public static bool verifyUserPassword(String providedPassword, String securedPassword, String salt)
{
bool returnValue = false;
// Generate New secure password with the same salt
String newSecurePassword = PasswordUtil.generateSecurePassword(providedPassword, salt);
// Check if two passwords are equal
returnValue = newSecurePassword.Equals(securedPassword);
return(returnValue);
}
private void btnSave_Click(object sender, EventArgs e)
{
string stfID = txtStfId.Text;
string fName = txtFName.Text;
string lName = txtLName.Text;
string email = txtEmail.Text;
string phone = txtPhone.Text;
string nic = txtNIC.Text;
string qualification = txtQualification.Text;
string experience = txtExperience.Text;
string dob = dobPicker.Value.ToShortDateString();
string appdate = appdatePicker.Value.ToShortDateString();
string jdate = jDatePicker.Value.ToShortDateString();
string gender = "";
string password = txtPassword.Text;
if (rBtnMale.Checked)
{
gender = "M";
}
else if (rBtnFemale.Checked)
{
gender = "F";
}
string pattern = null;
pattern = "^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$";
if (!(stfID == "" || fName == "" || lName == "" || email == "" || phone == "" || nic == "" || qualification == "" || experience == "" ||
dob == "" || appdate == "" || jdate == "" || gender == "" || password == ""))
{
if (!(Regex.IsMatch(txtEmail.Text, pattern)))
{
MessageBox.Show("Email is not correct.");
}
else if (txtNIC.Text.Length != 10)
{
MessageBox.Show("NIC is incorrect.");
}
else
{
try
{
sqlCon.Open();
SqlCommand cmd1 = sqlCon.CreateCommand();
cmd1.CommandType = CommandType.Text;
cmd1.CommandText = "INSERT INTO Staff VALUES('" + stfID + "', '" + phone + "', '" + fName + "', '" + lName
+ "','" + email + "','" + nic + "','" + appdate + "','" + jdate + "','" + qualification + "','" + gender + "','" + dob + "')";
cmd1.ExecuteNonQuery();
SqlCommand cmd2 = sqlCon.CreateCommand();
cmd2.CommandType = CommandType.Text;
cmd2.CommandText = "INSERT INTO Non_Academic_Staff VALUES('" + stfID + "', '" + experience + "')";
cmd2.ExecuteNonQuery();
string saltpwd = PasswordUtil.getSalt(30);
string secpwd = PasswordUtil.generateSecurePassword(password, saltpwd);
SqlCommand cmd3 = sqlCon.CreateCommand();
cmd3.CommandType = CommandType.Text;
cmd3.CommandText = "INSERT INTO Non_Academic_Staff_Credentials VALUES('" + stfID + "','" + secpwd + "','" + saltpwd + "')";
cmd3.ExecuteNonQuery();
}
catch (Exception ex1)
{
MessageBox.Show("Error: " + ex1);
}
finally
{
sqlCon.Close();
}
FillDataGridView();
MessageBox.Show("Successfully Inserted!");
clearDetails();
}
}
else
{
MessageBox.Show("All fields must be filled.");
}
}
private void button1_Click(object sender, EventArgs e)
{
if (txtPassword.Text == "" || txtRePassword.Text == "")
{
MessageBox.Show("Please enter new password and enter it again.");
}
else if (!(txtPassword.Text.Equals(txtRePassword.Text)))
{
MessageBox.Show("Passwords are not equal.");
}
else
{
//txtPassword.Text;
//txtRePassword.Text;
string saltpwd = PasswordUtil.getSalt(30);
string secpwd = PasswordUtil.generateSecurePassword(txtPassword.Text, saltpwd);
string typeString = userType.SelectedItem.ToString();
using (SqlConnection connection = new SqlConnection(conString))
{
//try{
connection.Open();
SqlCommand command = new SqlCommand(null, connection);
/*
* UPDATE Academic_Staff_Credentials
* SET password = '******', salt = 'sss'
* WHERE stfID = 'iii';
*/
if (typeString.Equals("Academic Staff"))
{
command.CommandText = "UPDATE Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
}
else if (typeString.Equals("Non Academic Staff"))
{
command.CommandText = "UPDATE Non_Academic_Staff_Credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
}
else if (typeString.Equals("Administrative Staff"))
{
command.CommandText = "UPDATE Administrative_Staff_credentials SET password = @secPassword, salt = @saltPassword WHERE stfID = @stfID";
}
SqlParameter secPassword = new SqlParameter("@secPassword", SqlDbType.VarChar, 100);
secPassword.Value = secpwd;
command.Parameters.Add(secPassword);
SqlParameter saltPassword = new SqlParameter("@saltPassword", SqlDbType.VarChar, 100);
saltPassword.Value = saltpwd;
command.Parameters.Add(saltPassword);
SqlParameter stfID = new SqlParameter("@stfID", SqlDbType.VarChar, 100);
stfID.Value = usernameString;
command.Parameters.Add(stfID);
// Call Prepare after setting the Commandtext and Parameters.
command.Prepare();
command.ExecuteNonQuery();
MessageBox.Show("Password updated successfully. Now use your new password to login to the system.");
//}
//catch(Exception ex) {
// MessageBox.Show(ex+"Error occured.");
//} finally {
// connection.Close();
//}
}
}
}