private void btnLogin_Click(object sender, EventArgs e)
{
//create salt
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[SaltSize]);
//generate hash with salt
string hash = PasswordHashHelper.Hash(txtPassword.Text, salt, 1000);
var checkLogin = from cc_users in db.cc_users
where cc_users.UserName == txtusername.Text
select new
{
username = cc_users.UserName,
password = cc_users.Password,
salt = cc_users.Salt
};
foreach (var user in checkLogin)
{
//var saltByte = new byte[user.salt.Length];
if (PasswordHashHelper.Verify(txtPassword.Text, user.password))
{
//MessageBox.Show("Passwords Match");
Properties.Settings.Default.Username = txtusername.Text;
Properties.Settings.Default.Save();
Dashboard dashboard = new Dashboard();
dashboard.Show();
}
else
{
MessageBox.Show("Login failed");
}
}
}
public IWebSession ChangePassword(string oldPassword, string newPassword)
{
var userId = m_session.User.Id;
oldPassword = oldPassword.Trim();
newPassword = newPassword.Trim();
if (oldPassword == newPassword)
{
return(null);
}
if (newPassword.Length < 6)
{
throw new InvalidOperationException("Heslo musí mít alespoň 6 znaků");
}
using (var tran = m_database.OpenTransaction())
{
var user = m_database.SelectFrom <IUser>().Where(i => i.Id == WebSession.User.Id).Execute().FirstOrDefault();
if (user == null)
{
return(null);
}
if (!WebSession.VerifyPassword(user.PasswordHash, oldPassword, user.UsesDefaultPassword))
{
throw new InvalidOperationException("Staré heslo není platné");
}
user.PasswordHash = PasswordHashHelper.Hash(newPassword);
user.UsesDefaultPassword = false;
m_database.Save(user);
WebSession.Logout();
WebSession.Login(user.EMail, newPassword);
WebSession.Logout();
tran.Commit();
}
m_repository.InvalidateUserCache(userId);
return(WebSession);
}
public static void CreateUser()
{
Linq.dbStructureDataContext db = new Linq.dbStructureDataContext();
Form1 frm = new Form1();
//create salt
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[SaltSize]);
//generate hash with salt
string hash = PasswordHashHelper.Hash(frm.txtNewPass.Text, salt, 1000);
var checkUser = from cc_users in db.cc_users
where cc_users.UserName == frm.txtNewUser.Text
select cc_users.UserName;
if (checkUser.Count() == 1)
{
MessageBox.Show("Username already exists");
}
else
{
var createUser = new Linq.cc_user()
{
UserName = frm.txtNewUser.Text,
Password = hash,
Created = DateTime.Now.ToLongDateString(),
Salt = Convert.ToBase64String(salt)
};
db.cc_users.InsertOnSubmit(createUser);
try
{
db.SubmitChanges();
MessageBox.Show("User created");
Properties.Settings.Default.Username = frm.txtNewUser.Text;
Properties.Settings.Default.Save();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
public async Task <ActionResult <RegistrationResponse> > RegisterAsync(RegistrationRequest request)
{
using (await _locker.EnterAsync(request.Username))
{
// ensure username is unique
if (await _users.GetByNameAsync(request.Username) != null)
{
return(BadRequest($"Cannot use the username '{request.Username}'."));
}
var user = new User
{
Username = request.Username,
Secret = _hash.Hash(request.Password),
Permissions = _options.DefaultUserPermissions
};
await _users.UpdateAsync(user);
await _snapshot.CreatedAsync(user, default, SnapshotType.System, user.Id);
public static void Login()
{
Linq.dbStructureDataContext db = new Linq.dbStructureDataContext();
Form1 frm = new Form1();
//create salt
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[SaltSize]);
//generate hash with salt
string hash = PasswordHashHelper.Hash(frm.txtNewPass.Text, salt, 1000);
var checkLogin = from cc_users in db.cc_users
where cc_users.UserName == frm.txtLoginUser.Text
select new
{
username = cc_users.UserName,
password = cc_users.Password,
salt = cc_users.Salt
};
foreach (var user in checkLogin)
{
//var saltByte = new byte[user.salt.Length];
if (PasswordHashHelper.Verify(frm.txtLoginPass.Text, user.password))
{
//MessageBox.Show("Passwords Match");
Properties.Settings.Default.Username = frm.txtLoginUser.Text;
Properties.Settings.Default.Save();
Dashboard dashboard = new Dashboard();
dashboard.Show();
}
else
{
MessageBox.Show("Login failed");
}
}
}
