示例#1
0
        /// <summary>
        /// Helper method to sign members up. Writes information to XML.
        /// Called upon correct user input of account creation.
        /// </summary>
        private void signup()
        {
            int i;

            string[] data = new string[4];
            byte[]   encrypted;
            string   strEncrypted = "";
            string   key          = "";
            string   iv           = "";

            data[0] = txt_username.Text;
            Aes aesAlg = Aes.Create();

            // store key for de-cryption
            for (i = 0; i < aesAlg.Key.Length - 1; i++)
            {
                key += aesAlg.Key[i].ToString() + ",";
            }
            key    += aesAlg.Key[i].ToString();
            data[2] = key;

            // store iv for de-cryption
            for (i = 0; i < aesAlg.IV.Length - 1; i++)
            {
                iv += aesAlg.IV[i].ToString() + ",";
            }
            iv     += aesAlg.IV[i].ToString();
            data[3] = iv;

            // Encrypt
            using (aesAlg)
            {
                encrypted = EncryptDecypt.EncryptStringToBytes_Aes(txt_pass.Text, aesAlg.Key, aesAlg.IV);
            }

            // encrypted text - password
            for (i = 0; i < encrypted.Length - 1; i++)
            {
                strEncrypted += encrypted[i].ToString() + ",";
            }
            strEncrypted += encrypted[i].ToString();
            data[1]       = strEncrypted;

            EncryptDecypt.writeXml(data, false);
            Session["username"] = data[0];
            Session["staff"]    = false;
            Response.Redirect("~/stockPage.aspx");
        }
示例#2
0
        /// <summary>
        /// Event handler for signup button
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void btn_signup_Click(object sender, EventArgs e)
        {
            // clear all error labels
            lbl_username_error.Text   = "";
            lbl_pass_error.Text       = "";
            lbl_pass_cnfrm_error.Text = "";
            lbl_captcha_error.Text    = "";
            // check if username field is blank
            if (txt_username.Text == null || txt_username.Text == "")
            {
                lbl_username_error.Text = "Email is empty!";
                return;
            }
            // check if password is blank
            if (txt_pass.Text == null || txt_pass.Text == "")
            {
                lbl_pass_error.Text = "Password is empty!";
                return;
            }
            // check if passwords match
            if (!txt_pass.Text.Equals(txt_pass_cnfrm.Text))
            {
                lbl_pass_error.Text       = "Passwords do not match!";
                lbl_pass_cnfrm_error.Text = "Passwords do not match!";
                return;
            }
            // check if username is taken
            string[] usrNmChk = EncryptDecypt.readXml(txt_username.Text, false);
            if (usrNmChk != null && !usrNmChk[0].Equals("FILE NOT FOUND"))
            {
                // username was found in file
                lbl_username_error.Text = "Username taken, please choose again";
                txt_username.Text       = "";
                return;
            }
            // check captcha string
            if (!Session["generatedString"].Equals(txt_img_string.Text))
            {
                lbl_captcha_error.Text = "Incorrect verify string, try again.";
                return;
            }

            //no errors so sign member up
            signup();
        }
示例#3
0
        /// <summary>
        /// Event handler to add staff members to the staff.xml file.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void btn_add_Click(object sender, EventArgs e)
        {
            int i;

            string[] data = new string[4];
            byte[]   encrypted;
            string   strEncrypted = "";
            string   key          = "";
            string   iv           = "";

            data[0] = txt_username.Text;
            Aes aesAlg = Aes.Create();

            // store key for de-cryption
            for (i = 0; i < aesAlg.Key.Length - 1; i++)
            {
                key += aesAlg.Key[i].ToString() + ",";
            }
            key    += aesAlg.Key[i].ToString();
            data[2] = key;

            // store iv for de-cryption
            for (i = 0; i < aesAlg.IV.Length - 1; i++)
            {
                iv += aesAlg.IV[i].ToString() + ",";
            }
            iv     += aesAlg.IV[i].ToString();
            data[3] = iv;

            using (aesAlg)
            {
                encrypted = EncryptDecypt.EncryptStringToBytes_Aes(txt_pass.Text, aesAlg.Key, aesAlg.IV);
            }

            //encrypted text - password
            for (i = 0; i < encrypted.Length - 1; i++)
            {
                strEncrypted += encrypted[i].ToString() + ",";
            }
            strEncrypted += encrypted[i].ToString();
            data[1]       = strEncrypted;

            EncryptDecypt.writeXml(data, true);
        }
        /// <summary>
        /// Event handler for a login click.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void btn_mber_login_Click(object sender, EventArgs e)
        {
            // check if the username has been set by the cookie logic.
            if (username == null)
            {
                username = txt_username.Text;
            }
            string password = txt_pass.Text;

            // clear errors
            lbl_username_error.Text = "";
            lbl_pass_error.Text     = "";
            // check if username is empty
            if (username == null || username == "")
            {
                lbl_username_error.Text = "username is empty!";
                return;
            }
            // check if password is empty
            if (password == null || password == "")
            {
                lbl_pass_error.Text = "Password is empty!";
                return;
            }
            //check if credentials are correct
            string[] passWrdChk = EncryptDecypt.readXml(username, chk_staff.Checked);
            if (passWrdChk == null || passWrdChk[0].Equals("FILE NOT FOUND"))
            {
                lbl_username_error.Text = "Username not found or incorrect, please try again";
                txt_username.Text       = "";
                return;
            }
            else
            {
                string[] encryptedPass  = passWrdChk[0].Split(',');
                byte[]   encryptedBytes = new byte[encryptedPass.Length];
                for (int i = 0; i < encryptedPass.Length; i++)
                {
                    encryptedBytes[i] = Convert.ToByte(encryptedPass[i]);
                }

                string[] strKey   = passWrdChk[1].Split(',');
                byte[]   keyBytes = new byte[strKey.Length];
                for (int i = 0; i < strKey.Length; i++)
                {
                    keyBytes[i] = Convert.ToByte(strKey[i]);
                }

                string[] strIV   = passWrdChk[2].Split(',');
                byte[]   ivBytes = new byte[strIV.Length];
                for (int i = 0; i < strIV.Length; i++)
                {
                    ivBytes[i] = Convert.ToByte(strIV[i]);
                }

                string decryptedPass = "";
                Aes    aesAlg;
                using (aesAlg = Aes.Create())
                {
                    decryptedPass = EncryptDecypt.DecryptStringFromBytes_Aes(encryptedBytes, keyBytes, ivBytes);
                }

                if (password.Equals(decryptedPass))
                {
                    if (chk_remember.Checked)
                    {
                        //create user cookie
                        Response.Cookies["authcookie"]["username"] = username;
                        Response.Cookies["authcookie"].Expires     = DateTime.Now.AddMonths(6);
                    }
                    //create user session
                    Session["username"] = username;

                    //staff session?
                    if (chk_staff.Checked)
                    {
                        Session["staff"] = true;
                    }
                    else
                    {
                        Session["staff"] = false;
                    }
                    //Access member page if everything worked
                    Response.Redirect("~/stockPage.aspx");
                }
                else
                {
                    lbl_pass_error.Text = "Incorrect password, please try again.";
                    txt_pass.Text       = "";
                }
            }
        }