protected void LoginMe(object sender, EventArgs e)
{
resetFeedback();
string email = tb_email.Text.Trim();
string pwd = tb_password.Text.Trim();
if (!UserUtils.Exist(email))
{
showFeedback("Invalid email or password. Try again.");
return;
}
if (UserUtils.IsAccountDisabled(email))
{
showFeedback("Account is disabled.");
return;
}
if (!UserUtils.Authenticate(email, pwd))
{
UserUtils.AddFailedAuthAttempt(email);
showFeedback("Invalid email or password. Try again.");
return;
}
// success
Session["Email"] = email;
string guid = Guid.NewGuid().ToString();
Session["AuthToken"] = guid;
Response.Cookies.Add(new HttpCookie("AuthToken", guid));
Response.Redirect("~/Home.aspx");
}
protected void btn_submit_Click(object sender, EventArgs e)
{
// validate fields
if (!Validate_Fields())
{
return;
}
string email = tb_email.Text.Trim();
string password = tb_password.Text.Trim();
string input_fName = tb_fName.Text.Trim();
string input_lName = tb_lName.Text.Trim();
string input_ccCVV = tb_ccCVV.Text.Trim();
string newPassword = tb_newPassword.Text.Trim();
string confirmNewPassword = tb_confirmNewPassword.Text.Trim();
if (!UserUtils.Exist(email))
{
showFeedback("Invalid email address.");
return;
}
if (!UserUtils.Authenticate(email, password))
{
showFeedback("Sorry, with the information you've provided. We still can't verify that you're the account owner.");
return;
}
string userId = null;
string firstName = null, lastName = null;
string cipherText = null;
string iv = null;
string key = null;
string existPassSalt = null;
string existPassHash = null;
using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MYDBConnection"].ConnectionString))
{
using (SqlCommand cmd = new SqlCommand("SELECT * FROM [dbo].[Users] WHERE Email = @Email", con))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@Email", email);
if (con.State == ConnectionState.Closed || con.State == ConnectionState.Broken)
{
con.Open();
}
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.Read())
{
userId = sdr["Id"].ToString();
firstName = sdr["FirstName"].ToString();
lastName = sdr["LastName"].ToString();
existPassSalt = sdr["PasswordSalt"].ToString();
existPassHash = sdr["PasswordHash"].ToString();
cipherText = sdr["CCCVV"].ToString();
iv = sdr["IV"].ToString();
key = sdr["Key"].ToString();
}
}
}
string plainText = DataCrypt.Decrypt(cipherText, iv, key);
if (!(plainText.Equals(input_ccCVV) && firstName.Equals(input_fName) && lastName.Equals(input_lName)))
{
showFeedback("Invalid details provided.");
return;
}
if (Password.ComparePasswordHash(Password.GetPasswordHash(newPassword, existPassSalt), existPassHash))
{
showFeedback("Your new password cannot be a password you've used before.");
return;
}
Password.UpdatePassword(userId, Convert.ToBase64String(Password.GetPasswordHash(tb_newPassword.Text.Trim(), existPassSalt)));
UserUtils.UnlockAccount(email);
lbl_feedback.ForeColor = Color.Green;
showFeedback("Password has been updated.");
}