protected void getRegisterUserForm() { //Boolean formValidated = false; Boolean mailingListOptIn = OptIn.Checked; SaltUtility saltTool = new SaltUtility(); //get values into dictionary Dictionary<string, string> registerForm = new Dictionary<string, string>() { {"First Name", FirstName.Text}, {"Last Name", LastName.Text}, {"Email", Email.Text}, {"Phone Number", PhoneNumber.Text}, {"Password", Password.Text}, {"Confirm Password", ConfirmPassword.Text}, {"Address1", Address1.Text}, {"Address2", Address2.Text}, {"City", City.Text}, {"State", State.Text}, {"Zip", Zip.Text}, {"Zip2", Zip2.Text}, {"OptIn", mailingListOptIn.ToString()}, {"LoginHash", saltTool.randomString(16)}, {"LoginV", saltTool.randomString(16)}, {"ConsignorCode", saltTool.randomString(8)}, {"AcceptedAgreement", hidAcceptedAgreement.Value.ToString()} }; saveUserInfo(registerForm); }
protected Boolean saveUserInfo(Dictionary<string, string> userInfo, Boolean skipSendEmail = false) { //check to make sure user is not already registered if (authenticateUser(userInfo["Email"].ToString(), "", true)) { connErrMsg = "already registered"; return false; } SaltUtility saltTool = new SaltUtility(); StringBuilder myStr = new StringBuilder(); //create a mySql command object MySqlCommand cmd = new MySqlCommand("usp_registerUser", mySqlConn); cmd.CommandType = System.Data.CommandType.StoredProcedure; //set params for stored proc MySqlParameter pFirstName; pFirstName = new MySqlParameter("?firstname", MySqlDbType.VarChar); pFirstName.Value = userInfo["First Name"]; pFirstName.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pFirstName); MySqlParameter pLastName; pLastName = new MySqlParameter("?lastname", MySqlDbType.VarChar); pLastName.Value = userInfo["Last Name"]; pLastName.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pLastName); MySqlParameter pEmail; pEmail = new MySqlParameter("?loginId", MySqlDbType.VarChar); pEmail.Value = userInfo["Email"]; pEmail.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pEmail); MySqlParameter pPhoneNum; pPhoneNum = new MySqlParameter("?phoneNumber", MySqlDbType.VarChar); pPhoneNum.Value = !string.IsNullOrEmpty(userInfo["Phone Number"]) ? userInfo["Phone Number"] : null; pPhoneNum.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pPhoneNum); MySqlParameter pAddress1; pAddress1 = new MySqlParameter("?address1", MySqlDbType.VarChar); pAddress1.Value = !string.IsNullOrEmpty(userInfo["Address1"]) ? userInfo["Address1"] : null; pAddress1.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pAddress1); MySqlParameter pAddress2; pAddress2 = new MySqlParameter("?address2", MySqlDbType.VarChar); pAddress2.Value = !string.IsNullOrEmpty(userInfo["Address2"]) ? userInfo["Address2"] : null; pAddress2.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pAddress2); MySqlParameter pCity; pCity = new MySqlParameter("?city", MySqlDbType.VarChar); pCity.Value = !string.IsNullOrEmpty(userInfo["City"]) ? userInfo["City"] : null; pCity.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pCity); MySqlParameter pState; pState = new MySqlParameter("?state", MySqlDbType.VarChar); pState.Value = !string.IsNullOrEmpty(userInfo["State"]) ? userInfo["State"] : null; pState.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pState); MySqlParameter pZip; pZip = new MySqlParameter("?zip", MySqlDbType.Int32); if (!string.IsNullOrEmpty(userInfo["Zip"])) { pZip.Value = Convert.ToInt32(userInfo["Zip"]); } else { pZip.Value = null; } pZip.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pZip); MySqlParameter pZip2; pZip2 = new MySqlParameter("?zip2", MySqlDbType.Int16); if (!string.IsNullOrEmpty(userInfo["Zip2"])) { pZip2.Value = Convert.ToInt16(userInfo["Zip2"]); } else { pZip.Value = null; } pZip2.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pZip2); MySqlParameter pOptIn; pOptIn = new MySqlParameter("?mailingList", MySqlDbType.Bit); if (!string.IsNullOrEmpty(userInfo["OptIn"])) { try { Boolean optingIn = Convert.ToBoolean(userInfo["OptIn"]); pOptIn.Value = optingIn ? 1 : 0; } catch { pOptIn.Value = 0; } pOptIn.Direction = System.Data.ParameterDirection.Input; } cmd.Parameters.Add(pOptIn); MySqlParameter pLoginPass; pLoginPass = new MySqlParameter("?loginPass", MySqlDbType.VarChar); pLoginPass.Value = saltTool.seasonIt(userInfo["Password"], userInfo["LoginHash"], userInfo["LoginV"]); pLoginPass.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pLoginPass); MySqlParameter pLoginHash; pLoginHash = new MySqlParameter("?loginHash", MySqlDbType.VarChar); pLoginHash.Value = saltTool.seasonIt(userInfo["LoginHash"]); pLoginHash.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pLoginHash); MySqlParameter pLoginV; pLoginV = new MySqlParameter("?loginV", MySqlDbType.VarChar); pLoginV.Value = saltTool.seasonIt(userInfo["LoginV"]); pLoginV.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pLoginV); MySqlParameter pAcceptedAgreement; pAcceptedAgreement = new MySqlParameter("?acceptedAgreement", MySqlDbType.Bit); pAcceptedAgreement.Value = Convert.ToBoolean(userInfo["AcceptedAgreement"]); pAcceptedAgreement.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pAcceptedAgreement); Boolean acceptedAgreement = Convert.ToBoolean(userInfo["AcceptedAgreement"]); //**This is the approval code for consingment application submissions. user should get this in email when they sign up to be a ticketSeller. Our Rep will ask for that code upon initial contact. MySqlParameter pConsignorCode; pConsignorCode = new MySqlParameter("?consignorCode", MySqlDbType.VarChar); pConsignorCode.Value = saltTool.seasonIt(userInfo["ConsignorCode"]); pConsignorCode.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pConsignorCode); try { if (!isInitialized()) { cmd.Connection.Open(); } cmd.ExecuteNonQuery(); /* * Never want to send email locally or if autoRegister occurs from joining mailing list. */ if (!skipSendEmail && sWebServer.ToLower().IndexOf("localhost") < 0 && acceptedAgreement) { cdontsUtil emailObj = new cdontsUtil(); emailObj.emailDetails = userInfo; emailObj.sendEmail("consignorApp_Verify", "RockstarSeating.com User Registration Success", userInfo["Email"]); emailObj.sendEmail("consignorApp_Approve", "New Ticket Consignment Registration", "*****@*****.**"); emailObj.sendEmail("consignorApp_Approve", "New Ticket Consignment Registration", "*****@*****.**"); } return true; } catch (Exception ee) { connErrMsg = ee.Message.ToString(); return false; } }
protected string GetConnectionString() { string sConn = string.Empty; SaltUtility saltTool = new SaltUtility(); StringBuilder myStr = new StringBuilder(); // ########### TODO: This is a good place for a static variable ##################### if (sWebServer.ToLower().Contains("localhost")) { // THESE ARE MOST SECURE BECAUSE THE PLAIN TEXT PASSWORDS ARE IN MY HEAD...not hardcoded string password = saltTool.deSeasonIt("vhpYqqpTT7SGOE82jW26+A=="); myStr.Append("server=localhost;"); myStr.Append("userid=webUser;"); myStr.Append("password="******";"); myStr.Append("database=rockstarseating"); } else { // THESE ARE MOST SECURE BECAUSE THE PLAIN TEXT PASSWORDS ARE IN MY HEAD...not hardcoded string password = saltTool.deSeasonIt("yHXCcF0CU0rdI5WkR5O5gQ=="); myStr.Append("server=rockstarseating.db.8117053.hostedresource.com;"); myStr.Append("userid=rockstarseating;"); myStr.Append("password="******";"); myStr.Append("database=rockstarseating"); } sConn = myStr.ToString(); saltTool = null; return sConn; }
protected Boolean authenticateUser(string loginId, string loginPass, bool checkOnly = false) { //create a mySql command object MySqlCommand cmd = new MySqlCommand("usp_getUserInfo", mySqlConn); cmd.CommandType = System.Data.CommandType.StoredProcedure; MySqlParameter pLoginID; pLoginID = new MySqlParameter("?loginId", MySqlDbType.VarChar); pLoginID.Value = loginId; pLoginID.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pLoginID); MySqlParameter pGetFullDetails; pGetFullDetails = new MySqlParameter("?getFullDetails", MySqlDbType.Bit); pGetFullDetails.Value = false; pGetFullDetails.Direction = System.Data.ParameterDirection.Input; cmd.Parameters.Add(pGetFullDetails); //try //{ if (!isInitialized()) { cmd.Connection.Open(); } MySqlDataReader dr = cmd.ExecuteReader(CommandBehavior.CloseConnection); if (dr.HasRows) { // exit here if checking db for registerUser //10-10-11 I'm not even sure what this variable was intended for, but its... [useless now??] if (checkOnly) { return true; } while (dr.Read()) { UserObj.FirstName = Convert.ToString(dr["firstname"]); UserObj.LastName = Convert.ToString(dr["lastname"]); UserObj.Email = Convert.ToString(dr["emailAddress"]); UserObj.UserPass = Convert.ToString(dr["userPass"]); UserObj.LoginHash = Convert.ToString(dr["userPassP"]); UserObj.LoginV = Convert.ToString(dr["userPassV"]); UserObj.isConsignor = Convert.ToBoolean(dr["isConsignor"]); UserObj.isAdmin = Convert.ToBoolean(dr["isAdmin"]); UserObj.UserId = Convert.ToInt32(dr["userId"]); } if (UserObj.UserId > 39) { //connErrMsg = "Logins are turned off for site maintenance. Sorry..."; //return false; } SaltUtility saltTool = new SaltUtility(); if (loginPass == saltTool.deSeasonIt(UserObj.UserPass, UserObj.LoginHash, UserObj.LoginV)) { //clear password from memory UserObj.UserPass = ""; UserObj.LoginHash = ""; UserObj.LoginV = ""; //close dataReader obj dr.Close(); //user validated return true; } else { connErrMsg = "Email and Password combination are incorrect"; } } else { connErrMsg = "Account not found. Please register in order to login."; } dr.Close(); return false; //} //catch (Exception ee) //{ // connErrMsg = ee.Message.ToString(); // return false; //} }
protected Boolean sendTicketRequestForm(Dictionary<string, string> formDetails) { try { //need to provide an autogenerated password and store it encrypted in the db SaltUtility saltTool = new SaltUtility(); string loginHash = saltTool.randomString(16); string loginV = saltTool.randomString(16); //food param = plainText password(randomString(16)) string autoGeneratedPassword = saltTool.randomString(16); autoGeneratedPassword = saltTool.seasonIt(autoGeneratedPassword, loginHash, loginV); //password stored = seasoned_autoGeneratedPassword formDetails.Add("Password", autoGeneratedPassword); formDetails.Add("LoginHash", loginHash); formDetails.Add("LoginV", loginV); //now add misc fields for saveUserInfo formDetails.Add("OptIn", "true"); formDetails.Add("Zip2", ""); formDetails.Add("ConsignorCode", ""); Boolean alreadyRegistered = false; //this should save user info unless fail if (!saveUserInfo(formDetails, true)) { //need to passThru if user is already registered, it's a fake fail if (connErrMsg == "already registered") { alreadyRegistered = true; } else { return false; } } //now send emails cdontsUtil emailObj = new cdontsUtil(); emailObj.emailDetails = formDetails; //send email to user emailObj.sendEmail("userTicketRequest_success", "Ticket Request Submission at RockstarSeating.com", formDetails["Email"]); //send email to admin if (!alreadyRegistered) { emailObj.sendEmail("userTicketRequest_notify", "New Member Ticket Request Submission", formDetails["Email"]); } else { emailObj.sendEmail("userTicketRequest_alreadyRegistered_notify", "Registered Member Ticket Request Submission", formDetails["Email"]); } return true; } catch (Exception ee) { connErrMsg = ee.Message.ToString(); return false; } }