public static bool ChangePassword(User u, string currPassword, string newPassword) { if( Hash.GetHash( currPassword + u.PasswordSalt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" ) != u.Password ) return false; u.PasswordSalt = GetRandomSalt(); u.Password = Hash.GetHash( newPassword + u.PasswordSalt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" ); u.Save(); return true; }
public static User CreateUser(string username, string password, string email, out string error) { error = ""; var u = new User(); u.Username = username; u.Email = email; u.ResetPasswordGuid = Guid.Empty; u.LastLogin = DateTime.Now; string salt = GetRandomSalt(); u.PasswordSalt = salt; u.Password = Hash.GetHash( password + salt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" ); u.Save(); return u; }
public static ReturnObject Profile(HttpContext context, long id, string email, string current_password = null, string new_password = null, string confirm_password = null) { var item = new Framework.Security.User( id ); if( id != Framework.Security.Manager.GetUser().ID.Value ) return new ReturnObject() { Error = true, Message = "Invalid user specified." }; item.Email = email; item.Save(); if( !string.IsNullOrEmpty( current_password ) || !string.IsNullOrEmpty( new_password ) || !string.IsNullOrEmpty( confirm_password ) ) { if( string.IsNullOrEmpty(current_password) ) return new ReturnObject() { Error = true, Message = "You must enter your current password to change your password." }; if( string.IsNullOrEmpty( new_password ) || string.IsNullOrEmpty( confirm_password ) ) return new ReturnObject() { Error = true, Message = "You must enter a new password and confirm it to change your password." }; if( new_password != confirm_password ) return new ReturnObject() { Error = true, Message = "Your new passwords do not match." }; if( !Framework.Security.Manager.ChangePassword(item,current_password,new_password) ) return new ReturnObject() { Error = true, Message = "You did not enter your current password correctly." }; } var ret = new ReturnObject() { Result = item, Growl = new ReturnGrowlObject() { Type = "default", Vars = new ReturnGrowlVarsObject() { text = "You have successfully updated your profile.", title = "Profile Saved" } } }; return ret; }
public static bool ResetPassword(ref User u) { if (u == null || u.ID == null) return false; u.ResetPasswordGuid = Guid.NewGuid(); u.Save(); return true; }
public static bool Login(string username, string password) { var db = Data.Database.Get( Config.Manager.Framework.Security.Authentication.Connection ); string sql = "SELECT * " + "FROM " + db.Delim( Config.Manager.Framework.Security.Authentication.User.Table, Data.DelimType.Table ) + " " + "WHERE " + db.Delim( "Username", Data.DelimType.Column ) + " = @un OR " + db.Delim( "Email", Data.DelimType.Column ) + " = @e"; var parameters = new List<Data.Parameter>(); parameters.Add(new Data.Parameter("un", username)); parameters.Add(new Data.Parameter("e", username)); var rows = db.ExecuteQuery( sql, parameters.ToArray() ); if( rows != null && rows.Count == 1 ) { var row = rows[0]; string salt = (string)row["PasswordSalt"]; if( ((string)row["Password"]) == Hash.GetHash( password + salt, Config.Manager.Framework.Security.Authentication.HashingMethod ?? "sha512", Encoding.UTF8, "hex" ) ) { var user = new User( row ); user.LastLogin = DateTime.Now; user.Save(); // Set to Session HttpContext.Current.Session["User"] = user; return true; } } return false; }