예제 #1
0
        public static string MakeResetRequest(string userId, string token)
        {
            try
            {
                string resetId = FooStringHelper.RandomString(16);

                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "INSERT INTO Resets (resetId, userId, resetTime) VALUES (@RESETID, @USERID, @RESETTIME);",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var resetParam = new NpgsqlParameter
                    {
                        ParameterName = "@RESETID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = resetId
                    };
                    cmd.Parameters.Add(resetParam);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = FooCryptHelper.Encrypt(userId, token)
                    };
                    cmd.Parameters.Add(idParam);

                    var timeParam = new NpgsqlParameter
                    {
                        ParameterName = "@RESETTIME",
                        NpgsqlDbType  = NpgsqlDbType.Timestamp,
                        Direction     = ParameterDirection.Input,
                        Value         = DateTime.Now
                    };
                    cmd.Parameters.Add(timeParam);

                    cmd.ExecuteNonQuery();
                    cmd.Dispose();

                    return(resetId);
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(null);
            }
        }
예제 #2
0
        public static bool DoLogin(string username, string pass)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "SELECT passwordhash FROM users WHERE username= @USERNAME",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var nameParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERNAME",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = username
                    };
                    cmd.Parameters.Add(nameParam);

                    NpgsqlDataReader dr = cmd.ExecuteReader();

                    string result = string.Empty;

                    while (dr.Read())
                    {
                        result = dr["passwordhash"].ToString();
                    }

                    dr.Close();

                    if (!string.IsNullOrEmpty(result))
                    {
                        string hash = FooCryptHelper.CreateShaHash(pass);
                        if (hash == result)
                        {
                            return(true);
                        }
                    }

                    return(false);
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }
예제 #3
0
        public static bool UpdatePassword(string id, string pass)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "UPDATE Users SET (passwordhash) = (@PASSWORDHASH) WHERE userid= @USERID;",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = id
                    };
                    cmd.Parameters.Add(idParam);

                    var hashParam = new NpgsqlParameter
                    {
                        ParameterName = "@PASSWORDHASH",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = FooCryptHelper.CreateShaHash(pass)
                    };
                    cmd.Parameters.Add(hashParam);

                    cmd.ExecuteNonQuery();
                    cmd.Dispose();
                }

                return(true);
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }
예제 #4
0
        public static string GetAccountForReset(string resetId, string token)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "SELECT userid FROM resets WHERE resetid= @RESETID",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@RESETID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = resetId
                    };
                    cmd.Parameters.Add(idParam);

                    NpgsqlDataReader dr = cmd.ExecuteReader();

                    string result = String.Empty;

                    while (dr.Read())
                    {
                        result = dr["userid"].ToString();
                    }

                    dr.Close();

                    return(!String.IsNullOrEmpty(result) ? FooCryptHelper.Decrypt(result, token) : null);
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(null);
            }
        }
예제 #5
0
        public static string SetToken(HttpContext context)
        {
            string value          = FooStringHelper.RandomString(24);
            string encryptedValue = FooCryptHelper.MachineEncrypt(value);
            string cookieName     = ConfigurationManager.AppSettings["CSRF Cookie Name"];

            var ck = new HttpCookie(cookieName, encryptedValue)
            {
                Path = FormsAuthentication.FormsCookiePath
            };

            context.Response.Cookies.Add(ck);

            return(value);
        }
예제 #6
0
        public static bool IsValidRequest(HttpContext context, string formValue)
        {
            string     cookieName = ConfigurationManager.AppSettings["CSRF Cookie Name"];
            HttpCookie httpCookie = context.Request.Cookies[cookieName];

            if (httpCookie != null)
            {
                string userToken = FooCryptHelper.MachineDecrypt(httpCookie.Value);

                if (!FooStringHelper.IsValidAlphanumeric(userToken, 24) ||
                    !FooStringHelper.IsValidAlphanumeric(formValue, 24))
                {
                    return(false);
                }

                return(userToken == formValue);
            }

            return(false);
        }
예제 #7
0
        public static bool RegisterNewUser(string id, string alias, string email, string address, string city,
                                           string country,
                                           string username, string pass, string groupId)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "INSERT INTO Users (userId, userName, userAlias, passwordHash, groupId, email, address, city, country, profileimg) VALUES (@USERID, @USERNAME, @USERALIAS, @PASSWORDHASH, @GROUPID, @EMAIL, @ADDRESS, @CITY, @COUNTRY, 'profile_default.jpg');",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = id
                    };
                    cmd.Parameters.Add(idParam);

                    var nameParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERNAME",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = username
                    };
                    cmd.Parameters.Add(nameParam);

                    var aliasParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERALIAS",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = alias
                    };
                    cmd.Parameters.Add(aliasParam);

                    var hashParam = new NpgsqlParameter
                    {
                        ParameterName = "@PASSWORDHASH",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = FooCryptHelper.CreateShaHash(pass)
                    };
                    cmd.Parameters.Add(hashParam);

                    var groupParam = new NpgsqlParameter
                    {
                        ParameterName = "@GROUPID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = groupId
                    };
                    cmd.Parameters.Add(groupParam);

                    var emailParam = new NpgsqlParameter
                    {
                        ParameterName = "@EMAIL",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 64,
                        Direction     = ParameterDirection.Input,
                        Value         = email
                    };
                    cmd.Parameters.Add(emailParam);

                    var addressParam = new NpgsqlParameter
                    {
                        ParameterName = "@ADDRESS",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 128,
                        Direction     = ParameterDirection.Input,
                        Value         = address
                    };
                    cmd.Parameters.Add(addressParam);

                    var cityParam = new NpgsqlParameter
                    {
                        ParameterName = "@CITY",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = city
                    };
                    cmd.Parameters.Add(cityParam);

                    var countryParam = new NpgsqlParameter
                    {
                        ParameterName = "@COUNTRY",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = country
                    };
                    cmd.Parameters.Add(countryParam);

                    cmd.ExecuteNonQuery();
                    cmd.Dispose();
                }

                return(true);
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }
예제 #8
0
        protected void GridView_Command(object sender, GridViewCommandEventArgs e)
        {
            string userId                = FooStringHelper.RandomString(16);
            var    txtUserNameFooter     = (TextBox)userGrid.FooterRow.FindControl("txtUserNameFooter");
            var    txtUserAliasFooter    = (TextBox)userGrid.FooterRow.FindControl("txtUserAliasFooter");
            var    txtEmailFooter        = (TextBox)userGrid.FooterRow.FindControl("txtEmailFooter");
            var    txtUserPasswordFooter = (TextBox)userGrid.FooterRow.FindControl("txtUserPasswordFooter");
            var    groupDropdownFooter   = (DropDownList)userGrid.FooterRow.FindControl("groupDropdownFooter");

            if (!string.IsNullOrEmpty(txtUserNameFooter.Text) && !string.IsNullOrEmpty(txtUserAliasFooter.Text) &&
                !string.IsNullOrEmpty(txtEmailFooter.Text) && FooStringHelper.IsValidEmailAddress(txtEmailFooter.Text) &&
                !string.IsNullOrEmpty(txtUserPasswordFooter.Text))
            {
                try
                {
                    if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                    {
                        if (e.CommandName.Equals("AddNew"))
                        {
                            using (var conn = new NpgsqlConnection())
                            {
                                conn.ConnectionString =
                                    ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                                conn.Open();

                                var cmd = new NpgsqlCommand
                                {
                                    CommandText =
                                        "INSERT INTO users(userid,username,useralias,groupid,email,passwordhash,profileimg) VALUES (@USERID,@NAME,@DISP,@GROUP,@EMAIL,@HASH,'profile_default.jpg')",
                                    CommandType = CommandType.Text,
                                    Connection  = conn
                                };

                                var userIdParam = new NpgsqlParameter
                                {
                                    ParameterName = "@USERID",
                                    NpgsqlDbType  = NpgsqlDbType.Varchar,
                                    Size          = 16,
                                    Direction     = ParameterDirection.Input,
                                    Value         = userId
                                };
                                cmd.Parameters.Add(userIdParam);

                                var nameParam = new NpgsqlParameter
                                {
                                    ParameterName = "@NAME",
                                    NpgsqlDbType  = NpgsqlDbType.Varchar,
                                    Size          = 32,
                                    Direction     = ParameterDirection.Input,
                                    Value         = txtUserNameFooter.Text
                                };
                                cmd.Parameters.Add(nameParam);

                                var dispParam = new NpgsqlParameter
                                {
                                    ParameterName = "@DISP",
                                    NpgsqlDbType  = NpgsqlDbType.Varchar,
                                    Size          = 32,
                                    Direction     = ParameterDirection.Input,
                                    Value         = txtUserAliasFooter.Text
                                };
                                cmd.Parameters.Add(dispParam);

                                var groupParam = new NpgsqlParameter
                                {
                                    ParameterName = "@GROUP",
                                    NpgsqlDbType  = NpgsqlDbType.Varchar,
                                    Direction     = ParameterDirection.Input,
                                    Value         = groupDropdownFooter.SelectedValue
                                };
                                cmd.Parameters.Add(groupParam);

                                var emailParam = new NpgsqlParameter
                                {
                                    ParameterName = "@EMAIL",
                                    NpgsqlDbType  = NpgsqlDbType.Varchar,
                                    Size          = 64,
                                    Direction     = ParameterDirection.Input,
                                    Value         = txtEmailFooter.Text
                                };
                                cmd.Parameters.Add(emailParam);

                                var hashParam = new NpgsqlParameter
                                {
                                    ParameterName = "@HASH",
                                    NpgsqlDbType  = NpgsqlDbType.Varchar,
                                    Direction     = ParameterDirection.Input,
                                    Value         = FooCryptHelper.CreateShaHash(txtUserPasswordFooter.Text)
                                };
                                cmd.Parameters.Add(hashParam);


                                cmd.ExecuteNonQuery();
                                cmd.Dispose();
                            }
                        }
                    }

                    else
                    {
                        errorLabel.Text = "Invalid request.";
                    }
                }

                catch (Exception ex)
                {
                    FooLogging.WriteLog(ex.ToString());
                    errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
                }
            }
            else
            {
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }

            Reset_Page();
        }
예제 #9
0
 protected void hashButton_Click(object sender, EventArgs e)
 {
     outLabel.Text = FooCryptHelper.CreateShaHash(inBox.Text);
 }