private void insertData() { try { String connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ToString(); connection = new MySqlConnection(connectionString); connection.Open(); MessageBox.Show("Successfully connected to database"); String queryString = "insert into signup_table(first_name,surname,mobile_number,email_address,salt,password) " + "values (@F_Name, @S_Name, @M_Number, @E_Address, @Salt, @Password)"; command = new MySqlCommand(queryString, connection); command.Parameters.AddWithValue("@F_Name", FirstN_TextBox.Text); command.Parameters.AddWithValue("@S_Name", SurN_TextBox.Text); command.Parameters.AddWithValue("@M_Number", MobileN_TextBox.Text); command.Parameters.AddWithValue("@E_Address", EmailA_TextBox.Text); SHA256_Encryption encryption = new SHA256_Encryption(); String salt = encryption.CreateSalt(10); command.Parameters.AddWithValue("@Salt", salt); String hashedpassword = encryption.GenerateSHA256Hash(Password_TextBox.Text, salt); command.Parameters.AddWithValue("@Password", hashedpassword); command.ExecuteReader(); connection.Close(); MessageBox.Show("Password encrypted successfully"); MessageBox.Show("Data inserted successfully"); Response.BufferOutput = true; Response.Redirect("Login_Page.aspx", false); } catch (MySqlException ex) { String mobileNumberUniqueness = MobileN_TextBox.Text; String emailAddressUniqueness = EmailA_TextBox.Text; String emailAddressAuthentication = "Duplicate entry" + " '" + emailAddressUniqueness + "' " + "for key " + "'email_address_UNIQUE'"; String mobileNumberAuthentication = "Duplicate entry" + " '" + mobileNumberUniqueness + "' " + "for key " + "'mobile_number_UNIQUE'"; if (ex.Message.Equals(emailAddressAuthentication)) { MessageBox.Show("User already registered. Please enter another email address."); } else if (ex.Message.Equals(mobileNumberAuthentication)) { MessageBox.Show("Mobile number already regestered. Please enter another mobile number."); } else { MessageBox.Show("Signup Failed. Please try again." + ex); } connection.Close(); throw; } catch (Exception ex) { connection.Close(); MessageBox.Show("Signup Failed. Please try again. " + ex); throw; } }
private void loginValidationCheck() { try { String retrivedSalt, retrivedHashedPassword, regeneratedHashedPassword; String connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ToString(); connection = new MySqlConnection(connectionString); connection.Open(); MessageBox.Show("Successfully connected to database"); String queryString = "select * from one_real_estate.signup_table where email_address = @U_Name"; command = new MySqlCommand(queryString, connection); command.Parameters.AddWithValue("@U_Name", UserN_TextBox.Text); reader = command.ExecuteReader(); if (reader.Read()) { retrivedHashedPassword = reader["password"].ToString(); SHA256_Encryption encryption = new SHA256_Encryption(); retrivedSalt = reader["salt"].ToString(); String passwordEntered = Password_TextBox.Text; regeneratedHashedPassword = encryption.GenerateSHA256Hash(passwordEntered, retrivedSalt); if (retrivedHashedPassword == regeneratedHashedPassword) { userName = reader["first_name"].ToString() + " " + reader["surname"].ToString(); Session["userNameFetched"] = userName; MessageBox.Show("Login Sucessful"); Response.BufferOutput = true; Response.Redirect("Login_Successful_Page.aspx", false); } else { MessageBox.Show("Invalid credentials. Please try again."); } } else { MessageBox.Show("Invalid credentials. Please try again."); } reader.Close(); connection.Close(); } catch (Exception ex) { reader.Close(); connection.Close(); MessageBox.Show("Login Failed. Please try again. " + ex); } }