt WHERE CustomerID = @customerID"; cmdInsert = new SqlCommand(strInsert, conPrint); cmdInsert.Parameters.AddWithValue("@CustomerPassword", hashPassword); cmdInsert.Parameters.AddWithValue("@CustomerSalt", generatedSalt); cmdInsert.Parameters.AddWithValue("@customerID", customerID); int n = cmdInsert.ExecuteNonQuery(); conPrint.Close(); Response.Write("<script LANGUAGE='JavaScript' >alert('Successful ResetPassword.')</script>"); Response.Redirect("Login.aspx"); } else { Response.Write("<script LANGUAGE='JavaScript' >alert('Comfirm Password invalid.')</script>"); } } catch { Response.Write("<script LANGUAGE='JavaScript' >alert('Please fill in the password.')</script>"); } }
protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { try { if (Request.QueryString["VC"] != null) { string verificationCode = Request.QueryString["VC"]; string staffID = UserVerification.activateStaff(verificationCode); if (staffID != null) { showPassForm(); messageHolder.Visible = false; ViewState["StaffID"] = ClassHashing.basicEncryption(staffID); } else { lblMessage.Text = "The link is not valid. Please make sure you get the right link."; messageHolder.Visible = true; hidePassForm(); } } else { lblMessage.Text = "The link is not valid. Please make sure you get the right link."; messageHolder.Visible = true; hidePassForm(); } } catch (Exception ex) { lblMessage.Text = "The link is not valid. Please make sure you get the right link."; messageHolder.Visible = true; hidePassForm(); } } }
protected void btnCompanySubmit_Click1(object sender, EventArgs e) { byte[] generatedSalt = ClassHashing.generateSalt(); byte[] hashPassword = ClassHashing.generateSaltedHash(txtStaffPassword.Text, generatedSalt); //try //{ SqlConnection conPrint; SqlConnection conOwner; string connStr = ConfigurationManager.ConnectionStrings["printDBServer"].ConnectionString; conPrint = new SqlConnection(connStr); conOwner = new SqlConnection(connStr); conPrint.Open(); string strInsert; SqlCommand cmdInsert; strInsert = "Insert Into Company (CompanyName, CompanyAddress, CompanyContactNo, CompanyEmail) Values ( @CompanyName, @CompanyAddress, @CompanyContactNo, @CompanyEmail);SELECT MAX(CompanyID) from Company where CompanyName=@CompanyName and CompanyContactNo=@CompanyContactNo "; cmdInsert = new SqlCommand(strInsert, conPrint); cmdInsert.Parameters.AddWithValue("@CompanyName", txtName.Text); cmdInsert.Parameters.AddWithValue("@CompanyAddress", txtAddress.Text); cmdInsert.Parameters.AddWithValue("@CompanyContactNo", txtContNo.Text); cmdInsert.Parameters.AddWithValue("@CompanyEmail", txtEmail.Text); var getCompanyId = cmdInsert.ExecuteScalar(); if (getCompanyId != null) { conOwner.Open(); string strOwnerInsert; SqlCommand cmdCompanyInsert; strOwnerInsert = "Insert Into CompanyStaff (StaffName, StaffEmail, StaffPassword, StaffNRIC, StaffDOB, StaffPhoneNo, StaffSalt, StaffRole, CompanyID) Values ( @StaffName, @StaffEmail, @StaffPassword, @StaffNRIC, @StaffDOB, @StaffPhoneNo, @StaffSalt, @StaffRole, @CompanyID)"; cmdCompanyInsert = new SqlCommand(strOwnerInsert, conOwner); cmdCompanyInsert.Parameters.AddWithValue("@StaffName", txtStaffName.Text); cmdCompanyInsert.Parameters.AddWithValue("@StaffEmail", txtStaffEmail.Text); cmdCompanyInsert.Parameters.AddWithValue("@StaffPassword", hashPassword); cmdCompanyInsert.Parameters.AddWithValue("@StaffNRIC", txtStaffNRIC.Text); cmdCompanyInsert.Parameters.AddWithValue("@StaffDOB", Convert.ToDateTime(txtCalender.Text)); cmdCompanyInsert.Parameters.AddWithValue("@StaffPhoneNo", txtStaffPhoneNumber.Text); cmdCompanyInsert.Parameters.AddWithValue("@StaffSalt", generatedSalt); cmdCompanyInsert.Parameters.AddWithValue("@StaffRole", UserVerification.ROLE_ADMIN); cmdCompanyInsert.Parameters.AddWithValue("@CompanyID", getCompanyId); cmdCompanyInsert.ExecuteNonQuery(); conOwner.Close(); Response.Write("<script LANGUAGE='JavaScript' >alert('Login Successful')</script>"); Response.Redirect("~/Login.aspx"); } else { Response.Write("<script LANGUAGE='JavaScript' >alert('sign up failded')</script>"); } conPrint.Close(); //} //catch (SqlException ex) //{ // Response.Write("<script LANGUAGE='JavaScript' >alert('Something gone wrong with the database.')</script>"); //} }