Exemplo n.º 1
0
 private void btnLoginAuthentication_Click(object sender, EventArgs e)
 {
     //Check for empty field
     if (!string.IsNullOrEmpty(txtCode.Text))
     {
         //Check if unique code matche
         if (uniqueCode == txtCode.Text)
         {
             //Check if 5 minutes have passed since the code was created
             if (DateTime.Now.Minute > (dateTimeCode.Minute + 5))
             {
                 //Notify user - code expired
                 MessageBox.Show("The unique code is no longer valid. \n Authentication failed!");
             }
             else
             {
                 //Create main form
                 Form_Main mainForm = new Form_Main(user);
                 //Hide this form
                 Hide();
                 //Show main form
                 mainForm.ShowDialog();
                 //Close this form
                 Close();
             }
         }
         else
         {
             MessageBox.Show("Invalid code.");
         }
     }
     else
     {
         MessageBox.Show("No code has been added!");
     }
 }
Exemplo n.º 2
0
        private void btnLogin_Click(object sender, EventArgs e)
        {
            //Check input validation
            if (!ValidationError())
            {
                //Check for sql injection
                if (!SqlInjectionDetected())
                {
                    //Check if email is valid
                    if (emailChecker.CheckEmail(txtEmail.Text))
                    {
                        //Create query to selecte the user's info
                        string query = "SELECT * FROM users WHERE email = @email and password = @password";

                        //Create table to store the data from database
                        DataTable dt = db.QueryReader(query, p =>
                        {
                            p.Add("@email", DbType.String).Value    = encrypt.EncryptData(txtEmail.Text);
                            p.Add("@password", DbType.String).Value = encrypt.EncryptData(txtPassword.Text);
                        });

                        //Check for result (empty returns means there is no row)
                        if (dt.Rows.Count != 0)
                        {
                            //Store the data from datatabase
                            string dbEmail           = dt.Rows[0]["email"].ToString();
                            string dbPassword        = dt.Rows[0]["password"].ToString();
                            string dbId              = dt.Rows[0]["ID"].ToString();
                            string dbFirstName       = dt.Rows[0]["first_name"].ToString();
                            string dbLastName        = dt.Rows[0]["last_name"].ToString();
                            bool   dbMultiFactorAuth = (bool)dt.Rows[0]["two_factor_authentication"];

                            //Check for second time if email and password are correct
                            if (encrypt.DecryptData(dbEmail) == txtEmail.Text && encrypt.DecryptData(dbPassword) == txtPassword.Text)
                            {
                                //Check if user object is created
                                if (user == null)
                                {
                                    //Create user object
                                    user = new User();
                                }

                                //Initialise all properties with the data from database
                                user.Id        = Convert.ToInt32(dbId);
                                user.FirstName = dbFirstName;
                                user.LastName  = dbLastName;
                                user.Email     = dbEmail;
                                user.Password  = dbPassword;
                                user.MultiFactorAuthentication = dbMultiFactorAuth;

                                if (!user.MultiFactorAuthentication)
                                {
                                    //Create main form
                                    Form_Main mainForm = new Form_Main(user);
                                    //Hide this form
                                    Hide();
                                    //Show main form
                                    mainForm.ShowDialog();
                                    //Close this form
                                    Close();
                                }
                                else
                                {
                                    panelEmail.Visible  = true;
                                    lblMauthTile.Text   = "Authentication code";
                                    lblMsgMauth.Visible = false;
                                    txtCode.Visible     = true;

                                    //Create a random code
                                    uniqueCode = CreateRandomCode(10);
                                    //Create a time to determinate when the code was created
                                    dateTimeCode = DateTime.Now;

                                    //Create a query to insert the code into database
                                    query = "Update unique_codes SET code = @code, time = @time WHERE user_id = @userID";

                                    //Query the database. add parameters
                                    db.NonQuery(query, p =>
                                    {
                                        p.Add("@userID", DbType.Int32).Value  = user.Id;
                                        p.Add("@code", DbType.String).Value   = uniqueCode;
                                        p.Add("@time", DbType.DateTime).Value = dateTimeCode;
                                    });

                                    Task.Run(() =>
                                    {
                                        //Send email to the user with the created code
                                        emailServices.SendEmail(encrypt.DecryptData(user.Email), uniqueCode);
                                    });
                                    MessageBox.Show("Multi factor authentication is enabled. An email has been send with a validation code.");
                                }
                            }
                            else
                            {
                                //Notify user whne passowrd or email is wrong from second check (databse result)
                                MessageBox.Show("Email or password is wrong!");
                            }
                        }
                        else
                        {
                            //Notify user whne passowrd or email is wrong from first check (user's input)
                            MessageBox.Show("Email or password is wrong!");
                        }
                    }
                    else
                    {
                        //Notifiy user- invalid email
                        MessageBox.Show("Invalid email");
                    }
                }
            }
            else
            {
                //Notify user when is empty field
                MessageBox.Show("You must complete all fields");
            }
        }