protected void Page_Load(object sender, EventArgs e) { if (Session["LoggedIn"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) { if (Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client(); var user = client.SelectByEmail(Session["LoggedIn"].ToString()); fname_lb.Text = user.First_Name; lname_lb.Text = user.Last_Name; dob_lb.Text = user.Dob.Date.ToString("dd/MM/yyyy"); email_lb.Text = user.Email; cardname_lb.Text = user.Card_Name; cardnum_lb.Text = user.Card_Num; cvv_lb.Text = user.Card_CVV; expiry_lb.Text = user.Card_Expiry; } else { Response.Redirect("Login.aspx"); } } else { Response.Redirect("Login.aspx"); } }
protected void register_btn_Click(object sender, EventArgs e) { error2_lb.Text = ""; error_lb.Text = ""; bool pass = true; // overall validation bool pmt = false; // personal info empty check bool cmt = false; // cc info empty check // checking if any fields are empty if (String.IsNullOrWhiteSpace(fname_tb.Text) || String.IsNullOrWhiteSpace(lname_tb.Text) || String.IsNullOrWhiteSpace(email_tb.Text) || String.IsNullOrWhiteSpace(dob_tb.Text) || String.IsNullOrWhiteSpace(pw1_tb.Text) || String.IsNullOrWhiteSpace(pw2_tb.Text)) { error_lb.Text = "Please fill all fields. <br>"; pmt = true; } if (String.IsNullOrWhiteSpace(name_cc.Text) || String.IsNullOrWhiteSpace(cardno_cc.Text) || String.IsNullOrWhiteSpace(cvv_cc.Text) || String.IsNullOrWhiteSpace(expiry_cc.Text)) { error2_lb.Text = "Please fill all fields. <br>"; cmt = true; } if (!pmt) { // checks if user exists DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client(); var user = client.SelectByEmail(email_tb.Text.Trim()); if (user != null) { error_lb.Text = error_lb.Text + "User already exists."; pass = false; } Regex nameRegex = new Regex("[A-Za-z]"); if (!nameRegex.IsMatch(fname_tb.Text.Trim()) || !nameRegex.IsMatch(lname_tb.Text.Trim())) { error_lb.Text = error_lb.Text + "Please input a valid name <br>"; pass = false; } // as long as dob is not today or in the future if (Convert.ToDateTime(dob_tb.Text.Trim()) >= DateTime.Now.Date) { error_lb.Text = error_lb.Text + "Please input a valid date of birth <br>"; pass = false; } Regex pwRegex = new Regex(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}"); if (!pwRegex.IsMatch(pw1_tb.Text.Trim())) { error_lb.Text = error_lb.Text + "Please input a password that fulfills all criteria <br>"; pass = false; } if (pw1_tb.Text.Trim() != pw2_tb.Text.Trim()) { error_lb.Text = error_lb.Text + "Passwords must match <br>"; pass = false; } } if (!cmt) { // validating credit card name is 2 words, number is 16 digits, cvv is 3 digits and date is valid Regex nameRegex = new Regex(@"^[A-Za-z]+\s+[A-Za-z]+$"); if (!nameRegex.IsMatch(name_cc.Text.Trim())) { error2_lb.Text = error2_lb.Text + "Please input a valid name <br>"; pass = false; } Regex numRegex = new Regex(@"^([0-9]{4}\s*){4}$"); if (!numRegex.IsMatch(cardno_cc.Text.Trim())) { error2_lb.Text = error2_lb.Text + "Please input a valid card number <br>"; pass = false; } Regex cvvRegex = new Regex("^[0-9]{3}$"); if (!cvvRegex.IsMatch(cvv_cc.Text.Trim())) { error2_lb.Text = error2_lb.Text + "Please input a valid CVV <br>"; pass = false; } Regex expiryRegex = new Regex("^[0-9]{2}[/]{1}[0-9]{2}$"); if (!expiryRegex.IsMatch(expiry_cc.Text.Trim())) { error2_lb.Text = error2_lb.Text + "Please input a valid expiry date <br>"; pass = false; } else { string date = expiry_cc.Text.Trim(); string[] split = date.Split('/'); DateTime expiry = Convert.ToDateTime("01/" + split[0] + "/20" + split[1]); if (expiry <= DateTime.Now.Date) { error2_lb.Text = error2_lb.Text + "Please check your card's expiry <br>"; pass = false; } } } if (pass && !pmt && !cmt) { DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client(); // retrieving data to hash string pw = pw1_tb.Text; // initializing bytes for salts RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] pwsaltbyte = new byte[8]; // getting random salt bytes and converting into string rng.GetBytes(pwsaltbyte); string pwsalt = Convert.ToBase64String(pwsaltbyte); // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after string saltedpw = pw.ToString() + pwsalt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); RijndaelManaged cipher = new RijndaelManaged(); cipher.GenerateKey(); client.CreateAccount(email_tb.Text.Trim(), hashedpw, pwsalt, fname_tb.Text.Trim(), lname_tb.Text.Trim(), Convert.ToDateTime(dob_tb.Text.Trim()), name_cc.Text.Trim(), cardno_cc.Text.Trim(), cvv_cc.Text.Trim(), expiry_cc.Text.Trim(), cipher.IV, cipher.Key); Response.Redirect("Login.aspx"); } }
protected void login_btn_Click(object sender, EventArgs e) { bool mt = false; bool pass; if (String.IsNullOrWhiteSpace(email_tb.Text) || String.IsNullOrWhiteSpace(pwd_tb.Text)) { error_lb.Text = "Please fill all fields"; mt = true; } if (!mt) { DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client(); var user = client.SelectByEmail(email_tb.Text.Trim()); if (user == null) { error_lb.Text = "Invalid credentials pp"; pass = false; } else { var suspended = client.CheckSuspended(user.Email); if (suspended) { int span = 30 - Convert.ToInt16(DateTime.Now.Subtract(Convert.ToDateTime(user.Suspended_Since)).TotalMinutes); error_lb.Text = "Your account has been locked. Please wait " + span + " minutes before trying again."; pass = false; } else { string salt = user.Password_Salt; // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after string saltedpw = pwd_tb.Text.Trim() + salt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); if (hashedpw == user.Password) { client.CheckAttempts(user.Email, true); pass = true; } else { client.CheckAttempts(user.Email, false); error_lb.Text = "Invalid credentials"; pass = false; } } } if (pass && !mt && ValidateCaptcha()) { // log in Session["LoggedIn"] = user.Email; string guid = Guid.NewGuid().ToString(); Session["AuthToken"] = guid; Response.Cookies.Add(new HttpCookie("AuthToken", guid)); Response.Redirect("Home.aspx"); } } }
protected void submit_btn_Click(object sender, EventArgs e) { DBServiceReference1.Service1Client client = new DBServiceReference1.Service1Client(); error_lb.Text = ""; bool pass = true; // overall validation bool mt = false; // empty check string salt = ""; string hashednew = ""; // checking if any fields are empty if (String.IsNullOrWhiteSpace(current_tb.Text) || String.IsNullOrWhiteSpace(new_tb.Text) || String.IsNullOrWhiteSpace(new2_tb.Text)) { error_lb.Text = "Please fill all fields. <br>"; mt = true; } if (!mt) { // checks if user exists var user = client.SelectByEmail(Session["LoggedIn"].ToString()); // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after salt = user.Password_Salt; string saltedpw = current_tb.Text.Trim() + salt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); if (hashedpw != user.Password) { error_lb.Text = error_lb.Text + "Incorrect password <br>"; pass = false; } string saltednew = new_tb.Text.Trim() + salt; hashednew = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltednew))); if (hashednew == user.Password || hashednew == user.Password_Last1 || hashednew == user.Password_Last2) { error_lb.Text = error_lb.Text + "New password cannot be the same as current or previous 2 passwords <br>"; pass = false; } Regex pwRegex = new Regex(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}"); if (!pwRegex.IsMatch(new_tb.Text.Trim())) { error_lb.Text = error_lb.Text + "Please input a password that fulfills all criteria <br>"; pass = false; } TimeSpan span = DateTime.Now.Subtract(user.Password_Age); if (Convert.ToInt16(span.TotalMinutes) <= 5) { error_lb.Text = error_lb.Text + "You must wait " + (5 - Convert.ToInt16(span.TotalMinutes)).ToString() + " more minutes to change your password <br>"; pass = false; } } if (!mt && pass) { int result = client.ChangePassword(Session["LoggedIn"].ToString(), hashednew); if (result == 1) { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } else { error_lb.Text = "Unable to change password. Please try again later."; } } }