예제 #1
0
    protected void LogIn(object sender, EventArgs e)
    {
        if (IsValid)
            {
                DataSet ds = new DataSet();
                String cmd = "UserName='******'";
                FileStream fs = new FileStream(Server.MapPath("../App_Data/Users.xml"),
                                  FileMode.Open, FileAccess.Read);
                StreamReader reader = new StreamReader(fs);
                ds.ReadXml(reader);
                fs.Close();

                DataTable users = ds.Tables[0];
                DataRow[] matches = users.Select(cmd);

                if( matches != null && matches.Length > 0 )
                {
                    DataRow row = matches[0];
                    HashComputer hashComputer = new HashComputer();
                    string hashedpwd = hashComputer.hash(Password.Text);

                    String pass = (String)row["Password"];
                    if (0 != String.Compare(pass, hashedpwd, false))
                    {
                        // Tell the user if no password match is found. It is good
                        // security practice give no hints about what parts of the
                        // logon credentials are invalid.
                        FailureText.Text = "Invalid username or password.";
                        ErrorMessage.Visible = true;
                    }
                    else
                    {
                        // If a password match is found, redirect the request
                        // to the originally requested resource (Default.aspx).
                        FormsAuthentication.RedirectFromLoginPage
                            (UserName.Text, RememberMe.Checked);
                    }
                }
                else
                {
                    FailureText.Text = "Invalid username or password.";
                    ErrorMessage.Visible = true;
                }
            }
    }
예제 #2
0
    protected void CreateUser_Click(object sender, EventArgs e)
    {
        if(0 != String.Compare(captchaBox.Text, "v4xbg", true))
        {
            ErrorMessage.Text = "The text doesn't match that in the image.";
            return;
        }

        DataSet ds = new DataSet();
        String userFile = "../App_Data/Users.xml";
        FileStream fs = new FileStream(Server.MapPath(userFile),
            FileMode.Open, FileAccess.Read);
        StreamReader reader = new StreamReader(fs);
        ds.ReadXml(reader);
        fs.Close();
        HashComputer hashComputer = new HashComputer();
        string hashedpwd = hashComputer.hash(Password.Text);
        DataRow newUser = ds.Tables[0].NewRow();
        newUser["UserName"] = UserName.Text;
        newUser["Password"] = hashedpwd;
        newUser["Role"] = roleList.SelectedItem.Text;
        ds.Tables[0].Rows.Add(newUser);
        ds.AcceptChanges();

        fs = new FileStream(Server.MapPath(userFile), FileMode.Create,
                            FileAccess.Write | FileAccess.Read);
        StreamWriter writer = new StreamWriter(fs);
        ds.WriteXml(writer);
        writer.Close();
        fs.Close();

        if (!String.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
            Response.Redirect(Request.QueryString["ReturnUrl"]);
        else
            Response.Redirect("~/Account/Login");
    }