Пример #1
0
        private void btn_Login(object sender, EventArgs e)
        {
            //Checks for Username and Password. If it finds each (as a pair) in the Database, it will login,
            //otherwise a Messagebox will pop up, telling the user, the login attempt failed.
            cmd.Parameters.Clear();
            cmd.Parameters.AddWithValue("@usr", txt_username.Text);
            con.Open();
            //Create a Reader, who just executes the Command, it should have a User now. Hash that password and verify it with the plaintext, the user just entered.
            MySqlDataReader reader = cmd.ExecuteReader();

            if (reader.HasRows)
            {
                while (reader.Read())
                {
                    if (BCrypt.CheckPassword(txt_password.Text, reader.GetString(2)))
                    {
                        this.Hide();

                        LoadingScreen ls = new LoadingScreen();
                        ls.Show();
                        //Reactivate after finishing
                        //System.Threading.Thread.Sleep(3000);
                        ls.Close();
                        ls.Dispose();

                        //Send the User ID (which is at Array[0]), so that the main program actually knows, who its working with.
                        MainForm mw = new MainForm(reader.GetInt32(0));
                        mw.Show();
                    }
                }
            }
            else
            {
                MessageBox.Show("Falsche Login Daten", "Fehler", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }

            con.Close();
        }
Пример #2
0
        /// <summary>
        /// Hash a password using the OpenBSD bcrypt scheme.
        /// </summary>
        /// <param name="password">The password to hash.</param>
        /// <param name="salt">The salt to hash with (perhaps generated
        /// using <c>BCrypt.GenerateSalt</c>).</param>
        /// <returns>The hashed password.</returns>
        public static string HashPassword(string password, string salt)
        {
            if (password == null)
            {
                throw new ArgumentNullException("password");
            }
            if (salt == null)
            {
                throw new ArgumentNullException("salt");
            }

            char minor = (char)0;

            if (salt[0] != '$' || salt[1] != '2')
            {
                throw new ArgumentException("Invalid salt version");
            }

            int offset;

            if (salt[1] != '$')
            {
                minor = salt[2];
                if (minor != 'a' || salt[3] != '$')
                {
                    throw new ArgumentException("Invalid salt revision");
                }
                offset = 4;
            }
            else
            {
                offset = 3;
            }

            // Extract number of rounds
            if (salt[offset + 2] > '$')
            {
                throw new ArgumentException("Missing salt rounds");
            }

            int rounds = Int32.Parse(salt.Substring(offset, 2), NumberFormatInfo.InvariantInfo);

            byte[] passwordBytes = Encoding.UTF8.GetBytes(password + (minor >= 'a' ? "\0" : String.Empty));
            byte[] saltBytes     = DecodeBase64(salt.Substring(offset + 3, 22),
                                                BCRYPT_SALT_LEN);

            BCrypt bcrypt = new BCrypt();

            byte[] hashed = bcrypt.CryptRaw(passwordBytes, saltBytes, rounds);

            StringBuilder rs = new StringBuilder();

            rs.Append("$2");
            if (minor >= 'a')
            {
                rs.Append(minor);
            }
            rs.Append('$');
            if (rounds < 10)
            {
                rs.Append('0');
            }
            rs.Append(rounds);
            rs.Append('$');
            rs.Append(EncodeBase64(saltBytes, saltBytes.Length));
            rs.Append(EncodeBase64(hashed,
                                   (bf_crypt_ciphertext.Length * 4) - 1));

            return(rs.ToString());
        }
Пример #3
0
        private void btn_Create_Click(object sender, EventArgs e)
        {
            if (string.IsNullOrWhiteSpace(txt_username.Text) || string.IsNullOrWhiteSpace(txt_password.Text) || string.IsNullOrWhiteSpace(cmb_role.SelectedItem.ToString()))
            {
                MessageBox.Show("Bitte füllen Sie alle angegebenen Felder sorgfältig aus.", "Fehler", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            else
            {
                MySqlConnection con            = new MySqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["MySql"].ConnectionString);
                String          HashedPassword = BCrypt.HashPassword(txt_password.Text, BCrypt.GenerateSalt());
                MySqlCommand    cmd            = new MySqlCommand("INSERT INTO `Login` (`id`, `username`, `password`, `role`) VALUES (NULL, '" + txt_username.Text + "', '" + HashedPassword + "', '" + cmb_role.SelectedItem.ToString() + "');", con);


                try
                {
                    con.Open();
                    cmd.ExecuteNonQuery();
                    con.Close();
                    this.Close();
                }
                catch (Exception ex)
                {
                    MessageBox.Show("Ein unerwarteter Fehler ist beim Erstellen eines neuen Benutzers aufgetreten. Bitte versuchen Sie es erneut.", "Fehler", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
            }
        }