protected void CheckAccount(string email, string pw) { ValidateInput(); DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(email); //get this from Service1.cs if (user == null) { lb_error.Text = "User not found, please try again"; } //else if(pw != user.pw) else if (pw == null) { lb_error.Text = "Pw is incorrect"; } else { Session["email"] = email; //create GUID and save into the session, a unique value that is hard to guess string guid = Guid.NewGuid().ToString(); Session["AuthToken"] = guid; // save to the new session variable called auth token //create a new cookie with guid value Response.Cookies.Add(new HttpCookie("AuthToken", guid)); Response.Redirect("Partner_Own_Account_Details.aspx", false); } }
protected void resetpw_btn_Click(object sender, EventArgs e) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(Request.QueryString["email"]); client.StaffResetPassword(user.Email); resetpw_lb.Text = "Password has been reset to DOB or Date of Establishment (dd/MM) + Postal Code. E.g. 12/03539591"; }
protected void Page_Load(object sender, EventArgs e) { if (!String.IsNullOrEmpty(Request.QueryString["email"])) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(Request.QueryString["email"]); lb_pc_email.Text = user.Email; lb_pc.Text = user.First_Name; } }
protected void Page_Load(object sender, EventArgs e) { if (Page.IsPostBack == false) { if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) //checks for normal session, the new session "AuthToken" and new cookie { //String authToken = Session["AuthToken"].ToString(); //String cookie = Request.Cookies["AuthToken"].Value; //if (!authToken.Equals(cookie)) //comes here when the 3 conditions above is not null and checks if they match if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { Response.Redirect("User_Login.aspx", false); } else { email = (string)Session["email"]; DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); Account userObj = client.GetAccountByEmail(email); if (userObj != null) { displayfname_lbl.Text = userObj.First_Name; displaylname_lbl.Text = userObj.Last_Name; displayemail_lbl.Text = userObj.Email; displaydob_lbl.Text = userObj.Dob.ToString("dd/MM/yyyy"); displayphone_tb.Text = userObj.Hp; displayaddress1_tb.Text = userObj.Address; displayaddress2_tb.Text = userObj.Address; displaypostalcode_tb.Text = userObj.Postal_Code; displaypoints_lbl.Text = userObj.Diamonds.ToString(); //Session["email"] = userObj.Email; } else { displayfname_lbl.Text = String.Empty; displaylname_lbl.Text = String.Empty; displayemail_lbl.Text = String.Empty; displaydob_lbl.Text = String.Empty; displayaddress1_tb.Text = String.Empty; displayaddress2_tb.Text = String.Empty; displaypostalcode_tb.Text = String.Empty; displaypoints_lbl.Text = String.Empty; } } } else { Response.Redirect("User_Login.aspx", false); } } }
protected void CheckAccount(string email, string pw) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); //var user = client.GetAccountByEmail(email); //get this from Service1.cs Account userObj = client.GetAccountByEmail(email); SHA512Managed hashing = new SHA512Managed(); //string dbHash = userObj.Password; string dbSalt = userObj.Password_Salt; if (userObj != null) { //if (dbSalt != null && dbSalt.Length > 0 && dbHash != null && dbHash.Length > 0) //{ //string pwdWithSalt = pw + dbSalt; //byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt)); //string userHash = Convert.ToBase64String(hashWithSalt); //SHA512Managed hashing = new SHA512Managed(); string pwdWithSalt = pw + dbSalt; // byte[] plainHash = hashing.ComputeHash(Encoding.UTF8.GetBytes(pw)); byte[] hashWithSalt = hashing.ComputeHash(Encoding.UTF8.GetBytes(pwdWithSalt)); String pwhash = Convert.ToBase64String(hashWithSalt); if (pwhash.Equals(userObj.Password)) { Session["email"] = email; //create GUID and save into the session, a unique value that is hard to guess string guid = Guid.NewGuid().ToString(); Session["AuthToken"] = guid; // save to the new session variable called auth token //create a new cookie with guid value Response.Cookies.Add(new HttpCookie("AuthToken", guid)); Response.Redirect("User_Home.aspx"); } //} else { lblMsg2.Text = "User or password is invalid, please try again"; lblMsg2.ForeColor = Color.Red; }; } else { lblMsg2.Text = "Pw is incorrect"; lblMsg2.ForeColor = Color.Red; } }
protected void displayPartnerProfile(string userid) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var partner = client.GetAccountByEmail(Session["email"].ToString()); profile_img.Attributes["src"] = "/Images/Profile_Pictures/" + partner.Profile_Picture; email_lb.Text = partner.Email; fname_lb.Text = partner.First_Name; lname_lb.Text = partner.Last_Name; dob_lb.Text = partner.Dob.ToString("dd/MM/yyyy"); hp_lb.Text = partner.Hp; postal_lb.Text = partner.Postal_Code; address_lb.Text = partner.Address; created_lb.Text = partner.Account_Created.ToString(); }
protected void Page_Load(object sender, EventArgs e) { if (Session["LoggedIn"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) { if (Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(Session["LoggedIn"].ToString()); } else { Response.Redirect("Staff_Login.aspx"); } } else { Response.Redirect("Staff_Login.aspx"); } }
protected void Page_Load(object sender, EventArgs e) { //if (Session["email"] != null) //{ // email = (string)Session["email"]; string email = string.Empty; //} if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) //checks for normal session, the new session "AuthToken" and new cookie { //String authToken = Session["AuthToken"].ToString(); //String cookie = Request.Cookies["AuthToken"].Value; //if (!authToken.Equals(cookie)) //comes here when the 3 conditions above is not null and checks if they match if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { Response.Redirect("User_Login.aspx", false); } else { //ValidateUser(email); //string message = "Simple MessageBox"; //string title = "Title"; //MessageBox.Show(message, title); email = (string)Session["email"]; DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); Account userObj = client.GetAccountByEmail(email); //string email = userObj.Email; if (userObj != null) { Label1.Text = "Welcome " + userObj.First_Name; } else { Label1.Text = "Welcome User"; } } } else { Response.Redirect("User_Login.aspx", false); } }
protected void Page_Load(object sender, EventArgs e) { if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) { if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { Response.Redirect("Partner_Login.aspx", false); } else { email = Session["email"].ToString(); DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var partner = client.GetAccountByEmail(Session["email"].ToString()); lb_Company.Text = partner.First_Name; } } else { Response.Redirect("Partner_Login.aspx", false); } }
protected void Page_Load(object sender, EventArgs e) { if (Page.IsPostBack == false) { if (Session["email"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) //checks for normal session, the new session "AuthToken" and new cookie { //String authToken = Session["AuthToken"].ToString(); //String cookie = Request.Cookies["AuthToken"].Value; //if (!authToken.Equals(cookie)) //comes here when the 3 conditions above is not null and checks if they match if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { Response.Redirect("User_Login.aspx", false); } else { email = (string)Session["email"]; DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var userObj = client.GetAccountByEmail(email); if (userObj != null) { lb_points.Text = "Your points: " + userObj.Diamonds.ToString(); } else { lb_points.Text = "Your points: 0"; } } } else { Response.Redirect("User_Login.aspx", false); } } }
protected void Button1_Click(object sender, EventArgs e) // on login { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(email_tb.Text.Trim()); // gets staff account var pass = true; if (user == null) // if staff doesnt exist { error_lb.Text = "Invalid credentials"; // generic error message to prevent brute forcing pass = false; } else { var suspended = client.CheckSuspended(user.Email); // retuns boolean, checks if staff account is suspended if (suspended) { int span = 30 - Convert.ToInt16(DateTime.Now.Subtract(Convert.ToDateTime(user.Locked_Since)).TotalMinutes); error_lb.Text = "Your account has been locked. Please wait " + span + " minutes before trying again."; // error message updates staff on the duration their account is locked for pass = false; } else // if not suspended, check password { string salt = user.Password_Salt; // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after string saltedpw = password_tb.Text.Trim() + salt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); if (hashedpw == user.Password) // if password is correct { client.CheckAttempts(user.Email, true); pass = true; } else // if password is incorrect, reduce attempts left by 1 { client.CheckAttempts(user.Email, false); error_lb.Text = "Invalid credentials"; // generic error message to prevent brute forcing pass = false; } } } if (!ValidateCaptcha()) // in the even that the captcha detects that the user is a bot { error_lb.Text = error_lb.Text + "Something went wrong, please refresh and try again."; pass = false; } if (pass) { // log in Session["LoggedIn"] = user.Email; Session["Role"] = user.Type; // sets user role as a session variable for future checks string guid = Guid.NewGuid().ToString(); Session["AuthToken"] = guid; Response.Cookies.Add(new HttpCookie("AuthToken", guid)); client.UpdateLastLogin(user.Email); Response.Redirect("Staff_Home.aspx"); } }
protected void Page_Load(object sender, EventArgs e) { if (Session["LoggedIn"] != null && Session["Role"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) { if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } else { if (Session["Role"].ToString() == "Staff") { // on page load codes here if (!String.IsNullOrEmpty(Request.QueryString["email"])) { // retrieves selected user account, and displays info DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(Request.QueryString["email"]); profile_img.Attributes["src"] = "/Images/Profile_Pictures/" + user.Profile_Picture; type_lb.Text = user.Type; email_lb.Text = user.Email; staffid_lb.Text = user.Staff_Id; fname_lb.Text = user.First_Name; lname_lb.Text = user.Last_Name; dob_lb.Text = user.Dob.ToString("dd/MM/yyyy"); hp_lb.Text = user.Hp; postal_lb.Text = user.Postal_Code; address_lb.Text = user.Address; created_lb.Text = user.Account_Created.ToString(); login_lb.Text = user.Last_Login.ToString(); points_lb.Text = user.Diamonds.ToString(); if (user.Type.Trim() == "Staff") { resetpw_btn.Visible = false; diamonds_lb.Visible = false; points_lb.Visible = false; } else { staffid_lb.Visible = false; } } else { Response.Redirect("Staff_Accounts_List.aspx"); } } else { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } } } else { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } }
protected void submit_btn_Click(object sender, EventArgs e) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); error_lb.Text = ""; bool pass = true; // overall validation bool mt = false; // empty check string salt = ""; string hashednew = ""; // checking if any fields are empty if (String.IsNullOrWhiteSpace(current_tb.Text) || String.IsNullOrWhiteSpace(new_tb.Text) || String.IsNullOrWhiteSpace(new2_tb.Text)) { error_lb.Text = "Please fill all fields. <br>"; mt = true; } if (!mt) { // checks if user exists var user = client.GetAccountByEmail(Session["email"].ToString()); // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after salt = user.Password_Salt; string saltedpw = current_tb.Text.Trim() + salt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); if (hashedpw != user.Password) { error_lb.Text = error_lb.Text + "Incorrect password <br>"; pass = false; } string saltednew = new_tb.Text.Trim() + salt; hashednew = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltednew))); if (hashednew == user.Password || hashednew == user.Password_Last || hashednew == user.Password_Last2) { error_lb.Text = error_lb.Text + "New password cannot be the same as current or previous 2 passwords <br>"; pass = false; } Regex pwRegex = new Regex(@"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,}"); if (!pwRegex.IsMatch(new_tb.Text.Trim())) { error_lb.Text = error_lb.Text + "Please input a password that fulfills all criteria <br>"; pass = false; } TimeSpan span = DateTime.Now.Subtract(user.Password_Age); if (Convert.ToInt16(span.TotalMinutes) <= 5) { error_lb.Text = error_lb.Text + "You must wait " + (5 - Convert.ToInt16(span.TotalMinutes)).ToString() + " more minutes to change your password <br>"; pass = false; } } if (!mt && pass) { int result = client.ChangePassword(Session["email"].ToString(), hashednew); if (result == 1) { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Partner_Home.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } else { error_lb.Text = "Unable to change password. Please try again later."; } } }
protected void Page_Load(object sender, EventArgs e) { if (Session["LoggedIn"] != null && Session["Role"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) { if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } else { if (Session["Role"].ToString() == "Staff") { // on page load codes here DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(Session["LoggedIn"].ToString()); profile_img.Attributes["src"] = "/Images/Profile_Pictures/" + user.Profile_Picture; email_lb.Text = user.Email; staffid_lb.Text = user.Staff_Id; fname_lb.Text = user.First_Name; lname_lb.Text = user.Last_Name; dob_lb.Text = user.Dob.ToString("dd/MM/yyyy"); hp_lb.Text = user.Hp; postal_lb.Text = user.Postal_Code; address_lb.Text = user.Address; created_lb.Text = user.Account_Created.ToString(); login_lb.Text = user.Last_Login.ToString(); } else { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } } } else { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } }
private bool ValidateInput() { bool result; string email = string.Empty; lbMsg.Text = String.Empty; email = user_email_tb.Text;//(string)Session["email"]; DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); Account userObj = client.GetAccountByEmail(email); if (user_fname_tb.Text == "") { lbMsg.Text += "First name is required" + "<br/>"; lbMsg.ForeColor = Color.Red; } if (user_lname_tb.Text == "") { lbMsg.Text += "Last name is required" + "<br/>"; lbMsg.ForeColor = Color.Red; } if (user_email_tb.Text != "") { if (userObj != null) { if (user_email_tb.Text.Equals(userObj.Email)) { lbMsg.Text += "User has already been registered" + "<br/>"; lbMsg.ForeColor = Color.Red; } } } else { lbMsg.Text += "Email is required" + "<br/>"; lbMsg.ForeColor = Color.Red; } if (user_password_tb.Text != "") { if (checkPw(user_password_tb.Text) <= 4) { lbMsg.Text += "Please put a stronger password" + "<br/>"; lbMsg.ForeColor = Color.Red; } if (user_password_tb.Text != user_confirmpw_tb.Text) { lbMsg.Text += "Passwords do not match" + "<br/>"; lbMsg.ForeColor = Color.Red; } } else { lbMsg.Text += "Password is required" + "<br/>"; lbMsg.ForeColor = Color.Red; } if (String.IsNullOrEmpty(lbMsg.Text)) { return(true); } else { return(false); } }
protected void Page_Load(object sender, EventArgs e) { if (Session["LoggedIn"] != null && Session["Role"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) { if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } else { if (Session["Role"].ToString() == "Staff") // ensures that only staff are able to access the page { // on page load codes here DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); var user = client.GetAccountByEmail(Session["LoggedIn"].ToString()); reports_lb.Text = client.CountUnresolvedReports().ToString(); reviews_lb.Text = client.CountPendingReviews().ToString(); gems_lb.Text = client.CountPendingGems().ToString(); // populating charts double[] yValues = { 25, 27 }; string[] xValues = { "Female", "Male" }; gender_chart.Series["gender"].Points.DataBindXY(xValues, yValues); gender_chart.Series["gender"].Points[0].Color = Color.PaleVioletRed; gender_chart.Series["gender"].Points[1].Color = Color.PaleTurquoise; } else { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } } } else { Session.Clear(); Session.Abandon(); Session.RemoveAll(); Response.Redirect("Staff_Login.aspx"); if (Request.Cookies["ASP.NET_SessionId"] != null) { Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); } if (Request.Cookies["AuthToken"] != null) { Response.Cookies["AuthToken"].Value = string.Empty; Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); } } }