public void CreateSalt_CreatesSalt() { var passwordHash = new PasswordHash(); var salt = passwordHash.CreateSalt(); Assert.Less(0, salt.Length); }
public static void Intialize() { if (initialized == false) { Presto.Sequence.Add <User>(); Presto.Define <User>(x => { var passwordHash = new PasswordHash(); x.ID = Presto.Sequence.Next <User>(); x.UserName = "******"; x.Salt = passwordHash.CreateSalt(); x.Password = passwordHash.CreatePasswordHash("Password", x.Salt); x.FirstName = "First Name"; x.LastName = "Last Name"; x.Role = Role.Admin; x.CreatedDate = DateTime.Now; }); Presto.PersistAction = entity => { var addEntityMethod = typeof(IClarityDB).GetMethod("AddEntity"); var addEntityOfTypeMethod = addEntityMethod.MakeGenericMethod(new[] { entity.GetType() }); addEntityOfTypeMethod.Invoke(ClarityDB.Instance, new object[] { entity }); }; } initialized = true; }
public ActionResult SignUp(User user) { if (ModelState.IsValid) { var isExist = db.Users.Where(x => x.Username == user.Username).SingleOrDefault(); if (isExist != null) { ViewBag.message = "This username already used.."; return(View()); } var salt = PasswordHash.CreateSalt(4); String pw = user.Password + salt; var hashAndSalt = PasswordHash.GetPasswordHashAndSalt(pw); user.Password = hashAndSalt; user.Salt = salt; db.Users.Add(user); db.SaveChanges(); Session["Username"] = user.Username; return(RedirectToAction("Index", "Home")); } return(View("Signup", user)); }
/// <summary> /// Apenas reseta a senha de acesso do usuário para a senha padrão. /// </summary> /// <param name="id">Código do usuário que terá a senha resetada</param> /// <returns></returns> public Usuario ResetarSenha(int id) { using (var context = new DatabaseContext()) { var entity = context.Usuario.FirstOrDefault(a => a.IdUsuario == id); if (entity == null) { throw new BusinessException("Usuário não encontrado"); } entity.Senha = PasswordHash.CreateHash(DEFAULT_PASSWORD); entity.SenhaSalt = PasswordHash.CreateSalt(); entity.DataHoraAlteracao = DateTime.Now; entity.IdUsuarioAlteracao = GetLoggedUser().IdUsuario; entity.PrimeiroAcesso = true; context.Entry(entity).State = EntityState.Modified; var result = context.SaveChanges() > 0; if (result) { RegistrarLogAtividade(entity, RESETAR_SENHA); } return(entity); } }
public UserCreateResult RegisterUser(ApiUserEntity user) { if (user == null) { return(UserCreateResult.Failed); } // check if the username doesnt exist already if (_userRepository.UserNameExists(user.Username)) { return(UserCreateResult.NameAlreadyExists); } // create password for this user. user.Salt = PasswordHash.CreateSalt(user.Username, NumberExtension.GetRandomUniqueCodeWithLength(10)); user.Password = PasswordHash.HashPassword(user.Salt, user.Password); // add the user. _userRepository.Add(user); // save changes. _uow.SaveChanges(); return(UserCreateResult.Success); }
public ActionResult Create(FormCollection frm) { Sys_User saveUser = new Sys_User(); saveUser.FullName = frm["FullName"]; saveUser.Email = frm["Email"]; string password = frm["Password"]; saveUser.DepartmentId = Convert.ToInt32(frm["DepartmentId"]); saveUser.UserType = Convert.ToInt32(frm["UserTypeId"]); string passwordSalt = CryptoService.CreateSalt(10); string passwordHash = CryptoService.GenerateSHA256Hash(password, passwordSalt); saveUser.PasswordSalt = Convert.ToString(passwordSalt); saveUser.Password = Convert.ToString(passwordHash); if (frm["IsActive"] == "Y") { saveUser.IsActive = true; } else { saveUser.IsActive = false; } saveUser.EnteredDate = DateTime.Now; saveUser.EnteredBy = Convert.ToInt32(Session["UserId"]); db.AddUsers(saveUser); return(RedirectToAction("Index")); }
public void CreatePasswordHash_CreatesHash() { var passwordHash = new PasswordHash(); var salt = passwordHash.CreateSalt(); var hash = passwordHash.CreatePasswordHash("abc123@X", salt); Assert.Less(0, hash.Length); }
protected void ChangeProfile_Click(object sender, EventArgs e) { String OrigPassword = Request.Form["ctl00$MainContent$CurrentPassword"].ToString().Trim(); Regex regex = new Regex(@"(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}"); Match matchOrig = regex.Match(OrigPassword); PasswordHash PasswordHasher = new PasswordHash(); String Salt = PasswordHasher.CreateSalt(SessionVariables.UserName.ToLower()); String OrigHashedPassword = PasswordHasher.HashPassword(Salt, OrigPassword); if (OrigHashedPassword == HashedPasswordFromDB) { String NewHashedPassword = HashedPasswordFromDB; // Set our variables to the new inputs Email = Request.Form["ctl00$MainContent$emailInput"].ToString(); Sponsor = Request.Form["ctl00$MainContent$sponsorText"].ToString(); SteamHandle = Request.Form["ctl00$MainContent$SteamHandleTB"].ToString(); BattleHandle = Request.Form["ctl00$MainContent$BattleHandleTB"].ToString(); OriginHandle = Request.Form["ctl00$MainContent$OriginHandleTB"].ToString(); TwitterHandle = Request.Form["ctl00$MainContent$TwitterHandleTB"].ToString(); if (Request.Form["ctl00$MainContent$ActiveCheckbox"] == "on") { isActive = true; } else { isActive = false; } UpdateFields(); if (Request.Form["ctl00$MainContent$NewPassword"].ToString() != "" && Request.Form["ctl00$MainContent$NewPasswordConfirm"].ToString() != "") { String NewPassword = Request.Form["ctl00$MainContent$NewPassword"].ToString().Trim(); Match matchNew = regex.Match(NewPassword); NewHashedPassword = PasswordHasher.HashPassword(Salt, NewPassword); } using (MySqlCommand cmd = new MySqlCommand("UPDATE useraccount SET Email = \'" + Email + "\', Cerner = \'" + Sponsor + "\', Active = " + isActive + ", Password = \'" + NewHashedPassword + "\', SteamHandle = \'" + SteamHandle + "\', BattleHandle = \'" + BattleHandle + "\', OriginHandle = \'" + OriginHandle + "\', TwitterHandle = \'" + TwitterHandle + "\' WHERE useraccount.Username = \'" + SessionVariables.UserName + "\'", new MySqlConnection(ConfigurationManager.ConnectionStrings["KcGameOnSQL"].ConnectionString))) { cmd.CommandType = System.Data.CommandType.Text; cmd.Connection.Open(); cmd.ExecuteNonQuery(); cmd.Connection.Close(); ProfileUpdateMessage.Text = "Profile Successfully Updated!"; } } else { ProfileUpdateMessage.Text = "Original Password Does Not Match!"; } }
private bool Insert(UsuarioForm model) { using (var context = new DatabaseContext()) { var emailExistente = context.Usuario.FirstOrDefault(a => a.Email == model.Email); if (emailExistente != null) { throw new BusinessException($"O e-mail {model.Email} já está sendo utilizado, escolha outro e-mail para continuar"); } var entity = new Usuario(); entity.DataHoraCadastro = CurrentDateTime; entity.DataHoraAlteracao = CurrentDateTime; entity.IdUsuarioCadastro = IdUsuarioLogado; entity.IdUsuarioAlteracao = IdUsuarioLogado; entity.Status = (int)DefaultStatusEnum.Ativo; entity.Nome = model.Nome; entity.Email = model.Email; entity.Senha = PasswordHash.CreateHash(DEFAULT_PASSWORD); entity.SenhaSalt = PasswordHash.CreateSalt(); entity.PrimeiroAcesso = true; context.Set <Usuario>().Add(entity); foreach (var item in model.Clinicas) { var clinica = new Clinica_Usuario(); clinica.DataHoraCadastro = CurrentDateTime; clinica.DataHoraAlteracao = CurrentDateTime; clinica.IdUsuarioCadastro = IdUsuarioLogado; clinica.IdUsuarioAlteracao = IdUsuarioLogado; clinica.Status = (int)DefaultStatusEnum.Ativo; clinica.IdUsuario = entity.IdUsuario; clinica.IdClinica = item.IdClinica; clinica.IdUsuarioGrupo = item.IdUsuarioGrupo; context.Set <Clinica_Usuario>().Add(clinica); } var result = context.SaveChanges() > 0; if (result) { RegistrarLogAtividade(entity, PERMISSAO_CADASTRO); } return(result); } }
public ActionResult ChangePassword(FormCollection frm) { Sys_User changeUserPass = new Sys_User(); int userId = Convert.ToInt32(Session["UserId"]); Sys_User detail = db.getUesrDetailByUserId(userId); string dbOldPassword = detail.Password; string dbpasswordSalt = detail.PasswordSalt; string OldpasswordHash = CryptoService.GenerateSHA256Hash(frm["OldPassword"], dbpasswordSalt); var checkOldPass = db.CheckOldPassword(OldpasswordHash); if (frm["NewPassword"] == frm["RePassword"]) { if (dbOldPassword == OldpasswordHash && checkOldPass != null) { string password = frm["NewPassword"]; string passwordSalt = CryptoService.CreateSalt(10); string passwordHash = CryptoService.GenerateSHA256Hash(password, passwordSalt); changeUserPass.PasswordSalt = Convert.ToString(passwordSalt); changeUserPass.Password = Convert.ToString(passwordHash); changeUserPass.LastUpdatedBy = userId; changeUserPass.LastUpdatedDate = DateTime.Now; db.ChangePassword(changeUserPass, userId); ViewBag.Message = "Password Changed"; } } else { ViewBag.Message = "Password MissMatch!!!"; } return(View()); }
/// <summary> /// Apenas altera a senha de acesso do usuário. Somente o usuário logado poderá alterar sua senha. /// </summary> /// <param name="model"></param> /// <returns></returns> public bool AlterarSenha(AlterarSenhaModel model) { if (model.IdUsuario != GetLoggedUser().IdUsuario) { throw new BusinessException("Não é permitido alterar a senha de outro usuário"); } if (model.Senha != model.Confirmar) { throw new BusinessException("As senhas informadas não conferem"); } using (var context = new DatabaseContext()) { var entity = context.Usuario.FirstOrDefault(a => a.IdUsuario == model.IdUsuario); if (entity == null) { throw new BusinessException("Usuário não encontrado"); } entity.Senha = PasswordHash.CreateHash(model.Senha); entity.SenhaSalt = PasswordHash.CreateSalt(); entity.DataHoraAlteracao = DateTime.Now; entity.IdUsuarioAlteracao = GetLoggedUser().IdUsuario; entity.PrimeiroAcesso = false; context.Entry(entity).State = EntityState.Modified; var result = context.SaveChanges() > 0; if (result) { RegistrarLogAtividade(entity, ALTERAR_SENHA); } return(result); } }
protected void PasswordChange_Click(object sender, EventArgs e) { string Password = Request.Form["ctl00$MainContent$inputCurrentPassword"].ToString().Trim(); string NewPassword = Request.Form["ctl00$MainContent$inputNewPassword"].ToString().Trim(); string ConfirmNewPassword = Request.Form["ctl00$MainContent$inputConfirmNewPassword"].ToString().Trim(); // Check for NewPassword for length requirements. Regex Passregex = new Regex(@"(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}"); Match match = Passregex.Match(NewPassword); // This is where we change the password. if (!String.IsNullOrEmpty(Password) && !String.IsNullOrEmpty(NewPassword) && !String.IsNullOrEmpty(ConfirmNewPassword) && !String.IsNullOrEmpty(NewPassword) && match.Success && NewPassword == ConfirmNewPassword) { //Hash Users Password. PasswordHash PasswordHasher = new PasswordHash(); string Salt = PasswordHasher.CreateSalt(SessionVariables.UserName.ToLower()); string HashedPassword = PasswordHasher.HashPassword(Salt, Password); string HashedNewPassword = PasswordHasher.HashPassword(Salt, NewPassword); // Update the Database. MySqlCommand cmd = null; string SqlConnection = ConfigurationManager.ConnectionStrings["KcGameOnSQL"].ConnectionString; try { cmd = new MySqlCommand("spChangePassword", new MySqlConnection(SqlConnection)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("UserName", SessionVariables.UserName); cmd.Parameters.AddWithValue("CurrentPassword", HashedPassword); cmd.Parameters.AddWithValue("NewPassword", HashedNewPassword); cmd.Connection.Open(); int ID = Convert.ToInt32(cmd.ExecuteScalar()); switch (ID) { case -1: AccountManagements = "changepassword"; changePasswordSucess = true; // Password Changed Sucessfully. break; case -2: AccountManagements = "changepassword"; ChangePasswordErrorString = "Your Input Sucks!"; break; default: break; } } catch (Exception ex) { // Redirect to Error Page. } finally { if (cmd.Connection != null) { cmd.Connection.Close(); } } } else { AccountManagements = "changepassword"; ChangePasswordErrorString = "Don’t worry, we have server side Validations! \n Check missing fields, and Password must contain at least 6 characters, including UPPER/lowercase and numbers"; } }
protected void Recovery_Click(object sender, EventArgs e) { AccountManagements = "recovery"; string RadioRecovery = Request.Form["RadioRecovery"].ToString().Trim(); if (RadioRecovery.Equals("1")) { if (Request.Form["sequence"].ToString().Trim().Equals("1")) { string RecoveryEmail = Request.Form["ctl00$MainContent$Email"].ToString().Trim(); if (RecoveryEmail.Length != 0) { MySqlCommand cmd = null; String UserInfo = ConfigurationManager.ConnectionStrings["KcGameOnSQL"].ConnectionString; try { cmd = new MySqlCommand("spValidateUserEmail", new MySqlConnection(UserInfo)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("email", RecoveryEmail); cmd.Connection.Open(); int userID = Convert.ToInt32(cmd.ExecuteScalar()); switch (userID) { case -1: SessionVariables.recoveryCode = Guid.NewGuid().ToString(); string subject = "KcGameOn Account: Password change request"; string body = "Behold,"; body += "<br /><br />This is an automated message generated by KcGameOn administration to help you reset your KcGameOn password."; body += "<br /><br />Please enter the following code into the Verification Code field."; body += "<br /><br /><b>" + SessionVariables.recoveryCode + "</b>"; body += "<br /><br />Thanks,"; body += "<br />KcGameOn Team!"; MailClient Mailsender = new MailClient(); Mailsender.SendEmail(body, subject, RecoveryEmail); SessionVariables.iSeq = 2; break; case -2: // UserNot Found SessionVariables.iSeq = 1; recoveryError.Text = "Unable to validate an Email!"; break; default: break; } } catch { Response.Redirect("/ErrorPage/Error.aspx"); } finally { if (cmd.Connection != null) { cmd.Connection.Close(); } } } } else if (Request.Form["sequence"].ToString().Trim().Equals("2")) { if (Request.Form["ctl00$MainContent$inputCode"].ToString().Trim().Equals(SessionVariables.recoveryCode)) { string recoveryNewPass = Request.Form["ctl00$MainContent$inputRecoveryNewPass"].ToString().Trim(); string recoveryConfirmedPass = Request.Form["ctl00$MainContent$inputConfirmRecoverNewPass"].ToString().Trim(); string RecoveryEmail = Request.Form["RecoveryEmail"].ToString().Trim(); string username = null; Regex regex = new Regex(@"(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}"); Match match = regex.Match(recoveryNewPass); if (match.Success && recoveryNewPass == recoveryConfirmedPass && !string.IsNullOrEmpty(RecoveryEmail)) { //Hash Users Password. PasswordHash PasswordHasher = new PasswordHash(); // Get Username inorder to Salt the password. MySqlCommand cmd = null; MySqlDataReader Reader = null; string SqlConnection = ConfigurationManager.ConnectionStrings["KcGameOnSQL"].ConnectionString; try { cmd = new MySqlCommand("spGetUserInfo", new MySqlConnection(SqlConnection)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("UserName", ""); // Add Email Variable. cmd.Parameters.AddWithValue("Email", RecoveryEmail); cmd.Connection.Open(); Reader = cmd.ExecuteReader(); while (Reader.Read()) { username = Reader.GetString("Username").ToString().ToLower(); } } finally { if (cmd.Connection != null) { cmd.Connection.Close(); } if (Reader != null) { Reader.Close(); } } if (!string.IsNullOrEmpty(username)) { string Salt = PasswordHasher.CreateSalt(username.ToLower()); string HashedNewPassword = PasswordHasher.HashPassword(Salt, recoveryNewPass); cmd = null; try { cmd = new MySqlCommand("spChangePasswordAccountRecovery", new MySqlConnection(SqlConnection)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("UserName", username); cmd.Parameters.AddWithValue("NewPassword", HashedNewPassword); cmd.Parameters.AddWithValue("Email", RecoveryEmail); cmd.Connection.Open(); int ID = Convert.ToInt32(cmd.ExecuteScalar()); switch (ID) { case -1: SessionVariables.iSeq = 3; // Password Changed Sucessfully. break; case -2: //There was an error while updating password. break; default: break; } } finally { if (cmd.Connection != null) { cmd.Connection.Close(); } } } // If password update successful, only then set the iSeq to 3. } else { recoveryError1.Text = "Error Validating Password!"; SessionVariables.iSeq = 2; // Password Must match. } // All Golden } else // Wrong Code. { recoveryError1.Text = "Please check the Verification Code!"; SessionVariables.iSeq = 2; } } } // Send User an Email with UserID. else if (RadioRecovery.Equals("2")) { string RecoveryEmail = Request.Form["ctl00$MainContent$UserNameEmail"].ToString().Trim(); if (RecoveryEmail.Length != 0) { MySqlCommand cmd = null; String UserInfo = ConfigurationManager.ConnectionStrings["KcGameOnSQL"].ConnectionString; try { cmd = new MySqlCommand("spValidateUserEmail", new MySqlConnection(UserInfo)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("email", RecoveryEmail); cmd.Connection.Open(); int userID = Convert.ToInt32(cmd.ExecuteScalar()); cmd.Connection.Close(); switch (userID) { case -1: cmd = new MySqlCommand("spGetUsername", new MySqlConnection(UserInfo)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("email", RecoveryEmail); cmd.Connection.Open(); String username = Convert.ToString(cmd.ExecuteScalar()); cmd.Connection.Close(); if (!username.Equals("-2")) { SessionVariables.recoveryCode = Guid.NewGuid().ToString(); string subject = "KcGameOn Account: Forgotten username request"; string body = "Behold,"; body += "<br /><br />This is an automated message generated by the KCGameOn database Gods to remind you of your username."; body += "<br /><br />Your puny mortal username is:"; body += "<br /><br /><b>" + username + "</b>"; body += "<br /><br />Remember to bring a worthy offering to us."; body += "<br /><br />Thanks,"; body += "<br />KcGameOn Team!"; MailClient Mailsender = new MailClient(); Mailsender.SendEmail(body, subject, RecoveryEmail); SessionVariables.iSeq = 2; } else { // If this gets hit something is really jacked up, spValidateEmail and spGetUsername validate user email address independently. // This only occurs if spValidateEmail successfully found the email address but spGetUsername could not find the email... should be impossible. SessionVariables.iSeq = 1; recoveryError.Text = "Unable to validate an Email!"; } break; case -2: // UserNot Found SessionVariables.iSeq = 1; recoveryError.Text = "Unable to validate an Email!"; break; default: break; } } catch { Response.Redirect("/ErrorPage/Error.aspx"); } finally { if (cmd.Connection != null) { cmd.Connection.Close(); } } } // Send User an Email with UserName. } else { Response.Redirect("/ErrorPage/error.aspx"); } }
protected void Button1_Click(object sender, EventArgs e) { String UserName = Request.Form["ctl00$MainContent$UserName"]; String Password = Request.Form["ctl00$MainContent$Password"]; //Set Connection String to MySql. String UserInfo = ConfigurationManager.ConnectionStrings["KcGameOnSQL"].ConnectionString; if (UserName != null && Password != null) { //Hash Users Password. PasswordHash PasswordHasher = new PasswordHash(); String Salt = PasswordHasher.CreateSalt(UserName.ToLower()); String HashedPassword = PasswordHasher.HashPassword(Salt, Password); MySqlCommand cmd = null; int Authentication = 0; try { cmd = new MySqlCommand("checkUser", new MySqlConnection(UserInfo)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("Username", UserName); cmd.Parameters.AddWithValue("UserPass", HashedPassword); cmd.Connection.Open(); //Reader = cmd.ExecuteReader(); Authentication = Convert.ToInt32(cmd.ExecuteScalar()); switch (Authentication) { case -1: ErrorString = "Please Activate your account."; break; case -2: // UserActivated, User Is Admin and UserAuthenticated. SessionVariables.UserName = UserName; SessionVariables.UserAdmin = 1; // Set Cookies if Remember was checked. CookiesANDRememberMe(); break; case -3: // UserActivatd, UseAuthenticated and User isn't Admin. SessionVariables.UserName = UserName; SessionVariables.UserAdmin = 0; // Set Cookies if Remember was checked. CookiesANDRememberMe(); break; case -4: ErrorString = "Your Input Sucks!"; break; default: break; } } finally { if (cmd != null) { cmd.Connection.Close(); } } try { cmd = new MySqlCommand("SELECT BlockPayments FROM AdminProperties", new MySqlConnection(UserInfo)); cmd.Connection.Open(); cmd.CommandType = System.Data.CommandType.Text; string blocked = cmd.ExecuteScalar().ToString(); if (blocked.Equals("TRUE")) { if (SessionVariables.UserAdmin == 0 && !SessionVariables.UserName.ToLower().Equals("kctestaccount")) { SessionVariables.registrationBlocked = true; } else { SessionVariables.registrationBlocked = false; } } } catch (Exception) { } finally { if (cmd.Connection != null) { cmd.Connection.Close(); } } if (SessionVariables.UserName != null) { try { cmd = new MySqlCommand("SELECT pay.idpaytable, pay.username, pay.EventID, sea.checkedin, pay.verifiedPaid, pay.paymentKey FROM payTable AS pay LEFT JOIN (SELECT username, checkedin FROM seatingchart WHERE username = \"" + SessionVariables.UserName + "\" AND ActiveIndicator = \"TRUE\") sea on pay.username = sea.username WHERE pay.username = \"" + SessionVariables.UserName + "\" AND pay.EventID = (SELECT EventID FROM kcgameon.schedule WHERE Active = 1 order by ID LIMIT 1) AND pay.verifiedPaid = \'Y\'", new MySqlConnection(UserInfo)); cmd.CommandType = System.Data.CommandType.Text; cmd.Connection.Open(); IAsyncResult result = cmd.BeginExecuteReader(); reader = cmd.EndExecuteReader(result); result = cmd.BeginExecuteReader(); if (reader == null || !reader.HasRows) { SessionVariables.verifiedPaid = "N"; } else { while (reader.Read()) { SessionVariables.paymentKey = reader["paymentKey"].ToString(); SessionVariables.verifiedPaid = reader["verifiedPaid"].ToString(); } } } catch (Exception) { } finally { if (reader != null) { reader.Close(); } if (cmd != null) { cmd.Connection.Close(); } } if (String.IsNullOrEmpty(redirect)) { Response.Redirect("/Default.aspx"); } else if (redirect.Contains("/AccountManagement.aspx")) { Response.Redirect("/Default.aspx"); } else { Response.Redirect(redirect); } } } }
protected void SignButton_Click(object sender, EventArgs e) { //if(Recaptcha.IsValid) String FirstName = Request.Form["ctl00$MainContent$inputFirst"].ToString().Trim(); String LastName = Request.Form["ctl00$MainContent$inputLast"].ToString().Trim(); String Email = Request.Form["ctl00$MainContent$inputEmail"].ToString().Trim(); String ConfirmEmail = Request.Form["ctl00$MainContent$inputEmail1"].ToString().Trim(); String UserName = Request.Form["ctl00$MainContent$inputUser"].ToString().Trim(); String Sponsor = Request.Form["ctl00$MainContent$inputCerner"].ToString().Trim(); String Password = Request.Form["ctl00$MainContent$Password"].ToString().Trim(); String ConfirmPassword = Request.Form["ctl00$MainContent$Password1"].ToString().Trim(); String SecretQuestion = Request.Form["ctl00$MainContent$DropDownList1"].ToString().Trim(); String SecretAnswer = Request.Form["ctl00$MainContent$SecretAnswer"].ToString().Trim(); Regex regex = new Regex(@"(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}"); Match match = regex.Match(Password); //No spaces allowed :). Regex.Replace(UserName, @"\s+", ""); int userID = 0; String UserInfo = ConfigurationManager.ConnectionStrings["KcGameOnSQL"].ConnectionString; //if (Validate()) if (int.Parse(Request.Form["ctl00$MainContent$HumanValidation"].ToString().Trim()) == 8) { if (!String.IsNullOrEmpty(UserName) && !String.IsNullOrEmpty(Password) && !String.IsNullOrEmpty(Email) && !String.IsNullOrEmpty(SecretAnswer) && !String.IsNullOrEmpty(SecretAnswer) && match.Success && Password == ConfirmPassword && Email == ConfirmEmail) { //Hash Users Password. PasswordHash PasswordHasher = new PasswordHash(); String Salt = PasswordHasher.CreateSalt(UserName.ToLower()); String HashedPassword = PasswordHasher.HashPassword(Salt, Password); String HashedSecretAnswer = PasswordHasher.HashPassword(Salt, SecretAnswer.ToLower()); MySqlCommand cmd = null; try { cmd = new MySqlCommand("spAddUsers", new MySqlConnection(UserInfo)); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.Parameters.AddWithValue("UserName", UserName); cmd.Parameters.AddWithValue("Pass", HashedPassword); cmd.Parameters.AddWithValue("First", FirstName); cmd.Parameters.AddWithValue("Last", LastName); cmd.Parameters.AddWithValue("Email", Email); cmd.Parameters.AddWithValue("Cerner", Sponsor); cmd.Parameters.AddWithValue("Admin", 0); cmd.Parameters.AddWithValue("SecretQuestion", SecretQuestion); cmd.Parameters.AddWithValue("SecretAnswer", HashedSecretAnswer); cmd.Connection.Open(); userID = Convert.ToInt32(cmd.ExecuteScalar()); switch (userID) { case -1: RegisterErrorString = "Username already exists."; break; case -2: RegisterErrorString = "Email address has already been used."; break; default: SendActivationEmail(userID, UserName); RegistrationSucess = true; //SessionVariables.UserName = UserName; break; } } catch (Exception) { // Redirect to Error Page. } finally { cmd.Connection.Close(); } } else { RegisterErrorString = "Don’t worry, we have server side Validations! \n Check missing fields, and Password must contain at least 6 characters, including UPPER/lowercase and numbers"; } } else { RegisterErrorString = "We've indicated that you're not a Human."; //"Dont worry we do server side Validations!" } }