public int RegisterUser(RegisterRequest model)
{
int id = 0;
string salt;
string hashedPassword;
string password = model.Password;
CryptographyService svc = new CryptographyService();
salt = svc.GenerateRandomString(16);
hashedPassword = svc.Hash(password, salt);
model.HashedPassword = hashedPassword;
model.Salt = salt;
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
using (SqlCommand cmd = new SqlCommand("Users_Insert", conn))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Email", model.Email);
cmd.Parameters.AddWithValue("@HashedPassword", model.HashedPassword);
cmd.Parameters.AddWithValue("@Salt", model.Salt);
SqlParameter parm = new SqlParameter("@Id", SqlDbType.Int);
parm.Direction = ParameterDirection.Output;
cmd.Parameters.Add(parm);
cmd.ExecuteNonQuery();
id = (int)cmd.Parameters["@Id"].Value;
};
conn.Close();
}
return(id);
}
public LoginData Login(LoginRequest model)
{
LoginData res = new LoginData();
res.IsLoggedIn = false;
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
using (SqlCommand cmd = new SqlCommand("Users_SelectByEmail", conn))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Email", model.Email);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
LoginRequest responseModel = Mapper(reader);
res.Id = responseModel.Id;
res.Email = responseModel.Email;
int multOf4 = responseModel.Salt.Length % 4;
if (multOf4 > 0)
{
responseModel.Salt += new string('=', 4 - multOf4);
}
CryptographyService cryptSvc = new CryptographyService();
string passwordHash = cryptSvc.Hash(model.Password, responseModel.Salt);
if (passwordHash == responseModel.EncryptedPass)
{
res.IsLoggedIn = true;
}
}
}
conn.Close();
}
if (res.IsLoggedIn == false)
{
res.Id = 0;
res.Email = "Failed to login";
return(res);
}
return(res);
}
public void ChangePassword(UpdatePasswordRequest model)
{
CryptographyService svc = new CryptographyService();
string salt = svc.GenerateRandomString(16);
string hashedPassword = svc.Hash(model.NewPassword, salt);
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
using (SqlCommand cmd = new SqlCommand("Users_ChangePassword", conn))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Id", model.UserId);
cmd.Parameters.AddWithValue("@HashedPassword", hashedPassword);
cmd.Parameters.AddWithValue("@Salt", salt);
cmd.ExecuteNonQuery();
};
conn.Close();
}
}
