// checks if password is correct and returns corresponding user
public static Class.User checkPassword(string username, string password)
{
Class.User userLogin = null;
PasswordHandling pw = new PasswordHandling();
try
{
using (MySqlConnection conn = DataAccessBase.GetConnection())
{
conn.Open();
MySqlCommand command = new MySqlCommand("getPassword", conn);
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.AddWithValue("inusername", username);
using (MySqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
// get salt and hash from db
string hashedPassword = reader.GetString(0);
string salt = reader.GetString(1);
// check if password is valid
pw.checkPassword(password, hashedPassword, salt);
}
}
conn.Close();
// log in if user is valid
if (pw.userIsVerified())
{
userLogin = LoginUser(username, pw.getHashedPassword());
}
pw = null;
}
}
catch (Exception)
{
return(null);
}
return(userLogin);
}
public static Result RegisterUser(Class.User u)
{
Result res = new Result();
try
{
PasswordHandling pw = new PasswordHandling();
pw.hashPassword(u.Password);
using (MySqlConnection conn = DataAccessBase.GetConnection())
{
conn.Open();
MySqlCommand command = new MySqlCommand("RegisterUser", conn);
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.AddWithValue("Name", u.Name);
command.Parameters.AddWithValue("Surname", u.Surname);
command.Parameters.AddWithValue("title_Id", u.titleId);
command.Parameters.AddWithValue("Password", pw.getHashedPassword());
command.Parameters.AddWithValue("Salt", pw.getSalt());
command.Parameters.AddWithValue("username", u.Username);
command.Parameters.AddWithValue("Email", u.Email);
command.Parameters.AddWithValue("Type", u.Type);
command.Parameters.AddWithValue("YearOfExperience", u.YearsOfExperience);
command.Parameters.AddWithValue("DateInsert", u.DateInsert);
command.ExecuteNonQuery();
res.result = true;
}
}
catch (Exception ex)
{
res.result = false;
res.Message = ex.Message;
}
return(res);
}
public static Result UpdateProfileView(long iduser, Class.User user)
{
Result res = new Result();
PasswordHandling newPassword = new PasswordHandling();
newPassword.generateSalt();
newPassword.hashPassword(user.Password);
try
{
using (MySqlConnection conn = DataAccessBase.GetConnection())
{
conn.Open();
MySqlCommand command = new MySqlCommand("UpdateProfileView", conn);
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.AddWithValue("name", user.Name);
command.Parameters.AddWithValue("Surname", user.Surname);
command.Parameters.AddWithValue("PW", newPassword.getHashedPassword());
command.Parameters.AddWithValue("Salt", newPassword.getSalt());
command.Parameters.AddWithValue("username", user.Username);
command.Parameters.AddWithValue("Email", user.Email);
command.Parameters.AddWithValue("iduser", iduser);
command.ExecuteNonQuery();
res.result = true;
}
}
catch (Exception ex)
{
res.result = false;
res.Message = ex.Message;
}
return(res);
}
public static Result ChangePasswordUser(string mail)
{
Result res = new Result();
PasswordHandling newPassword = new PasswordHandling();
newPassword.salt_length = 10;
newPassword.generateSalt();
string password = newPassword.getSalt();
newPassword.generateSalt();
newPassword.hashPassword(password);
string dbEmail = "mail address not in db";
string username = "******";
try
{
using (MySqlConnection conn = DataAccessBase.GetConnection())
{
conn.Open();
MySqlCommand command = new MySqlCommand("ChangePassword", conn);
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.AddWithValue("PW", newPassword.getHashedPassword());
command.Parameters.AddWithValue("salt", newPassword.getSalt());
command.Parameters.AddWithValue("Email", mail.Trim());
using (MySqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
if (reader["email"] != DBNull.Value)
{
dbEmail = reader.GetString(0);
}
else
{
dbEmail = "mail address not in db";
}
}
}
res.result = true;
}
}
catch (Exception ex)
{
res.result = false;
res.Message = ex.Message;
}
if (res.result) // if password has been successfully changed, send an email to user
{
if (mail == dbEmail)
{
string salutation = "Sir / Madam";
try
{
using (MySqlConnection conn = DataAccessBase.GetConnection())
{
conn.Open();
MySqlCommand command = new MySqlCommand("getUserWithEmail", conn);
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.AddWithValue("in_email", mail);
using (MySqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
if (reader["Title"] != DBNull.Value)
{
salutation = reader.GetString(0) + " ";
}
if (reader["surname"] != DBNull.Value)
{
salutation += reader.GetString(1);
}
username = reader.GetString(2);
}
}
}
}catch (Exception) {}
List <string> message = Constant.changePasswordMail(salutation, password, username);
MyEmail notification = new MyEmail();
// notification.email.Bcc.Add(notification.sender); // send a copy of the mail to the email address of the admin
notification.sendEmail(mail, message[0], message[1]);
}
else
{
}
}
return(res);
}
