public string UserRecoveryAccount(byte[] ciphertoken, byte[] cipheraccuont,
byte[] Key, byte[] IV)
{
var rsa = new cryptography.SystemSupportRSA();
string userName;
string userMail;
string user;
string alias;
string pass;
string current_token;
//string request = "";
Database.Connect();
command = new OdbcCommand
{
Connection = Database.GetConn(),
CommandType = CommandType.StoredProcedure,
CommandText = "{call csg.User_RecoveryAccount(?)}"
};
command.Parameters.Add("Account", OdbcType.VarChar, 50).Value = rsa.DecryptStringFromBytes_Aes(cipheraccuont, Key, IV);
dataReader = command.ExecuteReader();
//Console.WriteLine("Read(): " + dataReader.Read() + " | HasRows: " + dataReader.HasRows);
if (dataReader.Read())
{
//Validamos que el token vigente coincida
if (rsa.DecryptStringFromBytes_Aes(ciphertoken, Key, IV).Equals(dataReader.GetString(3)))
{
userName = dataReader.GetString(0);
user = dataReader.GetString(1);
userMail = dataReader.GetString(2);
string code = dataReader.GetString(4);
Database.Disconnect();
//Creamos el nuevo token
string new_token = rsa.GetMd5Hash(user + DateTime.Now.Ticks.ToString());
//Actualizamos el token y pasamos el usetoken a SI
UpdateUserToken(new_token, code);
var mailservice = new mailservices.SystemSupportMail();
mailservice.SendRecoveryMail(username: userName, user: user, token: new_token,
subject: "Recuperación de cuenta Control de Servicios y Garantías", to: userMail);
return("s,Por favor revisa tu cuenta de correo " + userMail);
}
else
{
Database.Disconnect();
return("f,No coincide el token");
}
}
else
{
Database.Disconnect();
return("f,Lo sentimos, no existe una cuenta con ese nombre de usuario o" +
" correo electrónico");
}
}
public void UserUpdatePass(byte[] cipherpass, byte[] ciphercode, byte[] Key, byte[] IV)
{
var rsa = new cryptography.SystemSupportRSA();
try
{
Database.Connect();
command = new OdbcCommand()
{
Connection = Database.GetConn(),
CommandType = CommandType.StoredProcedure,
CommandText = "{call csg.User_UpdatePass(?,?)}"
};
command.Parameters.Add("Pass", OdbcType.VarChar, 200).Value = rsa.GetMd5Hash(rsa.DecryptStringFromBytes_Aes(cipherpass, Key, IV));
command.Parameters.Add("Code", OdbcType.VarChar, 20).Value = rsa.DecryptStringFromBytes_Aes(ciphercode, Key, IV);
if (command.ExecuteNonQuery() > 0)
{
//return true;
UserCache.UserPass = rsa.GetMd5Hash(rsa.DecryptStringFromBytes_Aes(cipherpass, Key, IV));
//Console.WriteLine("Actualizó password a " + UserCache.UserPass);
}
else
{
//return false;
//Console.WriteLine("NO actualizó password");
}
}
catch (Exception)
{
throw;
}
finally
{
Database.Disconnect();
}
}
public bool UserLogin(byte[] cipheruser, byte[] cipherpass,
byte[] Key, byte[] IV)
{
var rsa = new cryptography.SystemSupportRSA();
try
{
Database.Connect();
command = new OdbcCommand
{
Connection = Database.GetConn(),
CommandType = CommandType.StoredProcedure,
CommandText = "{call csg.User_Login(?)}"
};
command.Parameters.Add("Account", OdbcType.VarChar, 50).Value = rsa.DecryptStringFromBytes_Aes(cipheruser, Key, IV);
dataReader = command.ExecuteReader();
if (dataReader.Read())
{
UserCache.UserUseToken = dataReader.GetChar(11);
//Console.WriteLine("Usa token: " + UserCache.UserUseToken);
if (rsa.GetMd5Hash(rsa.DecryptStringFromBytes_Aes(cipherpass, Key, IV)).Equals(dataReader.GetString(4)) &&
UserCache.UserUseToken.Equals('N'))
{
//Console.WriteLine("Entra con password");
//Almacenar la variables de sesión
UserCache.UserCode = dataReader.GetString(0);
UserCache.UserDefinition = dataReader.GetString(1);
UserCache.UserAccount = dataReader.GetString(2);
UserCache.UserEmail = dataReader.GetString(3);
UserCache.UserPass = dataReader.GetString(4);
UserCache.UserRol = dataReader.GetString(6);
UserCache.UserRolDefinition = dataReader.GetString(13);
return(true);
}
//SI utiliza token esta en 'S'
else if (rsa.DecryptStringFromBytes_Aes(cipherpass, Key, IV).Equals(dataReader.GetString(5)) &&
UserCache.UserUseToken.Equals('S'))
{
//Console.WriteLine("Entra con token");
//Almacenar la variables de sesión
UserCache.UserCode = dataReader.GetString(0);
UserCache.UserDefinition = dataReader.GetString(1);
UserCache.UserAccount = dataReader.GetString(2);
UserCache.UserEmail = dataReader.GetString(3);
UserCache.UserPass = dataReader.GetString(4);
UserCache.UserRol = dataReader.GetString(6);
UserCache.UserRolDefinition = dataReader.GetString(13);
return(true);
}
}
}
catch (Exception ex)
{
MessageBox.Show("Excepción controlada en UserDAO->UserLogin: "******"Excepción", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
finally
{
Database.Disconnect();
}
return(false);
}
