// protected void forgetpassword(object sender, EventArgs e)
// {
// Response.Redirect("2faLogin.aspx", false);
// }
protected void Button1_Click(object sender, EventArgs e)
{
UserCustomer ssdsd = new UserCustomer();
ssdsd = ssdsd.getAllDataByName(Session["usernameLogin"].ToString());
int cuas = ssdsd.Attempt;
System.Diagnostics.Debug.WriteLine(cuas);
if (cuas < 3)
{
string username = (string)Session["usernameLogin"];
UserCustomer su = new UserCustomer();
su = su.getAllDataByName(username);
//getting salt and hash from db based on username
string salt = su.Passwordsalt;
string hashvalueToCheck = su.Passwordhash;
//server hashing
string hashvalClient = TextBox2.Text;
string combine = hashvalClient + salt;
SHA512Managed hashing = new SHA512Managed();
byte[] serverHashwithSaltHashed = hashing.ComputeHash(Encoding.UTF8.GetBytes(combine));
//converting bytes to base64
string finalval = Convert.ToBase64String(serverHashwithSaltHashed);
System.Diagnostics.Debug.WriteLine(finalval);
//validation
if (hashvalueToCheck == finalval)
{
Session["accountLoginVerified"] = "true";
Session["md5Store"] = hashvalClient;
Response.Redirect("2faLogin.aspx", false);
}
else
{
UserCustomer sd = new UserCustomer();
UserCustomer users = new UserCustomer();
users = sd.getAllDataByName(username);
int curreatt = users.Attempt;
sd.updateuserattempts(username, curreatt + 1);
Labelerr.Text = "You have entered a Incorrect password";
}
}
else
{
Labelerr.Text = "Account locked, you had 3 failed logon attempts";
}
}
protected void Button1_Click(object sender, EventArgs e)
{
UserCustomer cs = new UserCustomer();
string saltFrodb = cs.getAllDataByName(Session["forgetPassTosaveusername"].ToString()).Passwordsalt;
byte[] saltpls = Convert.FromBase64String(saltFrodb);
//pass from form
string passfromform = Session["md5hashforforgetpassplsthx"].ToString();
//hash on server side
SHA512Managed hashing = new SHA512Managed();
string finalHashval;
string serverhashwithSaltText = passfromform + saltFrodb;
System.Diagnostics.Debug.WriteLine("combining salt" + serverhashwithSaltText);
byte[] serverHashwithSaltHashed = hashing.ComputeHash(Encoding.UTF8.GetBytes(serverhashwithSaltText));
System.Diagnostics.Debug.WriteLine("Server hashed value before convert" + serverHashwithSaltHashed);
finalHashval = Convert.ToBase64String(serverHashwithSaltHashed);
System.Diagnostics.Debug.WriteLine("Server hashed value " + finalHashval);
//get
string encryptedfirstname = HiddenFieldFirstNameEncrypted.Value;
string encryptedlastname = HiddenFieldLastNameEncrypted.Value;
string encrypaddress = HiddenFieldAddressEncrypted.Value;
System.Diagnostics.Debug.WriteLine("dasdsa" + encryptedfirstname);
System.Diagnostics.Debug.WriteLine(encryptedlastname);
System.Diagnostics.Debug.WriteLine(encrypaddress);
string passhashfromform = Session["md5hashforforgetpassplsthx"].ToString();
string savetofirstname = encryptData(encryptedfirstname, passhashfromform, saltpls);
string savetolastanme = encryptData(encryptedlastname, passhashfromform, saltpls);
string savetoaddress = encryptData(encrypaddress, passhashfromform, saltpls);
string encryptednric = Session["encryptedforforgetpassthxnric"].ToString();
string encryptedbirthday = Session["encryptedforforgetpassthxbirthday"].ToString();
string encryotedphone = Session["encryptedforforgetpassthxphone"].ToString();
string encryptedemail = Session["encryptedforforgetpassthxemail"].ToString();
string usernamm = Session["forgetPassTosaveusername"].ToString();
UserCustomer asc = new UserCustomer();
asc.updateforForgetpass(usernamm, finalHashval, encryotedphone, savetoaddress, savetofirstname, savetolastanme, encryptedemail, encryptedbirthday, encryptednric);
asc.updateuserattempts(usernamm, 0);
Response.Redirect("successForgetPass.aspx");
}