protected void btnSubmit_Click1(object sender, EventArgs e)
{
string strEmail = txtEmail.Text;
string strConfirmEmail = txtConfirmEmail.Text;
string strPassword = txtPassword.Text;
string strConfirmPassword = txtConfirmPassword.Text;
string strQuestion = ddlSecurityQuestion.SelectedValue;
string strQuestion2 = ddlSecurityQuestion2.SelectedValue;
string strQuestion3 = ddlSecurityQuestion3.SelectedValue;
int val = 0;
if (txtUsername.Text.All(char.IsLetterOrDigit))
{
if (strPassword == strConfirmPassword && validate.IsNotNull(strPassword)) // Validate password
{
if (validate.IsValidEmail(strEmail) && strEmail == strConfirmEmail && validate.IsNotNull(strEmail)) // validate email
{
if (strQuestion != strQuestion2 && strQuestion2 != strQuestion3 && strQuestion3 != strQuestion) // validate questions
{
objDB = new DBConnect();
objCommand = new SqlCommand();
Random random = new Random();
code = random.Next(10001, 99999);
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_sp_addNewUser";
objCommand.Parameters.AddWithValue("@username", txtUsername.Text);
objCommand.Parameters.AddWithValue("@password", txtPassword.Text);
objCommand.Parameters.AddWithValue("@email", txtEmail.Text);
objCommand.Parameters.AddWithValue("@ConfirmationCode", code.ToString());
objCommand.Parameters.AddWithValue("@SecurityQuestion", ddlSecurityQuestion.SelectedValue);
objCommand.Parameters.AddWithValue("@SecurityResponse", txtSecurityResponse.Text);
objCommand.Parameters.AddWithValue("@SecurityQuestion2", ddlSecurityQuestion2.SelectedValue);
objCommand.Parameters.AddWithValue("@SecurityResponse2", txtSecurityResponse2.Text);
objCommand.Parameters.AddWithValue("@SecurityQuestion3", ddlSecurityQuestion3.SelectedValue);
objCommand.Parameters.AddWithValue("@SecurityResponse3", txtSecurityResponse3.Text);
val = objDB.DoUpdateUsingCmdObj(objCommand);
if (val < 0)
{
lblStatus.ForeColor = Color.Red;
lblStatus.Text = "[Server:Error]";
}
else
{
Session["Username"] = txtUsername.Text;
lblStatus.ForeColor = Color.Green;
lblStatus.Text = "Success: New user was created";
if (EmailVerification(txtEmail.Text))
{ // get user ID and sen it to send the verification email
Response.Redirect("/CreateProfile.aspx");
}
}
}
else
{
lblSecQuestion.ForeColor = Color.Red;
lblSecQuestion2.ForeColor = Color.Red;
lblSecQuestion3.ForeColor = Color.Red;
lblSecQuestion.Text = "Please pick three different questions and respond each one:";
}
}
else
{
lblEmail.ForeColor = Color.Red;
lblEmail.Text = "Email wont match please verify:";
}
}
else
{
lblPassword.ForeColor = Color.Red;
lblPassword.Text = "Password wont match please verify:";
}
}
else
{
lblPassword.ForeColor = Color.Red;
lblPassword.Text = "Username is only allow to have numbers and letters:";
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.Cookies["Login"] != null)
{
HttpCookie myCookie = Request.Cookies["Login"];
txtLoginEmail.Text = myCookie["Email"];
String encryptedPassword = myCookie.Values["Password"];
//txtLoginPassword.Text = myCookie["Password"];
Byte[] encryptedPasswordBytes = Convert.FromBase64String(encryptedPassword);
Byte[] textBytes;
String plainTextPassword;
UTF8Encoding encoder = new UTF8Encoding();
// Perform Decryption
//-------------------
// Create an instances of the decryption algorithm (Rinjdael AES) for the encryption to perform,
// a memory stream used to store the decrypted data temporarily, and
// a crypto stream that performs the decryption algorithm.
RijndaelManaged rmEncryption = new RijndaelManaged();
MemoryStream myMemoryStream = new MemoryStream();
CryptoStream myDecryptionStream = new CryptoStream(myMemoryStream, rmEncryption.CreateDecryptor(key, vector), CryptoStreamMode.Write);
// Use the crypto stream to perform the decryption on the encrypted data in the byte array.
myDecryptionStream.Write(encryptedPasswordBytes, 0, encryptedPasswordBytes.Length);
myDecryptionStream.FlushFinalBlock();
// Retrieve the decrypted data from the memory stream, and write it to a separate byte array.
myMemoryStream.Position = 0;
textBytes = new Byte[myMemoryStream.Length];
myMemoryStream.Read(textBytes, 0, textBytes.Length);
// Close all the streams.
myDecryptionStream.Close();
myMemoryStream.Close();
// Convert the bytes to a string and display it.
plainTextPassword = encoder.GetString(textBytes);
txtLoginPassword.Text = plainTextPassword;
DBConnect objDB = new DBConnect();
SqlCommand objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_CheckAutoSignIn";
objCommand.Parameters.AddWithValue("@email", myCookie["Email"]);
DataSet ds = objDB.GetDataSetUsingCmdObj(objCommand);
if (Convert.ToInt32(ds.Tables[0].Rows[0]["AutoSignIn"].ToString()) == 1)
{
Session.Add("Email", txtLoginEmail.Text);
Session.Add("Password", plainTextPassword);
//Session.Add("Password", txtLoginPassword.Text);
Session.Add("VerificationToken", myCookie["VerificationToken"]);
Server.Transfer("Profile.aspx", false);
}
else
{
Session.Add("Email", txtLoginEmail.Text);
Session.Add("Password", plainTextPassword);
//Session.Add("Password", txtLoginPassword.Text);
Session.Add("VerificationToken", myCookie["VerificationToken"]);
txtLoginEmail.Text = myCookie["Email"];
txtLoginPassword.Text = plainTextPassword;
//txtLoginPassword.Text = myCookie["Password"];
}
}
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
try
{
DBConnect objDB = new DBConnect();
SqlCommand objCommand = new SqlCommand();
objCommand.CommandType = CommandType.StoredProcedure;
objCommand.CommandText = "TP_LoginAccount";
objCommand.Parameters.AddWithValue("@email", txtLoginEmail.Text);
objCommand.Parameters.AddWithValue("@password", txtLoginPassword.Text);
DataSet ds = objDB.GetDataSetUsingCmdObj(objCommand);
if (ds.Tables[0].Rows[0]["Email"].ToString() == txtLoginEmail.Text && ds.Tables[0].Rows[0]["Password"].ToString() == txtLoginPassword.Text)
{
if (chkRememberMe.Checked)
{
Session.Add("Email", txtLoginEmail.Text);
Session.Add("Password", txtLoginPassword.Text);
Session.Add("VerificationToken", ds.Tables[0].Rows[0]["VerificationToken"].ToString());
string email = txtLoginEmail.Text;
string plainTextPassword = txtLoginPassword.Text;
string encryptedPassword;
string verificationToken = Session["VerificationToken"].ToString();
UTF8Encoding encoder = new UTF8Encoding(); // used to convert bytes to characters, and back
Byte[] textBytes; // stores the plain text data as bytes
// Perform Encryption
//-------------------
// Convert a string to a byte array, which will be used in the encryption process.
textBytes = encoder.GetBytes(plainTextPassword);
// Create an instances of the encryption algorithm (Rinjdael AES) for the encryption to perform,
// a memory stream used to store the encrypted data temporarily, and
// a crypto stream that performs the encryption algorithm.
RijndaelManaged rmEncryption = new RijndaelManaged();
MemoryStream myMemoryStream = new MemoryStream();
CryptoStream myEncryptionStream = new CryptoStream(myMemoryStream, rmEncryption.CreateEncryptor(key, vector), CryptoStreamMode.Write);
// Use the crypto stream to perform the encryption on the plain text byte array.
myEncryptionStream.Write(textBytes, 0, textBytes.Length);
myEncryptionStream.FlushFinalBlock();
// Retrieve the encrypted data from the memory stream, and write it to a separate byte array.
myMemoryStream.Position = 0;
Byte[] encryptedBytes = new Byte[myMemoryStream.Length];
myMemoryStream.Read(encryptedBytes, 0, encryptedBytes.Length);
// Close all the streams.
myEncryptionStream.Close();
myMemoryStream.Close();
// Convert the bytes to a string and display it.
encryptedPassword = Convert.ToBase64String(encryptedBytes);
// Write encrypted password to a cookie
HttpCookie myCookie = new HttpCookie("Login");
myCookie.Values["Email"] = txtLoginEmail.Text;
myCookie.Values["Password"] = encryptedPassword;
//myCookie.Values["Password"] = txtLoginPassword.txt;
myCookie.Values["VerificationToken"] = Session["VerificationToken"].ToString();
myCookie.Expires = DateTime.Now.AddDays(1d);
Response.Cookies.Add(myCookie);
Server.Transfer("Profile.aspx", false);
}
else
{
Session.Add("Email", txtLoginEmail.Text);
Session.Add("Password", txtLoginPassword.Text);
Session.Add("VerificationToken", ds.Tables[0].Rows[0]["VerificationToken"].ToString());
Server.Transfer("Profile.aspx", false);
}
}
}
catch (IndexOutOfRangeException)
{
return;
}
}
protected void btnChangePass_Click(object sender, EventArgs e)
{
string password = txtNewPass.Text;
string passwordConfirm = txtConfirmPass.Text;
Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");
bool trigger = false;
//Validate password; Make sure it passes regex and matches the confirm password input
if (password.Length <= 0 || !regexPassword.IsMatch(password))
{
trigger = true;
txtNewPass.CssClass += " is-invalid";
txtNewPass.Text = "";
}
if (password != passwordConfirm)
{
trigger = true;
txtConfirmPass.CssClass += " is-invalid";
txtConfirmPass.Text = "";
}
if (!trigger)
{
//Salt the password and update it in the db
//Password Salting & Hashing
byte[] saltArray = CryptoUtilities.GenerateSalt();
byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password);
try
{
SqlCommand commandObj = new SqlCommand();
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_UpdatePassword";
commandObj.Parameters.AddWithValue("@userID", Session["VerifyingID"].ToString());
commandObj.Parameters.AddWithValue("@pass", hashPassword);
commandObj.Parameters.AddWithValue("@salt", saltArray);
DBConnect OBJ = new DBConnect();
if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) == -2)
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
else
{
divSuccess.Visible = true;
divChangePassword.Visible = false;
}
}
catch
{
ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
}
}
else
{
divInvalidPassword.Visible = true;
}
}