protected void demoLoginButton_Click(object sender, EventArgs e)
{
string username = usernameInput.Value;
string password = passwordInput.Value;
// Dummy Usernames
string userOneUsername = "******";
string userTwoUsername = "******";
string userThreeUsername = "******";
string userFourUsername = "******";
bool verify = false;
if (username == userOneUsername)
{
string hash = "1000:YZhZtra4A6lhanlNVFndzbPdWQRAYbcm:IEHZQHBX3z6DujhXbmgy0xbcDUn/3/wj";
string firstName = "Regular User";
verify = PasswordHash.ValidatePassword(password, hash);
if (verify)
{
Session.Add("UserType", "regular");
Session.Add("FirstName", firstName);
Session.Add("LoggedIn", true);
Response.BufferOutput = true;
Response.Redirect("start.aspx");
}
else
{
// Tell the user their password was wrong
warningText.InnerHtml = "Password is incorrect";
warning.Attributes.Remove("style");
warning.Attributes.Add("style", "display:block;");
}
}
else if (username == userTwoUsername)
{
string hash = "1000:GisYQPb3lsZEyotyUqTCNULxXFrGxCvL:NXh6j1sX4ZM4Mfr2KO5bUv2P/HfzzLHY";
string firstName = "Assistant User";
verify = PasswordHash.ValidatePassword(password, hash);
if (verify)
{
Session.Add("UserType", "assistant");
Session.Add("FirstName", firstName);
Session.Add("LoggedIn", true);
Response.BufferOutput = true;
Response.Redirect("start.aspx");
}
else
{
// Tell the user their password was wrong
warningText.InnerHtml = "Password is incorrect";
warning.Attributes.Remove("style");
warning.Attributes.Add("style", "display:block;");
}
}
else if (username == userThreeUsername)
{
string hash = "1000:Fl9aus9SJieAfVq/7j//Kr/TAtnQReqt:sAGHwWUxpfQxCaVwAdwUGuXwvYefsVQh";
string firstName = "Student User";
verify = PasswordHash.ValidatePassword(password, hash);
if (verify)
{
Session.Add("UserType", "student");
Session.Add("FirstName", firstName);
Session.Add("LoggedIn", true);
Response.BufferOutput = true;
Response.Redirect("start.aspx");
}
else
{
// Tell the user their password was wrong
warningText.InnerHtml = "Password is incorrect";
warning.Attributes.Remove("style");
warning.Attributes.Add("style", "display:block;");
}
}
else if (username == userFourUsername)
{
string hash = "1000:22TAgbVQAYd/lhFdg/jAr1J9SNblErmL:/3MPleDDB29sFObG/zet+83mD6L1Jjwv";
string firstName = "Demo User";
verify = PasswordHash.ValidatePassword(password, hash);
if (verify)
{
Session.Add("UserType", "regular");
Session.Add("FirstName", firstName);
Session.Add("LoggedIn", true);
Response.BufferOutput = true;
Response.Redirect("start.aspx");
}
else
{
// Tell the user their password was wrong
warningText.InnerHtml = "Password is incorrect";
warning.Attributes.Remove("style");
warning.Attributes.Add("style", "display:block;");
}
}
else
{
warningText.InnerHtml = "Username or password was incorrect.";
}
}
protected void loginBtn_Click(object sender, EventArgs e)
{
string username = usernameInput.Value;
string password = passwordInput.Value;
string hash = "";
string salt = "";
const string prepend = "1000";
string userType = "";
try
{
//look up user by username and get hash
System.Data.SqlClient.SqlConnection sc = new System.Data.SqlClient.SqlConnection();
sc.ConnectionString = @"Server=LOCALHOST;Database=KPMG;Trusted_Connection=Yes;";
sc.Open();
System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand();
command.Connection = sc;
// read the database
command.CommandText = "select user_password_hash, user_password_salt from User_Password where user_id like @username";
command.Parameters.AddWithValue("@username", username);
command.ExecuteNonQuery();
System.Data.SqlClient.SqlDataReader reader = command.ExecuteReader();
if (reader.Read())
{
hash = reader.GetString(0);
salt = reader.GetString(1);
}
hash = prepend + ":" + salt + ":" + hash;
sc.Close();
//Check the password
bool verify = PasswordHash.ValidatePassword(password, hash);
if (verify)
{
Session.Add("LoggedIn", true);
Session.Add("UserType", userType);
Response.BufferOutput = true;
Response.Redirect("start.aspx");
}
else
{
//Tell the user their password was wrong
warningText.InnerHtml = "Password is incorrect";
warning.Attributes.Remove("style");
warning.Attributes.Add("style", "display:block;");
}
}
catch
{
//display warning when a username does not exist
warningText.InnerHtml = "Username does not exist.";
warning.Attributes.Remove("style");
warning.Attributes.Add("style", "display:block;");
}
}