protected void submit_btn_Click(object sender, EventArgs e) { error_lb.Text = ""; bool pass = true; // overall validation bool empty = false; // empty checck // retrieves inputs string email = staff_email_lb.Text; string fname = staff_fn_tb.Text; string lname = staff_ln_tb.Text; string hp = staff_hp_tb.Text; string postal = staff_postalcode_tb.Text; string address = staff_address_tb.Text; string pw = staff_password_tb.Text; string pw2 = staff_password2_tb.Text; // checks if any fields are empty if (String.IsNullOrEmpty(email) || String.IsNullOrEmpty(fname) || String.IsNullOrEmpty(lname) || String.IsNullOrEmpty(hp) || String.IsNullOrEmpty(address) || String.IsNullOrEmpty(postal) || String.IsNullOrEmpty(pw) || String.IsNullOrEmpty(pw2) || String.IsNullOrEmpty(staff_dob_tb.Text) || !picture_file.HasFile) { error_lb.Text = "Please fill all fields"; empty = true; } // if not empty, perform validation checks if (!empty) { Regex nameRegex = new Regex("^[A-Za-z]+$"); if (!nameRegex.IsMatch(fname) || !nameRegex.IsMatch(lname)) { error_lb.Text = error_lb.Text + "Please input a valid name <br>"; pass = false; } Regex hpRegex = new Regex("^[89]{1}[0-9]{7}$"); if (!hpRegex.IsMatch(hp)) { error_lb.Text = error_lb.Text + "Please input a valid contact number <br>"; pass = false; } Regex postalRegex = new Regex("^[0-9]{6}$"); if (!postalRegex.IsMatch(postal)) { error_lb.Text = error_lb.Text + "Please input a valid postal code<br>"; pass = false; } Regex addressRegex = new Regex("^[0-9A-Za-z#]+$"); if (!addressRegex.IsMatch(postal)) { error_lb.Text = error_lb.Text + "Please input a valid address<br>"; pass = false; } if (picture_file.PostedFile.ContentLength > 2100000) { error_lb.Text = error_lb.Text + "Please upload a photo smaller than 2MB <br>"; pass = false; } var extension = System.IO.Path.GetExtension(Server.HtmlEncode(picture_file.FileName)); System.Diagnostics.Debug.WriteLine(extension); if (extension != ".jpg" && extension != ".jpeg" && extension != ".png") { error_lb.Text = error_lb.Text + "Please upload a .jpg/.jpeg/.png file <br>"; pass = false; } } // if fields are not empty, and pass validation checks if (!empty && pass) { DateTime dob = Convert.ToDateTime(staff_dob_tb.Text); var extension = System.IO.Path.GetExtension(Server.HtmlEncode(picture_file.FileName)); var filename = fname + hp.Substring(4, 4) + extension; // first name + last 4 digits of phone number picture_file.SaveAs(Request.PhysicalApplicationPath + "/Images/Profile_Pictures/" + filename); // initializing bytes for salts RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] pwsaltbyte = new byte[8]; // getting random salt bytes and converting into string rng.GetBytes(pwsaltbyte); string pwsalt = Convert.ToBase64String(pwsaltbyte); // initializing hashing thingy SHA512Managed hashing = new SHA512Managed(); // salting plaintext and hashing after string saltedpw = pw + pwsalt; string hashedpw = Convert.ToBase64String(hashing.ComputeHash(Encoding.UTF8.GetBytes(saltedpw))); DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); client.CreateAccount(email, hashedpw, pwsalt, "Staff", fname, lname, dob, hp, postal, address, filename, client.GetStaffId(), 0); Response.Redirect("Staff_Accounts_List.aspx"); } }
protected void Page_Load(object sender, EventArgs e) { DBServiceReference.Service1Client client = new DBServiceReference.Service1Client(); staff_email_lb.Text = client.GetStaffId() + "@sggo.com"; staff_password_tb.Attributes.Add("onkeyup", "pwdChecker();"); staff_password2_tb.Attributes.Add("onkeyup", "pwdMatcher();"); //if (Session["LoggedIn"] != null && Session["Role"] != null && Session["AuthToken"] != null && Request.Cookies["AuthToken"] != null) //{ // if (!Session["AuthToken"].ToString().Equals(Request.Cookies["AuthToken"].Value)) // { // Session.Clear(); // Session.Abandon(); // Session.RemoveAll(); // Response.Redirect("Staff_Login.aspx"); // if (Request.Cookies["ASP.NET_SessionId"] != null) // { // Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; // Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); // } // if (Request.Cookies["AuthToken"] != null) // { // Response.Cookies["AuthToken"].Value = string.Empty; // Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); // } // } // else // { // if (Session["Role"].ToString() == "Staff") // { // // on page load codes here // } // else // { // Session.Clear(); // Session.Abandon(); // Session.RemoveAll(); // Response.Redirect("Staff_Login.aspx"); // if (Request.Cookies["ASP.NET_SessionId"] != null) // { // Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; // Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); // } // if (Request.Cookies["AuthToken"] != null) // { // Response.Cookies["AuthToken"].Value = string.Empty; // Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); // } // } // } //} //else //{ // Session.Clear(); // Session.Abandon(); // Session.RemoveAll(); // Response.Redirect("Staff_Login.aspx"); // if (Request.Cookies["ASP.NET_SessionId"] != null) // { // Response.Cookies["ASP.NET_SessionId"].Value = string.Empty; // Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20); // } // if (Request.Cookies["AuthToken"] != null) // { // Response.Cookies["AuthToken"].Value = string.Empty; // Response.Cookies["AuthToken"].Expires = DateTime.Now.AddMonths(-20); // } //} }