protected void Login_Click(object sender, EventArgs e)
            //Declares a connection and SQL command variable.
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
            SqlCommand    cmd  = new SqlCommand();

            cmd.Connection  = conn;
            cmd.CommandText = "SELECT AdminPassword FROM AdminPassword WHERE Id='1'";
            SqlDataReader reader = cmd.ExecuteReader();

            while (reader.Read())
                //Retrieves the universal admin password.
                hashedPassword = reader["AdminPassword"].ToString();
            //Checks if the hashed password is correct. If it is, grants access. If not, returns an error message.
            bool correct = Salt.Verify(AdminPassword.Text, hashedPassword);

            if (correct == false)
                Error.Text = "Incorrect password.";
                Session["AdminUsername"] = "******";
                Session["AdminMessage"]  = "Welcome.";
            //Closes the database connection.
Пример #2
        protected void CustomerLogin_Click(object sender, EventArgs e)
            //Declare SQL connection and command variables.
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
            SqlCommand    cmd  = new SqlCommand();
            SqlCommand    cmd2 = new SqlCommand();

            cmd.Connection  = conn;
            cmd.CommandText = "SELECT Password FROM Customer WHERE Email = @email";
            cmd.Parameters.Add("@email", SqlDbType.NChar).Value = Email.Text;
            cmd2.Connection  = conn;
            cmd2.CommandText = "SELECT ID, FirstName FROM Customer WHERE Email = @email";
            cmd2.Parameters.Add("@email", SqlDbType.NChar).Value = Email.Text;
            //Check if any email address in the database matches the one entered. If no rows are returned, generate an error message. Otherwise, proceed.
            SqlDataReader reader = cmd.ExecuteReader();

            if (reader.HasRows == false)
                Error.Text = "Incorrect email address.";
                while (reader.Read())
                    //Sets the hashed password variable.
                    hashedPassword = reader["Password"].ToString();
                //Checks the hashed password. If it isn't correct, generate an error message. If it is, set session ID and message and redirect to the User page.
                bool correct = Salt.Verify(Password.Text, hashedPassword);
                if (correct == false)
                    Error.Text = "Incorrect password.";
                    SqlDataReader reader2 = cmd2.ExecuteReader();
                    while (reader2.Read())
                        Session["Id"]      = Int32.Parse(reader2["Id"].ToString());
                        Session["Message"] = "Welcome, " + reader2["FirstName"].ToString() + ".";
 protected void Submit_Click(object sender, EventArgs e)
     //If the New Password and Confirm New Password text boxes do not match, generate an error message. If they do, proceed.
     if (NewPassword.Text != ConfirmNewPassword.Text)
         Error.Text = "New Password and Confirm New Password do not match.";
         //Declare connection and SQL query variables.
         SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
         SqlCommand    cmd  = new SqlCommand();
         cmd.Connection  = conn;
         cmd.CommandText = "SELECT AdminPassword FROM AdminPassword WHERE Id = '1'";
         SqlDataReader reader = cmd.ExecuteReader();
         while (reader.Read())
             //Retrieve the universal admin password.
             hashedPassword = reader["AdminPassword"].ToString();
         //Checks if the input existing password is correct. If it is, proceeds. If not, generates an error message.
         bool correct = Salt.Verify(OldPassword.Text, hashedPassword);
         if (correct == false)
             Error.Text = "Incorrect old password.";
             SqlCommand cmd2 = new SqlCommand();
             cmd2.Connection = conn;
             //Updates the universal admin password, changes the message to reflect this, and redirects to the Admin page.
             cmd2.CommandText = "UPDATE AdminPassword SET AdminPassword = @newPassword WHERE Id = '1'";
             cmd2.Parameters.Add("@newPassword", SqlDbType.VarChar).Value = Salt.Encode(NewPassword.Text, null);
             Session["AdminMessage"] = "Admin password successfully changed.";
         //Closes the database connection.