/// <summary> /// Event handler to click to save the new password into the database /// </summary> /// <param name="sender">The parameter is not used.</param> /// <param name="e">The parameter is not used.</param> private void BtnSaveNewPasswordClick(object sender, EventArgs e) { try { using (var context = new db_sft_2172Entities()) { var userQuery = from u in context.Users where u.UserID.Equals(Program.CurrentUser) select u; var userResult = userQuery.FirstOrDefault(); if (SaltedHash.Verify(userResult.PasswordSalt, userResult.Password, this.txtCurrentPassword.Text)) { if (!string.IsNullOrEmpty(this.txtNewPassword.Text) || !string.IsNullOrEmpty(this.txtConfirmPassword.Text)) { if (this.txtNewPassword.Text == this.txtConfirmPassword.Text) { // Generate salt and salted hash SaltedHash sh = new SaltedHash(this.txtNewPassword.Text); userResult.Password = sh.Hash; userResult.PasswordSalt = sh.Salt; userResult.ResetPassword = null; context.SaveChanges(); this.txtCurrentPassword.Text = string.Empty; this.txtNewPassword.Text = string.Empty; this.txtConfirmPassword.Text = string.Empty; MessageBox.Show(@"Your passsword has been saved!"); this.Close(); } else { MessageBox.Show(@"Passwords do not match!"); } } else { MessageBox.Show(@"New password or confirm password is empty!"); } } else { MessageBox.Show(@"Your current password is incorrect!"); } } } catch (SqlException sqlEx) { MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message); } catch (Exception ex) { MessageBox.Show(ex.Message); } }
/// <summary> /// Method to match password with the database (using salted hash), then login and load the role form /// </summary> /// <param name="username">The username string entered by the user</param> /// <param name="password">The password string entered by the user</param> private void Login(string username, string password) { try { using (db_sft_2172Entities context = new db_sft_2172Entities()) { var userQuery = from u in context.Users where u.UserID.Equals(username) select u; if (userQuery.Any()) { var userResult = userQuery.FirstOrDefault(); // Determine whether user is active. If not, display a message and Logout. if (!userResult.IsActive) { MessageBox.Show( @"Sorry, this user is inactive. Please contact an administrator if you need to reactivate your account."); Program.Logout(); return; } /*************************************************************/ /** Applying salted hash technique to verify password **/ /** **/ /** If you wish to use a non-encrypted password, uncomment **/ /** the first "if" statement below **/ /** Otherwise, uncomment the second "if" to use encryption. **/ /*************************************************************/ if (SaltedHash.Verify(userResult.PasswordSalt, userResult.Password, password)) { // Update static variable containing User ID Program.CurrentUser = userResult.UserID; // If flag is set to reset password, load the Change Password form. if (userResult.ResetPassword != null) { MessageBox.Show( @"Your password is outdated and needs to be changed. Please reset your password now."); ResetMyPassword changePassword = new ResetMyPassword(); changePassword.ShowDialog(); } else { // If any of these three values are true, update static variables if (userResult.IsSupervisor) { Program.IsSupervisor = true; } if (userResult.IsAdmin) { Program.IsAdmin = true; } // Close window once finished this.Close(); } } else { MessageBox.Show(@"Sorry, invalid username or password. Please try again!"); this.txtUsername.Text = string.Empty; this.txtPassword.Text = string.Empty; this.txtUsername.Focus(); } } else { MessageBox.Show(@"Sorry, invalid username or password. Please try again!"); this.txtUsername.Text = string.Empty; this.txtPassword.Text = string.Empty; this.txtUsername.Focus(); } } } catch (SqlException sqlEx) { MessageBox.Show(sqlEx.InnerException != null ? sqlEx.InnerException.Message : sqlEx.Message); } catch (Exception ex) { MessageBox.Show(ex.Message); } }