/// <summary>
/// Check details and login to page
/// </summary>
protected void cmdLogin_Click(object sender, EventArgs e)
{
var mysql = new SqlConnector("db_trackvideowatching");
var users =
(DataTable)
mysql.Select("SELECT Username, Password_Hash, Salt FROM tbl_Users WHERE Username = '******';");
if (users.Rows.Count != 0)
{
var matchHash = Utilities.HashPassword(txtPassword.Text, users.Rows[0][2].ToString(), MD5.Create());
if (matchHash == users.Rows[0][1].ToString())
{
var coookieValue = Utilities.HashPassword(txtUsername.Text + users.Rows[0][1],
users.Rows[0][2].ToString(),
MD5.Create());
Response.Cookies.Add(new HttpCookie("Username", txtUsername.Text));
Response.Cookies.Add(new HttpCookie("Token", coookieValue));
Response.Redirect("Dashboard.aspx");
}
else
{
Response.Write("Incorrect password");
}
}
else
{
Response.Write("No such user exists");
}
}
/// <summary>
/// Registers a user given the textbox inputs
/// </summary>
protected void cmdRegister_Click(object sender, EventArgs e)
{
if (txtPassword.Text != txtCPassword.Text)
{
Response.Write("Passwords do not match");
return;
}
var mysql = new SqlConnector("db_trackvideowatching");
var users =
(DataTable)
mysql.Select("Select Username, EmailAddress From tbl_users WHERE Username = '******' OR EmailAddress = '" +
txtEmail.Text + "';");
if (users.Rows.Count != 0)
{
Response.Write("A user already exists with this username/email");
return;
}
var salt = Utilities.GenerateSaltValue();
var password = Utilities.HashPassword(txtPassword.Text, salt, MD5.Create());
mysql.NonQuery("INSERT INTO tbl_users ( Username, Password_hash, Salt, EmailAddress) VALUES ('" +
txtUsername.Text + "','" + password + "','" + salt + "','" + txtEmail.Text + "');");
HtmlMeta meta = new HtmlMeta();
meta.HttpEquiv = "Refresh";
meta.Content = "5;url=Login.aspx";
Page.Controls.Add(meta);
Response.Write("Account Creation Successfull, you will now be redirected");
}
/// <summary>
/// Adds all of the information for the new video to the database
/// </summary>
protected void btnAdd_Click(object sender, EventArgs e)
{
var mysql = new SqlConnector("db_trackvideowatching");
var user =
(DataTable)
mysql.Select("SELECT PK_UserID, Username, Password_Hash, Salt FROM tbl_users WHERE Username = '******';");
if (user.Rows.Count == 0)
{
Response.Write("You are not logged in, please log in");
return;
}
if (Utilities.HashPassword(user.Rows[0][1].ToString() + user.Rows[0][2], user.Rows[0][3].ToString(), MD5.Create()) ==
Request.Cookies["Token"].Value)
{
var platform = cboPlatform.Text;
if (cboPlatform.Text == "Other")
{
platform = txtPlatform.Text;
}
mysql.NonQuery("INSERT INTO tbl_records ( FK_UserID, Video_Platform, Date_Watched, Channel, Length) VALUES ('" + user.Rows[0][0] + "','" + platform + "','" + Calendar1.SelectedDate.ToString("yyyy-MM-dd") + "','" + txtChannel.Text + "','" + txtHour.Text + ":" + txtMin.Text + ":" + txtSec.Text + "');");
cboPlatform.Text = "YouTube";
txtPlatform.Text = "";
txtChannel.Text = "";
txtHour.Text = "";
txtMin.Text = "";
txtSec.Text = "";
Response.Write("Video has been added to database");
return;
}
Response.Write("Authentication failed");
}
protected void Page_Load(object sender, EventArgs e)
{
var mysql = new SqlConnector("db_trackvideowatching");
var user =
(DataTable)
mysql.Select("SELECT PK_UserID, Username, Password_Hash, Salt FROM tbl_users WHERE Username = '******';");
if (user.Rows.Count == 0)
{
Response.Write("You are not logged in, please log in");
return;
}
if (Utilities.HashPassword(user.Rows[0][1].ToString() + user.Rows[0][2], user.Rows[0][3].ToString(), MD5.Create()) ==
Request.Cookies["Token"].Value)
{
var videos = mysql.Count("SELECT COUNT(*) FROM tbl_records WHERE FK_UserID = '" + user.Rows[0][0] + "';");
Response.Write("Welcome back " + Request.Cookies["Username"].Value + ", you have " + videos + " video in our database");
return;
}
Response.Write("Authentication failed");
}