//returns true if password is changed successfully without errors public bool ChangePassword(LecturerPassword lecturer) { //numeric validation //count the number of character in the password int counter = lecturer.NewPassword.Length; //use for loop to loop thru each character in the string, checks through the whole string for numbers for (int i = 0; i < counter; i++) { //if the current iteration contains a number, execute the query which updates the password if (Char.IsDigit(lecturer.NewPassword, i)) { //hashed the new password var sha1 = new SHA1CryptoServiceProvider(); var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(lecturer.NewPassword)); string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower(); SqlCommand cmd = new SqlCommand("UPDATE Lecturer SET Password=@newPassword" + " WHERE LecturerID = @selectedLecturerID", conn); cmd.Parameters.AddWithValue("@newPassword", hashedPassword); cmd.Parameters.AddWithValue("@selectedLecturerID", lecturer.LecturerId); conn.Open(); int count = cmd.ExecuteNonQuery(); conn.Close(); return(true); } } return(false); }
public LecturerPassword getPasswordDetails(int lecturerId) { SqlCommand cmd = new SqlCommand("SELECT * FROM Lecturer WHERE LecturerID = @selectedLecturerID", conn); cmd.Parameters.AddWithValue("@selectedLecturerID", lecturerId); SqlDataAdapter da = new SqlDataAdapter(cmd); DataSet result = new DataSet(); conn.Open(); da.Fill(result, "LecturerPasswordDetails"); conn.Close(); LecturerPassword lecturer = new LecturerPassword(); if (result.Tables["LecturerPasswordDetails"].Rows.Count > 0) { lecturer.LecturerId = lecturerId; DataTable table = result.Tables["LecturerPasswordDetails"]; if (!DBNull.Value.Equals(table.Rows[0]["Password"])) { lecturer.Password = table.Rows[0]["Password"].ToString(); } return(lecturer); } else { return(null); } }
//Change Password Page //GET: Lecturer/Change Function public ActionResult Change() { if ((HttpContext.Session.GetString("Role") == null) || (HttpContext.Session.GetString("Role") != "Lecturer")) { return(RedirectToAction("Index", "Home")); } //set a variable from the session string logged in Lecturer's ID int id = Convert.ToInt32(HttpContext.Session.GetString("ID")); //get all the lecturer details based on the ID LecturerPassword lecturer = new LecturerPassword(); lecturer.LecturerId = id; return(View(lecturer)); }
public ActionResult Change(LecturerPassword lecturer) { if (lecturer.Password == null) { return(View(lecturer)); } //get password details for currently logged in lecturer LecturerPassword currentLecturer = lecturerContext.getPasswordDetails(Convert.ToInt32(HttpContext.Session.GetString("ID"))); var sha1 = new SHA1CryptoServiceProvider(); var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(lecturer.Password)); string hashedPassword = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower(); //if password DOES NOT match the database password... if (hashedPassword != currentLecturer.Password) { ViewData["Message"] = "Current Password Is Incorrect!"; return(View(lecturer)); } //else continue what is needed to be done if (ModelState.IsValid) { //checks whether the password is the same if (lecturer.NewPassword == lecturer.ConfirmPassword) { //Checks the password whether it contains a digit, hashes the password using SHA-1 and updates the password into the database if (lecturerContext.ChangePassword(lecturer)) { ViewData["Message"] = "Password Changed Successfully!"; return(View(lecturer)); } } //if password does not match else { ViewData["Message"] = "Password Does Not Match!"; return(View(lecturer)); } } //if password field is empty OR does not match the required model from Lecturer.cs, return to view with error message ViewData["Message"] = "Password Field Did Not Meet Requirements!"; return(View(lecturer)); }