Пример #1
0
    /// <summary>
    /// Used to get the password of a user
    /// </summary>
    /// <param name="email">Email of the user</param>
    /// <returns>returns the decrypted password</returns>
    public string GetAccountPassword(string email)
    {
        try
        {
            using (SqlConnection connection = new SqlConnection(conStr))
            {
                using (SqlCommand command = new SqlCommand("spGetAccountPassword", connection))
                {
                    command.CommandType = CommandType.StoredProcedure;
                    command.Parameters.Add("email", SqlDbType.VarChar, 99).Value = DBConvert.From(email);
                    connection.Open();

                    using (SqlDataReader reader = command.ExecuteReader())
                    {
                        if (reader.Read())
                        {
                            return(PassHash.MD5HashDecrypt(DBConvert.To <string>(reader[0])));
                        }
                    }
                }
            }
            return(null);
        }
        catch
        {
            return(null);
        }
    }
Пример #2
0
        internal static PassHash GenerateHash(SecureString secPassword, byte[] prevSalt)
        {
            try
            {
                byte[] salt   = prevSalt;
                var    pbkdf2 = new Rfc2898DeriveBytes(Marshal.PtrToStringBSTR(Marshal.SecureStringToBSTR(secPassword)), salt, 20000);

                byte[] hash      = pbkdf2.GetBytes(20);
                byte[] hashBytes = new byte[52];
                Array.Copy(salt, 0, hashBytes, 0, SaltBytes);         //copy salt into hashBytes
                Array.Copy(hash, 0, hashBytes, SaltBytes, HashBytes); //copy hash into hashBytes

                string savedPasswordHash = Convert.ToBase64String(hashBytes);
                string savedSalt         = Convert.ToBase64String(salt);

                var passHash = new PassHash
                {
                    Salt = savedSalt, Hash = savedPasswordHash
                };
                return(passHash);
            }
            catch (Exception ex)
            {
                App.Logger.Error(ex, "Could not generate password hash");
                return(new PassHash());
            }
        }
Пример #3
0
        private void setCurrentSalesPerson(SqlConnection con, string username, string password)
        {
            string     passHashed = new PassHash().PassHashResult(password);
            SqlCommand com        = new SqlCommand("UPDATE TABLE_USERDATA SET ACTIVE = 1 WHERE USERNAME = @UN AND PASSWORD = @PWH", con);

            com.Parameters.Add("UN", username);
            com.Parameters.Add("PWH", passHashed);
            com.ExecuteNonQuery();
        }
Пример #4
0
 public static void test_addUser(string userID, string password)
 {
     string[] saltHash = PassHash.CreatePassHash(password);
     Debug.Assert(social_network.addUser(userID, saltHash[0], saltHash[1], new List <int>()
     {
     }, new List <string>()
     {
     }));
 }
Пример #5
0
        private void addAccount(SqlConnection con, string username, string password, int userLevel, string fullname)
        {
            string     passEncoded = new PassHash().PassHashResult(password);
            int        defaultStat = 0;
            SqlCommand adminAdd    = new SqlCommand("INSERT INTO TABLE_USERDATA(USERNAME,PASSWORD,FULLNAME,USERLEVEL,ACTIVE) VALUES (@UN,@PASS,@FN,@UL,@STAT)", con);

            adminAdd.Parameters.Add("UN", username);
            adminAdd.Parameters.Add("PASS", passEncoded);
            adminAdd.Parameters.Add("FN", fullname);
            adminAdd.Parameters.Add("UL", userLevel);
            adminAdd.Parameters.Add("STAT", defaultStat);
            adminAdd.ExecuteNonQuery();
        }
Пример #6
0
        private Boolean isCredentialsMatch(SqlConnection con, string username, string password)
        {
            Boolean    res        = false;
            string     passHashed = new PassHash().PassHashResult(password);
            SqlCommand com        = new SqlCommand("SELECT * FROM TABLE_USERDATA WHERE USERNAME = @UN AND PASSWORD = @PWH", con);

            com.Parameters.Add("UN", username);
            com.Parameters.Add("PWH", passHashed);
            SqlDataReader reader = com.ExecuteReader();

            res = reader.HasRows;
            reader.Close();
            return(res);
        }
Пример #7
0
        private string ForgotPasswordUpdate(Cuenta user)
        {
            string password = Guid.NewGuid().ToString("N").ToLower()
                              .Replace("1", "").Replace("o", "").Replace("0", "")
                              .Substring(0, 10);
            string salt = PassSalt.Create();
            string hash = PassHash.Create(password, salt);

            user.Passwd = hash;
            user.Salt   = salt;
            _context.SaveChanges();

            return(password);
        }
Пример #8
0
        public Cuenta VerificarLogin(string usuario, string passwd)
        {
            var user = _context.Cuenta
                       .Include(c => c.PersonaCuenta)
                       .SingleOrDefault(x => x.Usuario == usuario);

            if (user != null)
            {
                bool verifico = PassHash.Validate(passwd, user.Salt, user.Passwd);
                if (verifico)
                {
                    return(user);
                }
            }
            return(null);
        }
Пример #9
0
        public bool ActualizarPassword(string email, string passwordAntiguo, string passwordActual)
        {
            var    c      = _context.Cuenta.SingleOrDefault(x => x.Email == email);
            Cuenta cuenta = VerificarLogin(c.Usuario, passwordAntiguo);

            if (cuenta != null)
            {
                string salt = PassSalt.Create();
                string hash = PassHash.Create(passwordActual, salt);
                cuenta.Passwd = hash;
                cuenta.Salt   = salt;
                _context.SaveChanges();
                return(true);
            }
            return(false);
        }
Пример #10
0
        private int getUserLevel(SqlConnection con, string username, string password)
        {
            int        UL         = 0;
            string     passHashed = new PassHash().PassHashResult(password);
            SqlCommand com        = new SqlCommand("SELECT * FROM TABLE_USERDATA WHERE USERNAME = @UN AND PASSWORD = @PWH", con);

            com.Parameters.Add("UN", username);
            com.Parameters.Add("PWH", passHashed);
            SqlDataReader reader = com.ExecuteReader();

            while (reader.Read())
            {
                UL = Convert.ToInt32(reader[3]);
            }
            reader.Close();
            return(UL);
        }
Пример #11
0
 public IActionResult Add(AdministradorViewModel model)
 {
     if (ModelState.IsValid)
     {
         var cookieValue = Request.Cookies["UrlFacultad"];
         multyTenancyService.SeleccionarNodoFacultad(cookieValue);
         string salt = PassSalt.Create();
         string hash = PassHash.Create(model.Password, salt);
         var    a    = new Administrador()
         {
             Nombre   = model.Nombre,
             Apellido = model.Apellido,
             Usuario  = model.Usuario,
             Passwd   = hash,
             Salt     = salt,
         };
         userService.AddAdministrador(a, model.Tipo_Administrador, model.Facultad);
         return(RedirectToAction("Index"));
     }
     return(View(model));
 }
Пример #12
0
        private void hasUserData(SqlConnection con)
        {
            SqlCommand    com    = new SqlCommand("SELECT * FROM TABLE_USERDATA", con);
            SqlDataReader reader = com.ExecuteReader();
            Boolean       rows   = reader.HasRows;

            reader.Close();
            if (rows == false)
            {
                int        defaultStat = 0;
                int        adminUL     = 4;
                string     passEncoded = new PassHash().PassHashResult("admin");
                SqlCommand adminAdd    = new SqlCommand("INSERT INTO TABLE_USERDATA(USERNAME,PASSWORD,FULLNAME,USERLEVEL,ACTIVE) VALUES (@UN,@PASS,@FN,@UL,@STAT)", con);
                adminAdd.Parameters.Add("UN", "admin");
                adminAdd.Parameters.Add("PASS", passEncoded);
                adminAdd.Parameters.Add("FN", "Administrator");
                adminAdd.Parameters.Add("UL", adminUL);
                adminAdd.Parameters.Add("STAT", defaultStat);
                adminAdd.ExecuteNonQuery();
            }
        }
Пример #13
0
        public bool CrearCuentaAdministrador(string nombre, string apellido, string usuario, string password, string tipoAdministrador, int IdFacultad)
        {
            try {
                var salt          = PassSalt.Create();
                var hash          = PassHash.Create(password, salt);
                var administrador = new Administrador()
                {
                    Nombre   = nombre,
                    Apellido = apellido,
                    Usuario  = usuario,
                    Passwd   = hash,
                    Salt     = salt
                };
                _contextoGeneral.Administrador.Add(administrador);
                _contextoGeneral.SaveChanges();

                if (tipoAdministrador == "Facultad")
                {
                    var tipoAdminFac = new AdministradorFacultad()
                    {
                        FacultadId      = IdFacultad,
                        AdministradorId = administrador.Id
                    };
                    _contextoGeneral.AdministradorFacultad.Add(tipoAdminFac);
                }
                else
                {
                    var tipoAdminUdelar = new AdministradorUdelar()
                    {
                        AdministradorId = administrador.Id
                    };
                    _contextoGeneral.AdministradorUdelar.Add(tipoAdminUdelar);
                }
                _contextoGeneral.SaveChanges();
            } catch (Exception ex) {
                Console.WriteLine(ex);
                return(false);
            }
            return(true);
        }
Пример #14
0
        public PersonaCuentaResponse VerificarLoginAdministradores(string usuario, string passwd)
        {
            var user = _contextoGeneral.Administrador
                       .Include(c => c.AdminFacultad)
                       .Include(c => c.AdminUdelar)
                       .SingleOrDefault(x => x.Usuario == usuario);

            if (user != null)
            {
                bool verifico = PassHash.Validate(passwd, user.Salt, user.Passwd);
                if (verifico)
                {
                    var tipoUsaurio = "Facultad";
                    var adminF      = _contextoGeneral.AdministradorFacultad
                                      .SingleOrDefault(x => x.AdministradorId == user.Id);
                    if (adminF == null)
                    {
                        tipoUsaurio = "Udelar";
                    }
                    return(new PersonaCuentaResponse(user.Id, user.Nombre, user.Apellido, user.Usuario, tipoUsaurio, true));
                }
            }
            return(null);
        }
Пример #15
0
        public bool CrearCuenta(CreateUserRequest model)
        {
            if (model.GoogleId == null)                                 //Register Interno
            {
                if (!VerificarCuentaDatos(model.Usuario, model.Cedula)) //si esto es falso osea que no hay datos existentes
                {
                    var salt = PassSalt.Create();
                    var hash = PassHash.Create(model.Password, salt);
                    try {
                        var persona = new Persona()
                        {
                            Ci       = model.Cedula,
                            Nombre   = model.Nombre,
                            Apellido = model.Apellido,
                        };
                        _context.Persona.Add(persona);
                        _context.SaveChanges();

                        var cuenta = new Cuenta()
                        {
                            Usuario        = model.Usuario,
                            Passwd         = hash, //Hash
                            Salt           = salt, //Salt
                            Email          = model.Email,
                            NumeroTelefono = model.Telefono,
                            TipoCuenta     = model.TipoCuenta,
                            PersonaId      = persona.Id,
                        };
                        _context.Cuenta.Add(cuenta);
                        _context.SaveChanges();

                        return(true);
                    } catch (Exception ex) {
                        Console.WriteLine(ex);
                        return(false);
                    }
                }
            }
            else    //Register google
            {
                var user = VerificarCuentaGoogle(model.GoogleId);
                if (user == null)
                {
                    var persona = new Persona()
                    {
                        Ci       = model.Cedula,
                        Nombre   = model.Nombre,
                        Apellido = model.Apellido,
                    };
                    _context.Persona.Add(persona);
                    _context.SaveChanges();

                    var cuenta = new Cuenta()
                    {
                        Usuario        = model.GoogleId,
                        Email          = model.Email,
                        NumeroTelefono = model.Telefono,
                        TipoCuenta     = model.TipoCuenta,
                        PersonaId      = persona.Id,
                    };
                    _context.Cuenta.Add(cuenta);
                    _context.SaveChanges();

                    var cunetaGoogle = new CuentaGoogle()
                    {
                        CuentaId = cuenta.Id,
                        GoogleId = model.GoogleId,
                        ImgUrl   = model.ImgUrl
                    };
                    _context.CuentaGoogle.Add(cunetaGoogle);
                    _context.SaveChanges();
                    return(true);
                }
            }

            return(false);
        }
Пример #16
0
    /// <summary>
    /// Used to update the user's account password
    /// </summary>
    /// <param name="account_id">ID assigned to the user's account</param>
    /// <param name="old_password">Current password of the user</param>
    /// <param name="new_password">New password supplied by the user</param>
    /// <returns>returns positive integer if success otherwise failed</returns>
    public int UpdateAccountPassword(int account_id, string old_password, string new_password)
    {
        try
        {
            using (SqlConnection connection = new SqlConnection(conStr))
            {
                using (SqlCommand command = new SqlCommand("spUpdateAccountPassword", connection))
                {
                    command.CommandType = CommandType.StoredProcedure;
                    command.Parameters.Add("account_id", SqlDbType.Int).Value    = DBConvert.From(account_id);
                    command.Parameters.Add("oldPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(old_password));
                    command.Parameters.Add("newPw", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(new_password));
                    connection.Open();

                    return((int)command.ExecuteScalar());
                }
            }
        }
        catch
        {
            return(-1);
        }
    }
Пример #17
0
        public string GetHashedPassword(string password)
        {
            PassHash ph = new PassHash();

            return(ph.GetHashedPassword(password));
        }
Пример #18
0
    /// <summary>
    /// Used to add a new user account after successfull registration
    /// </summary>
    /// <param name="account">Account object which contains the supplied information by the user</param>
    /// <returns>Returns integer value -69 if username exists, -70 if email exists, -1 if failed, and 1 if success</returns>
    public int AddAccount(Account account)
    {
        try
        {
            using (SqlConnection connection = new SqlConnection(conStr))
            {
                using (SqlCommand command = new SqlCommand("spAddAccount", connection))
                {
                    command.CommandType = CommandType.StoredProcedure;
                    command.Parameters.Add("firstname", SqlDbType.VarChar, 99).Value = DBConvert.From(account.FirstName);
                    command.Parameters.Add("lastname", SqlDbType.VarChar, 99).Value  = DBConvert.From(account.LastName);
                    command.Parameters.Add("birthday", SqlDbType.Date).Value         = DBConvert.From(account.Birthday);
                    command.Parameters.Add("email", SqlDbType.VarChar, 99).Value     = DBConvert.From(account.Email);
                    command.Parameters.Add("username", SqlDbType.VarChar, 99).Value  = DBConvert.From(account.Username);
                    command.Parameters.Add("password", SqlDbType.VarChar, 99).Value  = DBConvert.From(PassHash.MD5Hash(account.Password));
                    connection.Open();

                    return((int)command.ExecuteScalar());
                }
            }
        }
        catch
        {
            return(-1);
        }
    }
Пример #19
0
    /// <summary>
    /// Used to authenticate the user credentials before accessing the main interface of the application
    /// </summary>
    /// <param name="username">Username of the user</param>
    /// <param name="password">Password of the user</param>
    /// <returns>returns the account id of the authenticated user</returns>
    public int LoginAccount(string username, string password)
    {
        try
        {
            using (SqlConnection connection = new SqlConnection(conStr))
            {
                using (SqlCommand command = new SqlCommand("spLoginAccount", connection))
                {
                    command.CommandType = CommandType.StoredProcedure;
                    command.Parameters.Add("username", SqlDbType.VarChar, 99).Value = DBConvert.From(username);
                    command.Parameters.Add("password", SqlDbType.VarChar, 99).Value = DBConvert.From(PassHash.MD5Hash(password));
                    connection.Open();

                    return((int)command.ExecuteScalar()); //returns id of user
                }
            }
        }
        catch
        {
            return(-1);
        }
    }