//Checks if Password of userId is correct
public static bool VerifyPassword(string id, string pw)
{
var con = new SQLiteConnection("Data Source=DatabaseTicTacTorus.dat");
var s = new SaltedHash(pw);
var answer = false;
con.Open();
var command = new SQLiteCommand(con)
{
CommandText = $"select salt,hash from User where loginName ='" + id + "'"
};
var reader = command.ExecuteReader();
while (reader.Read())
{
if (Equals(reader[0], s.Salt) && Equals(reader[1], s.Hash))
{
answer = true;
}
}
con.Close();
return(answer);
}
public static void SendLoginRequest(LoginArgsContainer Args)
{
//Variable length...
PacketStream Packet = new PacketStream((byte)PacketType.LOGIN_REQUEST, 0);
Packet.WriteByte(0x00);
SaltedHash Hash = new SaltedHash(new SHA512Managed(), Args.Username.Length);
MemoryStream MemStream = new MemoryStream();
DecryptionArgsContainer DecryptionArgs = Args.Enc.GetDecryptionArgsContainer();
MemStream.WriteByte((byte)Args.Username.Length);
MemStream.Write(Encoding.ASCII.GetBytes(Args.Username), 0, Encoding.ASCII.GetBytes(Args.Username).Length);
byte[] HashBuf = Hash.ComputePasswordHash(Args.Username, Args.Password);
PlayerAccount.Hash = HashBuf;
MemStream.WriteByte((byte)HashBuf.Length);
MemStream.Write(HashBuf, 0, HashBuf.Length);
Packet.WriteUInt16((ushort)(PacketHeaders.UNENCRYPTED + MemStream.ToArray().Length + 4));
Packet.WriteBytes(MemStream.ToArray());
string[] Version = GlobalSettings.Default.ClientVersion.Split('.');
Packet.WriteByte((byte)int.Parse(Version[0])); //Version 1
Packet.WriteByte((byte)int.Parse(Version[1])); //Version 2
Packet.WriteByte((byte)int.Parse(Version[2])); //Version 3
Packet.WriteByte((byte)int.Parse(Version[3])); //Version 4
Args.Client.Send(Packet.ToArray());
}
private GameOperationResponse HandleLoginUser(int sessionId, LoginUser operation)
{
try
{
var userData = this.application.UserDatabase.Query <UserData>("UserData/ByUsername")
//.Customize(x => x.WaitForNonStaleResultsAsOfNow())
.Select(user => new { user.Username, user.Salt, user.Password })
.FirstOrDefault(user => user.Username.Equals(operation.Username, StringComparison.CurrentCultureIgnoreCase));
if (userData == null)
{
return(operation.GetErrorResponse((short)ResultCode.IncorrectUsernameOrPassword));
}
var passwordHash = SaltedHash.Create(userData.Salt, userData.Password);
if (passwordHash.Verify(operation.Password) == false)
{
return(operation.GetErrorResponse((short)ResultCode.IncorrectUsernameOrPassword));
}
// requesting master to authorize client
this.peer.SendOperationRequest(new OperationRequest((byte)ServerOperationCode.AckClientUserLogin,
new AckClientUserLogin
{
SessionId = sessionId,
Username = userData.Username
}),
new SendParameters());
return(null);
}
catch (Exception e)
{
_logger.Error(e);
return(operation.GetErrorResponse((short)ResultCode.Fail));
}
}
private void InitBlankRow()
{
for (int i = 0; i < 5; i++)
{
_memberCards.Add(
new MemberCardModel
{
MemberCard = new DataModel.Model.MemberCard
{
MemberType = 0,
IsEnable = true,
PasswordHash =
SaltedHash.Create(
ResourcesHelper.SystemSettings[
(short)DataType.SystemSettingCode.DefaultMemberCardPW]).Hash,
PasswordSalt =
SaltedHash.Create(
ResourcesHelper.SystemSettings[
(short)DataType.SystemSettingCode.DefaultMemberCardPW]).Salt,
MemberMoney = 0,
TotalSurplusMoney = 0,
PrincipalSurplusMoney = 0,
FavorableSurplusMoney = 0,
DispatchDate = DateTime.Now,
CreatedBy = ResourcesHelper.CurrentUser.Name,
CreatedOn = DateTime.Now,
LastModifiedBy = ResourcesHelper.CurrentUser.Name,
LastModifiedOn = DateTime.Now,
MemberCardNo = ResourcesHelper.MFTMemberCard
},
CanUpdate = true
});
}
}
public UserAuth CreateUserAuth(UserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(newUser);
var saltedHash = new SaltedHash();
string salt;
string hash;
saltedHash.GetHashAndSaltString(password, out hash, out salt);
var digestHelper = new DigestAuthFunctions();
newUser.DigestHA1Hash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = DateTime.UtcNow;
newUser.ModifiedDate = newUser.CreatedDate;
using (var session = _documentStore.OpenSession())
{
session.Store(newUser);
session.SaveChanges();
}
return(newUser);
}
public IUserAuth UpdateUserAuth(IUserAuth existingUser, IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(mongoDatabase, newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
// If either one changes the digest hash has to be recalculated
var digestHash = existingUser.DigestHa1Hash;
if (password != null || existingUser.UserName != newUser.UserName)
{
var digestHelper = new DigestAuthFunctions();
digestHash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.DigestHa1Hash = digestHash;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
SaveUser(newUser);
return(newUser);
}
public bool IsValidLogin(String userName, String password)
{
try
{
bool PasswordMatch = false;
/*_________________________________________________________________________
* Compare the user's hash and salt with the password entered.
* _________________________________________________________________________*/
SystemUser systemUser = GetSystemUser(userName);
if (systemUser != null && systemUser.Hash != null && systemUser.Salt != null)
{
SaltedHash SH = new SaltedHash();
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
string dbHash = encoding.GetString(systemUser.Hash);
string dbSalt = encoding.GetString(systemUser.Salt);
PasswordMatch = SH.VerifyHashString(password, dbHash, dbSalt);
}
else
{
PasswordMatch = false;
}
return(PasswordMatch);
}
catch (Exception ex)
{
ExceptionModel.SaveException(ex.Message, System.Reflection.MethodBase.GetCurrentMethod().DeclaringType.ToString(), System.Reflection.MethodInfo.GetCurrentMethod().Name);
return(false);
}
}
/// <summary>
/// User clicked button to log in.
/// </summary>
private void BtnLogin_Click(object sender, EventArgs e)
{
LoginArgsContainer Args = new LoginArgsContainer();
if (TxtPassword.Text != "" && TxtUsername.Text != "")
{
NetworkFacade.Client = new NetworkClient(GlobalSettings.Default.LoginServerIP, 2106,
GonzoNet.Encryption.EncryptionMode.AESCrypto);
NetworkFacade.Client.OnConnected += new OnConnectedDelegate(NetworkController.Client_OnConnected);
Args.Username = TxtUsername.Text.ToUpper();
Args.Password = TxtPassword.Text.ToUpper();
SaltedHash Hash = new SaltedHash(new SHA512Managed(), Args.Username.Length);
byte[] HashBuf = Hash.ComputePasswordHash(Args.Username.ToUpper(), Args.Password.ToUpper());
Args.Enc = new AESEncryptor(Convert.ToBase64String(HashBuf));
Args.Client = NetworkFacade.Client;
PlayerAccount.Username = TxtUsername.Text;
LblStatus.Invoke(new MethodInvoker(delegate { LblStatus.Visible = true; }));
LblStatus.Invoke(new MethodInvoker(delegate { LblStatus.Text = "Connecting..."; }));
NetworkController.OnReceivedCharacters += new OnReceivedCharactersDelegate(NetworkController_OnReceivedCharacters);
NetworkFacade.Client.Connect(Args);
}
else
{
MessageBox.Show("Please enter a username and password!");
}
}
public void SaltedHashTest_Negative(string password)
{
SaltedHash hasher = new SaltedHash(password);
var salt = '+' + hasher.Salt;
Assert.False(SaltedHash.Verify(password, hasher.Hash, salt));
}
public UserAuth UpdateUserAuth(UserAuth existingUser, UserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
Session.Save(new UserAuthPersistenceDto(newUser));
return(newUser);
}
public IUserAuth UpdateUserAuth(IUserAuth existingUser, IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
using (var nhSession = GetCurrentSessionFn(sessionFactory))
{
nhSession.Save(new UserAuthNHibernate(newUser));
}
return(newUser);
}
private void InitBlankRow()
{
for (int i = 0; i < 5; i++)
{
_users.Add(new UserModel
{
User = new DataModel.Model.User
{
UserType = 0,
Enable = true,
Login = new Guid().ToString(),
PasswordHash = SaltedHash.Create("xislkfweorkdf").Hash,
PasswordSalt = SaltedHash.Create("xislkfweorkdf").Salt,
UserNo =
(int.Parse(_users.Max(x => x.User.UserNo) ?? ResourcesHelper.CoustomUserNoStart) + 1)
.ToString(),
CreatedBy = ResourcesHelper.CurrentUser.Name,
CreatedOn = DateTime.Now,
LastModifiedBy = ResourcesHelper.CurrentUser.Name,
LastModifiedOn = DateTime.Now,
},
MemberCardNo = string.Empty
});
}
}
public LoginCommandValidator(IRepository repository)
{
_repository = repository;
RuleFor(x => x.Username).NotNull().WithMessage("用户名不能为空");
RuleFor(x => x.Password).NotNull().WithMessage("密码不能为空");
Custom(x =>
{
var user =
_repository.Query <User>("SELECT * FROM [User] WHERE Username=@Username",
new { x.Username })
.FirstOrDefault();
if (user == null)
{
return(new ValidationFailure("Username", "用户不存在"));
}
if (!user.IsEnabled)
{
return(new ValidationFailure("Username", "用户已失效"));
}
if (!SaltedHash.Create(user.Salt, user.HashedPassword).Verify(x.Password))
{
return(new ValidationFailure("Password", "用户名或密码有误"));
}
return(null);
});
}
private static void RunAsClient()
{
GonzoNet.PacketHandlers.Register(0x02, false, 0, new OnPacketReceive(PacketHandlers.HandleServerChallenge));
//GonzoNet requires a log output stream to function correctly. This is built in behavior.
GonzoNet.Logger.OnMessageLogged += new MessageLoggedDelegate(Logger_OnMessageLogged);
NetworkFacade.Client = new NetworkClient("127.0.0.1", 12345);
NetworkFacade.Client.OnConnected += new OnConnectedDelegate(m_Client_OnConnected);
LoginArgsContainer LoginArgs = new LoginArgsContainer();
LoginArgs.Enc = new AESEncryptor("test");
LoginArgs.Username = "******";
LoginArgs.Password = "******";
LoginArgs.Client = NetworkFacade.Client;
SaltedHash Hash = new SaltedHash(new SHA512Managed(), LoginArgs.Username.Length);
PacketHandlers.PasswordHash = Hash.ComputePasswordHash(LoginArgs.Username, LoginArgs.Password);
NetworkFacade.Client.Connect(LoginArgs);
while (true)
{
Thread.Sleep(1000);
}
}
public ActionResult Add(AddUserViewModel model)
{
/*
* User submitted user creation data
*/
try
{
// validate input data
if (ModelState.IsValid == false)
{
ModelState.AddModelError(string.Empty, "Thông tin tạo tài khoản không hợp lệ");
return(View(model));
}
// hash password
SaltedHash sh = new SaltedHash(model.Password);
// create new user info
User userInfo = new User();
userInfo.Username = model.Username;
userInfo.Salt = sh.Salt;
userInfo.Password = sh.Hash;
userInfo.FirstName = model.FirstName;
userInfo.LastName = model.LastName;
userInfo.Email = model.Email;
userInfo.CreateDate = DateTime.Now;
userInfo.IsActive = model.IsActive;
// add user's roles
userInfo.Roles = new List <Role>();
foreach (var userRoleSelectedModel in model.SelectedRoleModels)
{
if (userRoleSelectedModel.IsSelected == true)
{
// get selected role
var selectedRole = db.Roles
.Where(r => r.RoleId == userRoleSelectedModel.RoleId)
.FirstOrDefault();
if (selectedRole != null)
{
userInfo.Roles.Add(selectedRole);
}
}
}
// save new user info
db.Users.Add(userInfo);
db.SaveChanges();
return(RedirectToAction("Index"));
}
catch (ArgumentNullException ex)
{
return(RedirectToAction("ErrorMessage", "Admin",
new RouteValueDictionary(
new { message = ex.Message })));
}
}
public async Task Seed()
{
string hashedPassword, salt;
var hasher = new SaltedHash();
hasher.GetHashAndSaltString("p@ssw0rd", out hashedPassword, out salt);
await new AddUserCommandHandler().HandleAsync(new AddUserCommand()
{
Email = "*****@*****.**",
FirstName = "Abdul Jabbar",
LastName = "Zaffar",
HashedPassword = hashedPassword,
PasswordSalt = salt,
Role = (int)Role.Admin
});
await new AddUserCommandHandler().HandleAsync(new AddUserCommand()
{
Email = "*****@*****.**",
FirstName = "Abdul Qudoos",
LastName = "Chaudhry",
HashedPassword = hashedPassword,
PasswordSalt = salt,
Role = (int)Role.Admin
});
}
public ActionResult Details(UserProfileViewModel model)
{
if (ModelState.IsValid)
{
// get user info
var user = Context.Users.Where(u => u.UserId == model.UserId).FirstOrDefault();
if (user == null)
{
return(HttpNotFound(String.Format("Tài khoản #{0} không tồn tại", model.UserId)));
}
// verify current password
if (!SaltedHash.Verify(user.Salt, user.Password, model.CurrentPassword))
{
ModelState.AddModelError("", "Mật khẩu hiện tại không hợp lệ");
return(View(model));
}
// update user password
SaltedHash sh = new SaltedHash(model.Password);
user.Password = sh.Hash;
user.Salt = sh.Salt;
Context.SaveChanges();
FormsAuthentication.SignOut();
return(RedirectToAction("Login", "User"));
}
else
{
ModelState.AddModelError("", "Dữ liệu không hợp lệ");
return(View(model));
}
}
public ActionResult Edit(EditUser model)
{
try
{
if (ModelState.IsValid)
{
// get edited user
var user = db.Users.Where(u => u.UserId == model.UserId).FirstOrDefault();
if (user != null)
{
// update password
if (!string.IsNullOrWhiteSpace(model.Password))
{
SaltedHash sh = new SaltedHash(model.Password);
user.Password = sh.Hash;
user.Salt = sh.Salt;
}
// update user info
user.FullName = model.FullName;
user.Phone = model.Phone;
user.Email = model.Email;
user.IsActive = model.IsActive;
// update user's role
user.Roles.Clear();
foreach (var roleCB in model.RoleCheckBoxes)
{
if (roleCB.Selected)
{
var roleSelected = db.Roles.Where(r => r.RoleId == roleCB.RoleId).FirstOrDefault();
if (roleSelected != null)
{
user.Roles.Add(roleSelected);
}
}
}
db.SaveChanges();
return(RedirectToAction("Index"));
}
else
{
ModelState.AddModelError("", "Không tìm thấy thông tin tài khoản!");
}
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
// Write error log
var log = new Log();
log.LogDate = DateTime.Now;
log.Action = "User - Edit()";
log.Tags = "Error";
log.Message = ex.ToString();
db.Logs.Add(log);
db.SaveChanges();
}
return(View(model));
}
public ActionResult Login(LoginViewModel model)
{
var actionLogData = "";
try
{
if (ModelState.IsValid)
{
// get user info
var userLogin = db.Users.Where(u => String.Compare(u.Username, model.UserName, true) == 0).FirstOrDefault();
if (userLogin != null)
{
// verify user password
var loginSuccess = SaltedHash.Verify(userLogin.Salt, userLogin.Password, model.Password);
if (loginSuccess)
{
BizManPrincipalSerialize principal = new BizManPrincipalSerialize();
principal.UserId = userLogin.UserId;
principal.FirstName = userLogin.FirstName;
principal.LastName = userLogin.LastName;
principal.CreationDate = userLogin.CreateDate;
principal.Roles = userLogin.Roles.Select(r => r.RoleName).ToArray();
string jsonPrincipal = JsonConvert.SerializeObject(principal);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
userLogin.Username,
DateTime.Now,
DateTime.Now.AddDays(7),
model.RememberMe,
jsonPrincipal);
string ticketEncrypted = FormsAuthentication.Encrypt(ticket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketEncrypted);
Response.Cookies.Add(faCookie);
// Write action log
actionLogData = "user:"******", success";
ActionLog.WriteLog(ActionLog.LOGIN, actionLogData, userLogin.Username, Request.ServerVariables["REMOTE_ADDR"]);
return(RedirectToAction("Index", "Home"));
}
}
}
ModelState.AddModelError("", "Sai tên đăng nhập hoặc mật khẩu!");
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
// Write action log
actionLogData = "user:"******", fail";
ActionLog.WriteLog(ActionLog.LOGIN, actionLogData, model.UserName, Request.ServerVariables["REMOTE_ADDR"]);
return(View(model));
}
private void MakeFail(string strData, string testValue, int saltLength)
{
string strHash, strSalt;
SaltedHash sh = new SaltedHash(new SHA256Managed(), saltLength);
sh.GetHashAndSalt(strData, out strHash, out strSalt);
Assert.IsFalse(sh.VerifyHash(testValue, strHash, strSalt), "Should not verify");
}
public HumanPlayer(string id, string inGameName, Color plrColor, byte symbol, string pwd) :
this(id, inGameName, plrColor, symbol)
{
SaltedHash s = new SaltedHash(pwd); // Besprechen
Hash = s.Hash; // Besprechen
Salt = s.Salt; // Besprechen
}
protected void cmdSave_Click(object sender, EventArgs e)
{
try
{
string user = VatLid.Utils.KillChars(txtName.Text.Trim());
user = VatLid.Utils.ValidateXSS(user);
user = VatLid.Utils.safeString(user);
string passNew = txtNewPw.Text.Trim();
string passConfirm = txtConfirmPw.Text.Trim();
if (txtNewPw.Text.Length < 8)
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (IsNumber(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (!checkMumber(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
else if (!Utils.isSpecial_Characters(txtNewPw.Text))
{
Response.Redirect(VatLid.Variables.sWebRoot + "error_info.aspx?err=31");
}
string SQL = "SELECT ID From Users WHERE UserName='******'";
ArrayList al = DAL.GetDataReaderToArrayList(SQL);
if (al.Count == 0)
{
lblError.Text = "User không tồn tại trong CSDL";
}
else
if (txtNewPw.Text != txtConfirmPw.Text)
{
lblError.Text = "Mật khẩu mới Confirm sai";
}
else
{
SqlCommand cmd = new SqlCommand();
cmd.Parameters.AddWithValue("@UserName", user);
cmd.Parameters.AddWithValue("@UserPw", SaltedHash.EncodeMD5(passNew));
cmd.Parameters.AddWithValue("@UserPwN", passNew);
VatLid.DAL.GetDataSet("cms_changepass", VatLid.DAL.getConnectionString1(), cmd);
VatLid.DAL.INSERT_USER_LOG_NEW(VatLid.Utils.getUserId(Session).ToString(), VatLid.LogType.ChangerPw.ToString(), VatLid.DAL.getCategoryID(FileName), "OK", user, VatLid.Utils.GetIP());
lblError.Text = "Đổi mật khẩu thành công";
}
}
catch (Exception err)
{
lblError.Text = "Đổi mật khẩu không thành công";
VatLid.DAL.ExceptionProcess(err);
}
}
public ActionResult ChangePass(ChangePassViewModel model)
{
try
{
if (ModelState.IsValid)
{
// get current user info
var userInfo = db.Users.Where(u => u.UserId == model.UserId).FirstOrDefault();
if (userInfo == null)
{
return(RedirectToAction("Login", "Auth"));
}
// verify old password
var isCorrectOldPass = SaltedHash.Verify(userInfo.Salt, userInfo.Password, model.OldPassword);
if (isCorrectOldPass)
{
// new password must be different to old passowrd
if (String.Compare(userInfo.Password, SaltedHash.ComputeHash(userInfo.Salt, model.NewPassword), false) != 0)
{
// update new user password
SaltedHash sh = new SaltedHash(model.NewPassword);
userInfo.Salt = sh.Salt;
userInfo.Password = sh.Hash;
userInfo.FirstName = model.FirstName;
userInfo.LastName = model.LastName;
userInfo.Email = model.Email;
db.SaveChanges();
// write action log
string actionLogData = "username="******"REMOTE_ADDR"]);
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("", "Mật khẩu mới không được trùng mật khẩu cũ");
}
}
else
{
ModelState.AddModelError("", "Mật khẩu cũ chưa chính xác");
}
}
else
{
ModelState.AddModelError("", "Thông tin đổi mật khẩu không hợp lệ!");
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.Message);
}
return(View(model));
}
public void Verify_salted_password_is_verified()
{
for (int i = 0; i < 50; i++)
{
string password = PasswordGenerator.Generate(32);
SaltedHash saltedHash = SaltedHash.Compute(password);
Assert.True(SaltedHash.Verify(password, saltedHash.PasswordHash, saltedHash.Salt));
}
}
public void Verify_salted_password_is_verified()
{
for (var i = 0; i < 50; i++)
{
var password = PasswordGenerator.Generate(32);
var saltedHash = SaltedHash.Compute(password);
Assert.True(SaltedHash.Verify(password, saltedHash.Hash, saltedHash.Salt));
}
}
public ActionResult Create(UserViewModel model)
{
if (ModelState.IsValid)
{
// check user exists
var newUser = Context.Users.Where(u => u.Username.CompareTo(model.Username) == 0).FirstOrDefault();
var userExisted = (newUser != null) ? true : false;
if (!userExisted)
{
// add user info
newUser = new User();
newUser.Username = model.Username;
SaltedHash sh = new SaltedHash(model.Username);
newUser.Password = sh.Hash;
newUser.Salt = sh.Salt;
newUser.FirstName = model.FirstName;
newUser.LastName = model.LastName;
newUser.IsActive = model.IsActive;
newUser.Email = model.Email;
newUser.CreateDate = DateTime.Now;
newUser.Roles = new List <Role>();
Context.Users.Add(newUser);
// add user's roles
foreach (RoleSelectViewModel item in model.RoleSelectViewModels)
{
if (item.IsSeleced)
{
var role = Context.Roles.Where(r => r.RoleId == item.RoleId).FirstOrDefault();
if (role != null)
{
newUser.Roles.Add(role);
}
}
}
// save changes
Context.SaveChanges();
return(RedirectToAction("Index", "User"));
}
else
{
// user exists
ModelState.AddModelError("",
String.Format("Tài khoản {0} đã tồn tại trong hệ thống", model.Username));
return(View(model));
}
}
else
{
ModelState.AddModelError("", "Thông tin tài khoản không hợp lệ!");
return(View(model));
}
}
public UserController(
UserRepository repository,
MemberRepository memberRepository,
ISessionContext sessionContext, SaltedHash saltedHash)
{
_repository = repository;
_memberRepository = memberRepository;
_sessionContext = sessionContext;
_saltedHash = saltedHash;
}
public void Handle(ResetPasswordCommand command)
{
var user = _repository.Get <User>(command.UserId);
SaltedHash saltedHash = SaltedHash.Create("123456");
user.Salt = saltedHash.Salt;
user.HashedPassword = saltedHash.Hash;
_repository.Update(user);
}
public UserModel Save(UserModel user, bool updatePassword = false)
{
var obj = new UserModel();
var hashedPassword = user.Password;
if (updatePassword)
{
var salt = SaltedHash.CreateSalt(user.Email);
hashedPassword = SaltedHash.HashPassword(salt, user.Password);
}
Run(cmd =>
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "[dbo].[SaveUser]";
var dtUtc = DateTime.UtcNow;
RepositoryHelper.PopulateDefaultParametersDatesAndBy(user);
cmd.AddParameter("@email", user.Email);
cmd.AddParameter("@city", user.City ?? "Alexandria");
cmd.AddParameter("@country", user.Country ?? "Canada");
cmd.AddParameter("@culture", user.Culture ?? "en-CA");
cmd.AddParameter("@dateModified", dtUtc);
cmd.AddParameter("@firstName", user.FirstName ?? "");
cmd.AddParameter("@isActive", user.IsActive);
cmd.AddParameter("@isPublic", user.IsPublic);
cmd.AddParameter("@isDeleted", user.IsDeleted);
cmd.AddParameter("@lastName", user.LastName ?? "");
cmd.AddParameter("@optIn", user.OptIn);
cmd.AddParameter("@phoneNumber", user.PhoneNumber ?? "");
cmd.AddParameter("@postalCode", user.PostalCode ?? "K0C1A0");
cmd.AddParameter("@province", user.Province ?? "Ontario");
cmd.AddParameter("@streetName", user.StreetName ?? "");
cmd.AddParameter("@streetNumber", user.StreetNumber ?? "");
cmd.AddParameter("@updatedBy", user.UpdatedBy);
cmd.AddParameter("@type", (int)user.Type);
cmd.AddParameter("@dateCreated", user.DateCreated);
cmd.AddParameter("@id", user.Id);
cmd.AddParameter("@password", hashedPassword);
cmd.AddParameter("@accessLevel", user.AccessLevel);
cmd.AddParameter("@createdBy", user.CreatedBy);
using (var reader = cmd.ExecuteReader())
while (reader.Read())
{
obj = MapObject(reader);
}
});
return(obj);
}
/// <summary>
/// Creates a hash for the password of the user
/// </summary>
/// <param name="user">the user</param>
/// <param name="password">password of the user</param>
/// <returns>hash for the password of the user</returns>
public string HashPassword(UserIdentityData user, string password)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
var saltedHash = new SaltedHash(password);
return(saltedHash.Hash);
}
public void CreateAccount(AccountManagement.Account account, SaltedHash passwordHash, UserId userId)
{
Contract.Assert(account.AccountId.IsNew);
using (var db = new THCard()) {
using (var transaction = new TransactionScope()) {
var dbAccount = new Account {
Username = account.Username.ToString(),
UserId = userId.ToGuid(),
AccountPassword = new AccountPassword {
PasswordHash = passwordHash.Hash,
Salt = passwordHash.Salt
}
};
db.Accounts.Add(dbAccount);
db.SaveChanges();
transaction.Complete();
account.AccountId = new AccountId(dbAccount.AccountId);
}
}
}
public static bool AuthenticateUser(string userName, string password)
{
Core.Database.User dbUser = GetByUsernameInternal(userName).FirstOrDefault();
if (dbUser == null) return false;
if (dbUser.IsEncrypted)
{
SaltedHash hash = new SaltedHash();
return hash.VerifyHashString(password, dbUser.Password, dbUser.Salt);
}
else
{
return (string.Compare(password, dbUser.Password, false) == 0);
}
}
public bool TryAuthenticate(string userName, string password, out IUserAuth userAuth)
{
//userId = null;
userAuth = GetUserAuthByUserName(userName);
if (userAuth == null) return false;
var saltedHash = new SaltedHash();
if (saltedHash.VerifyHashString(password, userAuth.PasswordHash, userAuth.Salt))
{
//userId = userAuth.Id.ToString(CultureInfo.InvariantCulture);
return true;
}
userAuth = null;
return false;
}
public IUserAuth UpdateUserAuth(IUserAuth existingUser, IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(mongoDatabase, newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
// If either one changes the digest hash has to be recalculated
var digestHash = existingUser.DigestHa1Hash;
if (password != null || existingUser.UserName != newUser.UserName)
{
var digestHelper = new DigestAuthFunctions();
digestHash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.DigestHa1Hash = digestHash;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
SaveUser(newUser);
return newUser;
}
public IUserAuth CreateUserAuth(IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(mongoDatabase, newUser);
var saltedHash = new SaltedHash();
string salt;
string hash;
saltedHash.GetHashAndSaltString(password, out hash, out salt);
var digestHelper = new DigestAuthFunctions();
newUser.DigestHa1Hash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = DateTime.UtcNow;
newUser.ModifiedDate = newUser.CreatedDate;
SaveUser(newUser);
return newUser;
}
