protected void Login_Click(object sender, EventArgs e)
{
//Declares a connection and SQL command variable.
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "SELECT AdminPassword FROM AdminPassword WHERE Id='1'";
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
//Retrieves the universal admin password.
hashedPassword = reader["AdminPassword"].ToString();
}
//Checks if the hashed password is correct. If it is, grants access. If not, returns an error message.
bool correct = Salt.Verify(AdminPassword.Text, hashedPassword);
if (correct == false)
{
Error.Text = "Incorrect password.";
}
else
{
Session["AdminUsername"] = "******";
Session["AdminMessage"] = "Welcome.";
Response.Redirect("Admin.aspx");
}
//Closes the database connection.
conn.Close();
}
protected void CustomerLogin_Click(object sender, EventArgs e)
{
//Declare SQL connection and command variables.
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand();
SqlCommand cmd2 = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "SELECT Password FROM Customer WHERE Email = @email";
cmd.Parameters.Add("@email", SqlDbType.NChar).Value = Email.Text;
cmd2.Connection = conn;
cmd2.CommandText = "SELECT ID, FirstName FROM Customer WHERE Email = @email";
cmd2.Parameters.Add("@email", SqlDbType.NChar).Value = Email.Text;
conn.Open();
//Check if any email address in the database matches the one entered. If no rows are returned, generate an error message. Otherwise, proceed.
SqlDataReader reader = cmd.ExecuteReader();
if (reader.HasRows == false)
{
Error.Text = "Incorrect email address.";
}
else
{
while (reader.Read())
{
//Sets the hashed password variable.
hashedPassword = reader["Password"].ToString();
}
reader.Close();
//Checks the hashed password. If it isn't correct, generate an error message. If it is, set session ID and message and redirect to the User page.
bool correct = Salt.Verify(Password.Text, hashedPassword);
if (correct == false)
{
Error.Text = "Incorrect password.";
}
else
{
SqlDataReader reader2 = cmd2.ExecuteReader();
while (reader2.Read())
{
Session["Id"] = Int32.Parse(reader2["Id"].ToString());
Session["Message"] = "Welcome, " + reader2["FirstName"].ToString() + ".";
}
Response.Redirect("Customer.aspx");
}
}
}
protected void Submit_Click(object sender, EventArgs e)
{
//If the New Password and Confirm New Password text boxes do not match, generate an error message. If they do, proceed.
if (NewPassword.Text != ConfirmNewPassword.Text)
{
Error.Text = "New Password and Confirm New Password do not match.";
}
else
{
//Declare connection and SQL query variables.
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "SELECT AdminPassword FROM AdminPassword WHERE Id = '1'";
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
//Retrieve the universal admin password.
hashedPassword = reader["AdminPassword"].ToString();
}
reader.Close();
//Checks if the input existing password is correct. If it is, proceeds. If not, generates an error message.
bool correct = Salt.Verify(OldPassword.Text, hashedPassword);
if (correct == false)
{
Error.Text = "Incorrect old password.";
}
else
{
SqlCommand cmd2 = new SqlCommand();
cmd2.Connection = conn;
//Updates the universal admin password, changes the message to reflect this, and redirects to the Admin page.
cmd2.CommandText = "UPDATE AdminPassword SET AdminPassword = @newPassword WHERE Id = '1'";
cmd2.Parameters.Add("@newPassword", SqlDbType.VarChar).Value = Salt.Encode(NewPassword.Text, null);
cmd2.ExecuteNonQuery();
Session["AdminMessage"] = "Admin password successfully changed.";
Response.Redirect("Admin.aspx");
}
//Closes the database connection.
conn.Close();
}
}
