protected void Page_Load(object sender, EventArgs e)
{
if (Session["LoggedIn"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null)
{
if (Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value))
{
DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client();
var user = client.SelectByEmail(Session["LoggedIn"].ToString());
fname_lb.Text = user.First_Name;
lname_lb.Text = user.Last_Name;
dob_lb.Text = user.Dob.Date.ToString("dd/MM/yyyy");
email_lb.Text = user.Email;
cardname_lb.Text = user.Card_Name;
cardnum_lb.Text = user.Card_Num;
cvv_lb.Text = user.Card_CVV;
expiry_lb.Text = user.Card_Expiry;
}
else
{
Response.Redirect("Login.aspx");
}
}
else
{
Response.Redirect("Login.aspx");
}
}
protected void register_btn_Click(object sender, EventArgs e)
{
error2_lb.Text = "";
error_lb.Text = "";
bool pass = true; // overall validation
bool pmt = false; // personal info empty check
bool cmt = false; // cc info empty check
// checking if any fields are empty
if (String.IsNullOrWhiteSpace(fname_tb.Text) || String.IsNullOrWhiteSpace(lname_tb.Text) || String.IsNullOrWhiteSpace(email_tb.Text) || String.IsNullOrWhiteSpace(dob_tb.Text) || String.IsNullOrWhiteSpace(pw1_tb.Text) || String.IsNullOrWhiteSpace(pw2_tb.Text))
{
error_lb.Text = "Please fill all fields. <br>";
pmt = true;
}
if (String.IsNullOrWhiteSpace(name_cc.Text) || String.IsNullOrWhiteSpace(cardno_cc.Text) || String.IsNullOrWhiteSpace(cvv_cc.Text) || String.IsNullOrWhiteSpace(expiry_cc.Text))
{
error2_lb.Text = "Please fill all fields. <br>";
cmt = true;
}
if (!pmt)
{
// checks if user exists
DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client();
var user = client.SelectByEmail(email_tb.Text.Trim());
if (user != null)
{
error_lb.Text = error_lb.Text + "User already exists.";
pass = false;
}
Regex nameRegex = new Regex("[A-Za-z]");
if (!nameRegex.IsMatch(fname_tb.Text.Trim()) || !nameRegex.IsMatch(lname_tb.Text.Trim()))
{
error_lb.Text = error_lb.Text + "Please input a valid name <br>";
pass = false;
}
// as long as dob is not today or in the future
if (Convert.ToDateTime(dob_tb.Text.Trim()) >= DateTime.Now.Date)
{
error_lb.Text = error_lb.Text + "Please input a valid date of birth <br>";
pass = false;
}
Regex pwRegex = new Regex(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}");
if (!pwRegex.IsMatch(pw1_tb.Text.Trim()))
{
error_lb.Text = error_lb.Text + "Please input a password that fulfills all criteria <br>";
pass = false;
}
if (pw1_tb.Text.Trim() != pw2_tb.Text.Trim())
{
error_lb.Text = error_lb.Text + "Passwords must match <br>";
pass = false;
}
}
if (!cmt)
{
// validating credit card name is 2 words, number is 16 digits, cvv is 3 digits and date is valid
Regex nameRegex = new Regex(@"^[A-Za-z]+\s+[A-Za-z]+$");
if (!nameRegex.IsMatch(name_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid name <br>";
pass = false;
}
Regex numRegex = new Regex(@"^([0-9]{4}\s*){4}$");
if (!numRegex.IsMatch(cardno_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid card number <br>";
pass = false;
}
Regex cvvRegex = new Regex("^[0-9]{3}$");
if (!cvvRegex.IsMatch(cvv_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid CVV <br>";
pass = false;
}
Regex expiryRegex = new Regex("^[0-9]{2}[/]{1}[0-9]{2}$");
if (!expiryRegex.IsMatch(expiry_cc.Text.Trim()))
{
error2_lb.Text = error2_lb.Text + "Please input a valid expiry date <br>";
pass = false;
}
else
{
string date = expiry_cc.Text.Trim();
string[] split = date.Split('/');
DateTime expiry = Convert.ToDateTime("01/" + split[0] + "/20" + split[1]);
if (expiry <= DateTime.Now.Date)
{
error2_lb.Text = error2_lb.Text + "Please check your card's expiry <br>";
pass = false;
}
}
}
if (pass && !pmt && !cmt)
{
DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client();
// retrieving data to hash
string pw = pw1_tb.Text;
// initializing bytes for salts
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] pwsaltbyte = new byte[8];
// getting random salt bytes and converting into string
rng.GetBytes(pwsaltbyte);
string pwsalt = Convert.ToBase64String(pwsaltbyte);
// initializing hashing thingy
SHA512Managed hashing = new SHA512Managed();
// salting plaintext and hashing after
string saltedpw = pw.ToString() + pwsalt;
string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw)));
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
client.CreateAccount(email_tb.Text.Trim(), hashedpw, pwsalt, fname_tb.Text.Trim(), lname_tb.Text.Trim(), Convert.ToDateTime(dob_tb.Text.Trim()), name_cc.Text.Trim(), cardno_cc.Text.Trim(), cvv_cc.Text.Trim(), expiry_cc.Text.Trim(), cipher.IV, cipher.Key);
Response.Redirect("Login.aspx");
}
}
protected void login_btn_Click(object sender, EventArgs e)
{
bool mt = false;
bool pass;
if (String.IsNullOrWhiteSpace(email_tb.Text) || String.IsNullOrWhiteSpace(pwd_tb.Text))
{
error_lb.Text = "Please fill all fields";
mt = true;
}
if (!mt)
{
DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client();
var user = client.SelectByEmail(email_tb.Text.Trim());
if (user == null)
{
error_lb.Text = "Invalid credentials pp";
pass = false;
}
else
{
var suspended = client.CheckSuspended(user.Email);
if (suspended)
{
int span = 30 - Convert.ToInt16(DateTime.Now.Subtract(Convert.ToDateTime(user.Suspended_Since)).TotalMinutes);
error_lb.Text = "Your account has been locked. Please wait " + span + " minutes before trying again.";
pass = false;
}
else
{
string salt = user.Password_Salt;
// initializing hashing thingy
SHA512Managed hashing = new SHA512Managed();
// salting plaintext and hashing after
string saltedpw = pwd_tb.Text.Trim() + salt;
string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw)));
if (hashedpw == user.Password)
{
client.CheckAttempts(user.Email, true);
pass = true;
}
else
{
client.CheckAttempts(user.Email, false);
error_lb.Text = "Invalid credentials";
pass = false;
}
}
}
if (pass && !mt && ValidateCaptcha())
{
// log in
Session["LoggedIn"] = user.Email;
string guid = Guid.NewGuid().ToString();
Session["AuthToken"] = guid;
Response.Cookies.Add(new HttpCookie("AuthToken", guid));
Response.Redirect("Home.aspx");
}
}
}
protected void submit_btn_Click(object sender, EventArgs e)
{
DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client();
error_lb.Text = "";
bool pass = true; // overall validation
bool mt = false; // empty check
string salt = "";
string hashednew = "";
// checking if any fields are empty
if (String.IsNullOrWhiteSpace(current_tb.Text) || String.IsNullOrWhiteSpace(new_tb.Text) || String.IsNullOrWhiteSpace(new2_tb.Text))
{
error_lb.Text = "Please fill all fields. <br>";
mt = true;
}
if (!mt)
{
// checks if user exists
var user = client.SelectByEmail(Session["LoggedIn"].ToString());
// initializing hashing thingy
SHA512Managed hashing = new SHA512Managed();
// salting plaintext and hashing after
salt = user.Password_Salt;
string saltedpw = current_tb.Text.Trim() + salt;
string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw)));
if (hashedpw != user.Password)
{
error_lb.Text = error_lb.Text + "Incorrect password <br>";
pass = false;
}
string saltednew = new_tb.Text.Trim() + salt;
hashednew = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltednew)));
if (hashednew == user.Password || hashednew == user.Password_Last1 || hashednew == user.Password_Last2)
{
error_lb.Text = error_lb.Text + "New password cannot be the same as current or previous 2 passwords <br>";
pass = false;
}
Regex pwRegex = new Regex(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}");
if (!pwRegex.IsMatch(new_tb.Text.Trim()))
{
error_lb.Text = error_lb.Text + "Please input a password that fulfills all criteria <br>";
pass = false;
}
TimeSpan span = DateTime.Now.Subtract(user.Password_Age);
if (Convert.ToInt16(span.TotalMinutes) <= 5)
{
error_lb.Text = error_lb.Text + "You must wait " + (5 - Convert.ToInt16(span.TotalMinutes)).ToString() + " more minutes to change your password <br>";
pass = false;
}
}
if (!mt && pass)
{
int result = client.ChangePassword(Session["LoggedIn"].ToString(), hashednew);
if (result == 1)
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
Response.Redirect("Login.aspx");
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["AuthToken"] != null)
{
Response.Cookies["AuthToken"].Value = string.Empty;
Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20);
}
}
else
{
error_lb.Text = "Unable to change password. Please try again later.";
}
}
}
