//returns true if password is changed successfully without errors
public bool ChangePassword(LecturerPassword lecturer)
{
//numeric validation
//count the number of character in the password
int counter = lecturer.NewPassword.Length;
//use for loop to loop thru each character in the string, checks through the whole string for numbers
for (int i = 0; i < counter; i++)
{
//if the current iteration contains a number, execute the query which updates the password
if (Char.IsDigit(lecturer.NewPassword, i))
{
//hashed the new password
var sha1 = new SHA1CryptoServiceProvider();
var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(lecturer.NewPassword));
string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower();
SqlCommand cmd = new SqlCommand("UPDATE Lecturer SET Password=@newPassword" +
" WHERE LecturerID = @selectedLecturerID", conn);
cmd.Parameters.AddWithValue("@newPassword", hashedPassword);
cmd.Parameters.AddWithValue("@selectedLecturerID", lecturer.LecturerId);
conn.Open();
int count = cmd.ExecuteNonQuery();
conn.Close();
return(true);
}
}
return(false);
}
public LecturerPassword getPasswordDetails(int lecturerId)
{
SqlCommand cmd = new SqlCommand("SELECT * FROM Lecturer WHERE LecturerID = @selectedLecturerID", conn);
cmd.Parameters.AddWithValue("@selectedLecturerID", lecturerId);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet result = new DataSet();
conn.Open();
da.Fill(result, "LecturerPasswordDetails");
conn.Close();
LecturerPassword lecturer = new LecturerPassword();
if (result.Tables["LecturerPasswordDetails"].Rows.Count > 0)
{
lecturer.LecturerId = lecturerId;
DataTable table = result.Tables["LecturerPasswordDetails"];
if (!DBNull.Value.Equals(table.Rows[0]["Password"]))
{
lecturer.Password = table.Rows[0]["Password"].ToString();
}
return(lecturer);
}
else
{
return(null);
}
}
//Change Password Page
//GET: Lecturer/Change Function
public ActionResult Change()
{
if ((HttpContext.Session.GetString("Role") == null) ||
(HttpContext.Session.GetString("Role") != "Lecturer"))
{
return(RedirectToAction("Index", "Home"));
}
//set a variable from the session string logged in Lecturer's ID
int id = Convert.ToInt32(HttpContext.Session.GetString("ID"));
//get all the lecturer details based on the ID
LecturerPassword lecturer = new LecturerPassword();
lecturer.LecturerId = id;
return(View(lecturer));
}
public ActionResult Change(LecturerPassword lecturer)
{
if (lecturer.Password == null)
{
return(View(lecturer));
}
//get password details for currently logged in lecturer
LecturerPassword currentLecturer = lecturerContext.getPasswordDetails(Convert.ToInt32(HttpContext.Session.GetString("ID")));
var sha1 = new SHA1CryptoServiceProvider();
var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(lecturer.Password));
string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower();
//if password DOES NOT match the database password...
if (hashedPassword != currentLecturer.Password)
{
ViewData["Message"] = "Current Password Is Incorrect!";
return(View(lecturer));
}
//else continue what is needed to be done
if (ModelState.IsValid)
{
//checks whether the password is the same
if (lecturer.NewPassword == lecturer.ConfirmPassword)
{
//Checks the password whether it contains a digit, hashes the password using SHA-1 and updates the password into the database
if (lecturerContext.ChangePassword(lecturer))
{
ViewData["Message"] = "Password Changed Successfully!";
return(View(lecturer));
}
}
//if password does not match
else
{
ViewData["Message"] = "Password Does Not Match!";
return(View(lecturer));
}
}
//if password field is empty OR does not match the required model from Lecturer.cs, return to view with error message
ViewData["Message"] = "Password Field Did Not Meet Requirements!";
return(View(lecturer));
}
