Пример #1
0
        protected void LoginMe(object sender, EventArgs e)
        {
            resetFeedback();

            string email = tb_email.Text.Trim();
            string pwd   = tb_password.Text.Trim();

            if (!UserUtils.Exist(email))
            {
                showFeedback("Invalid email or password. Try again.");
                return;
            }

            if (UserUtils.IsAccountDisabled(email))
            {
                showFeedback("Account is disabled.");
                return;
            }

            if (!UserUtils.Authenticate(email, pwd))
            {
                UserUtils.AddFailedAuthAttempt(email);
                showFeedback("Invalid email or password. Try again.");
                return;
            }

            // success
            Session["Email"] = email;

            string guid = Guid.NewGuid().ToString();

            Session["AuthToken"] = guid;

            Response.Cookies.Add(new HttpCookie("AuthToken", guid));
            Response.Redirect("~/Home.aspx");
        }
        protected void btn_submit_Click(object sender, EventArgs e)
        {
            // validate fields
            if (!Validate_Fields())
            {
                return;
            }

            string email    = tb_email.Text.Trim();
            string password = tb_password.Text.Trim();

            string input_fName = tb_fName.Text.Trim();
            string input_lName = tb_lName.Text.Trim();

            string input_ccCVV = tb_ccCVV.Text.Trim();

            string newPassword        = tb_newPassword.Text.Trim();
            string confirmNewPassword = tb_confirmNewPassword.Text.Trim();

            if (!UserUtils.Exist(email))
            {
                showFeedback("Invalid email address.");
                return;
            }

            if (!UserUtils.Authenticate(email, password))
            {
                showFeedback("Sorry, with the information you've provided. We still can't verify that you're the account owner.");
                return;
            }

            string userId = null;

            string firstName = null, lastName = null;
            string cipherText = null;
            string iv         = null;
            string key        = null;

            string existPassSalt = null;
            string existPassHash = null;

            using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MYDBConnection"].ConnectionString))
            {
                using (SqlCommand cmd = new SqlCommand("SELECT * FROM [dbo].[Users] WHERE Email = @Email", con))
                {
                    cmd.CommandType = CommandType.Text;
                    cmd.Parameters.AddWithValue("@Email", email);

                    if (con.State == ConnectionState.Closed || con.State == ConnectionState.Broken)
                    {
                        con.Open();
                    }

                    SqlDataReader sdr = cmd.ExecuteReader();
                    if (sdr.Read())
                    {
                        userId = sdr["Id"].ToString();

                        firstName = sdr["FirstName"].ToString();
                        lastName  = sdr["LastName"].ToString();

                        existPassSalt = sdr["PasswordSalt"].ToString();
                        existPassHash = sdr["PasswordHash"].ToString();

                        cipherText = sdr["CCCVV"].ToString();
                        iv         = sdr["IV"].ToString();
                        key        = sdr["Key"].ToString();
                    }
                }
            }
            string plainText = DataCrypt.Decrypt(cipherText, iv, key);

            if (!(plainText.Equals(input_ccCVV) && firstName.Equals(input_fName) && lastName.Equals(input_lName)))
            {
                showFeedback("Invalid details provided.");
                return;
            }

            if (Password.ComparePasswordHash(Password.GetPasswordHash(newPassword, existPassSalt), existPassHash))
            {
                showFeedback("Your new password cannot be a password you've used before.");
                return;
            }

            Password.UpdatePassword(userId, Convert.ToBase64String(Password.GetPasswordHash(tb_newPassword.Text.Trim(), existPassSalt)));
            UserUtils.UnlockAccount(email);
            lbl_feedback.ForeColor = Color.Green;
            showFeedback("Password has been updated.");
        }