static void CreateUser()
{
Console.WriteLine("Welcome");
Console.WriteLine("Create a new user");
Console.WriteLine("Enter a username:"******"Enter a password");
string password = Console.ReadLine();
HashManager hm = new HashManager();
byte[] bytes = Encoding.ASCII.GetBytes(password);
byte[] salt = hm.GenerateSalt();
password = Convert.ToBase64String(hm.GenerateSHA256(bytes, salt));
//Make a new user object
User user = new User(username, password, Convert.ToBase64String(salt));
UserManager um = new UserManager();
um.InsertUserToDB(user);
Console.WriteLine("The user has succesfully been created");
Console.ReadKey();
}
public User VerifyUser(string username, string password)
{
using (SqlConnection sql = new SqlConnection(cs))
{
sql.Open();
SqlCommand cmd = new SqlCommand("SELECT salt FROM users WHERE username = @username", sql);
cmd.Parameters.Add(new SqlParameter("@username", username));
SqlDataReader rdr = cmd.ExecuteReader();
string s = "";
while (rdr.Read())
{
s = (string)rdr["salt"];
}
rdr.Close();
HashManager hm = new HashManager();
byte[] pass = Encoding.UTF8.GetBytes(password);
byte[] salt = Convert.FromBase64String(s);
string hash = Convert.ToBase64String(hm.GenerateSHA256(pass, salt));
SqlCommand cmd2 = new SqlCommand("SELECT * FROM users WHERE username = @username AND password = @password", sql);
cmd2.Parameters.Add(new SqlParameter("@username", username));
cmd2.Parameters.Add(new SqlParameter("@password", hash));
SqlDataReader rdr2 = cmd2.ExecuteReader();
while (rdr2.Read())
{
return(new User(
(string)rdr2["username"],
(string)rdr2["password"],
(string)rdr2["salt"]
));
}
rdr2.Close();
return(null);
}
}
