protected void Button1_Click(object sender, EventArgs e)
{
string usernameee = TextBox1.Text.Trim();
UserCustomer cu = new UserCustomer();
cu = cu.getAllDataByName(usernameee);
if (cu == null)
{
Label2.Text = "Invalid user";
}
else
{
Label2.Text = "";
string username = TextBox1.Text.Trim();
string Nric = TextBox6.Text.Trim();
string phoneNumber = TextBox5.Text.Trim();
string email = TextBox3.Text.Trim();
string birthday = TextBox2.Text.Trim();
UserCustomer dsa = new UserCustomer();
string dbgetPo = dsa.getAllDataByName(username).ForgetHash;
string checkVali = HiddenFieldCheckForValBu.Value.Trim();
System.Diagnostics.Debug.Write("ds" + checkVali);
if (dbgetPo.Equals(checkVali))
{
Session["forgetPassTosaveusername"] = username;
Session["forgetPassTosavenric"] = Nric;
Session["forgetPassTosavephoneNumber"] = phoneNumber;
Session["forgetPassTosaveemail"] = email;
Session["forgetPassTosavebirthday"] = birthday;
Response.Redirect("EmailOtp.aspx");
}
else
{
Label1.Text = "*One of the fields you have entered is incorrect";
}
}
// Tzwilio d = new Tzwilio("+6598517761","testung");
// d.choasSms();
// EmailSender s = new EmailSender("Aravin", "*****@*****.**","21/09/1997","Hi, Reagrds");
// s.SendSimpleMessage();
}
// protected void forgetpassword(object sender, EventArgs e)
// {
// Response.Redirect("2faLogin.aspx", false);
// }
protected void Button1_Click(object sender, EventArgs e)
{
UserCustomer ssdsd = new UserCustomer();
ssdsd = ssdsd.getAllDataByName(Session["usernameLogin"].ToString());
int cuas = ssdsd.Attempt;
System.Diagnostics.Debug.WriteLine(cuas);
if (cuas < 3)
{
string username = (string)Session["usernameLogin"];
UserCustomer su = new UserCustomer();
su = su.getAllDataByName(username);
//getting salt and hash from db based on username
string salt = su.Passwordsalt;
string hashvalueToCheck = su.Passwordhash;
//server hashing
string hashvalClient = TextBox2.Text;
string combine = hashvalClient + salt;
SHA512Managed hashing = new SHA512Managed();
byte[] serverHashwithSaltHashed = hashing.ComputeHash(Encoding.UTF8.GetBytes(combine));
//converting bytes to base64
string finalval = Convert.ToBase64String(serverHashwithSaltHashed);
System.Diagnostics.Debug.WriteLine(finalval);
//validation
if (hashvalueToCheck == finalval)
{
Session["accountLoginVerified"] = "true";
Session["md5Store"] = hashvalClient;
Response.Redirect("2faLogin.aspx", false);
}
else
{
UserCustomer sd = new UserCustomer();
UserCustomer users = new UserCustomer();
users = sd.getAllDataByName(username);
int curreatt = users.Attempt;
sd.updateuserattempts(username, curreatt + 1);
Labelerr.Text = "You have entered a Incorrect password";
}
}
else
{
Labelerr.Text = "Account locked, you had 3 failed logon attempts";
}
}
protected void Button1_Click(object sender, EventArgs e)
{
string passhashfromform = TextBox1.Text.Trim();
//look here
Session["md5hashforforgetpassplsthx"] = passhashfromform;
System.Diagnostics.Debug.WriteLine(passhashfromform);
string nricFromform = HiddenFieldNricEncrypted.Value;
string bdfromform = HiddenFieldBirthdayEncrypted.Value;
UserCustomer cs = new UserCustomer();
string saltFrodb = cs.getAllDataByName(Session["forgetPassTosaveusername"].ToString()).Passwordsalt;
byte[] saltpls = Convert.FromBase64String(saltFrodb);
string phonepl = Session["forgetPassTosavephoneNumber"].ToString();
string emailps = Session["forgetPassTosaveemail"].ToString();
string encryptedNric = encryptData(nricFromform, passhashfromform, saltpls);
string encryptebirthdayc = encryptData(bdfromform, passhashfromform, saltpls);
string encryptephone = encryptData(phonepl, passhashfromform, saltpls);
string encryptemail = encryptData(emailps, passhashfromform, saltpls);
Session["encryptedforforgetpassthxnric"] = encryptedNric;
Session["encryptedforforgetpassthxbirthday"] = encryptebirthdayc;
Session["encryptedforforgetpassthxphone"] = encryptephone;
Session["encryptedforforgetpassthxemail"] = encryptemail;
Session["sha1askeyforcleintx"] = HiddenFieldsha1fornextuser.Value;
//label sucess
Response.Redirect("addressConfirm.aspx");
}
protected void CustomValidator1_OnServerValidate(object source, ServerValidateEventArgs args)
{
string username = Server.HtmlEncode(TextBox1.Text);
UserCustomer cu = new UserCustomer();
cu = cu.getAllDataByName(username);
if (cu == null)
{
args.IsValid = false;
}
else
{
args.IsValid = true;
}
}
protected void Button1_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
UserCustomer ds = new UserCustomer();
UserCustomer aq = new UserCustomer();
aq = ds.getAllDataByName(TextBox1.Text);
int att = aq.Attempt;
if (att < 3)
{
Session["usernameLogin"] = Server.HtmlEncode(TextBox1.Text);
Response.Redirect("passwordlogin.aspx");
}
else
{
Labelatte.Text = "Account locked, you had 3 failed logon attempts";
}
}
}
protected void Button100_Click(object sender, EventArgs e)
{
string username = (string)Session["usernameLogin"];
string md5hash = (string)Session["md5Store"];
UserCustomer cu = new UserCustomer();
cu = cu.getAllDataByName(username);
string salt = cu.Passwordsalt;
string firstNameCipher = cu.FirstName;
string lastNameCipher = cu.LastName;
string nricCipher = cu.Nric;
string phone = cu.PhoneNo;
byte[] salttoByte = Convert.FromBase64String(salt);
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(md5hash, salttoByte);
RijndaelManaged cipher = new RijndaelManaged();
//set key and initialisation vec from rfc
cipher.Key = pdb.GetBytes(32);
cipher.IV = pdb.GetBytes(16);
ICryptoTransform decryptTransform = cipher.CreateDecryptor();
byte[] cipherphone = Convert.FromBase64String(phone);
byte[] plaintextPhone = decryptTransform.TransformFinalBlock(cipherphone, 0, cipherphone.Length);
string resultPhone = Encoding.UTF8.GetString(plaintextPhone);
//save current date and time at the point of request
DateTime timeofrequesttimeout = DateTime.Now.AddSeconds(30);
System.Diagnostics.Debug.WriteLine(timeofrequesttimeout);
Session["2faotptimeoutdatetimecheckthis"] = timeofrequesttimeout;
Random rnd = new Random();
string digit = rnd.Next(999999).ToString();
Session["rngPhoneL"] = digit;
System.Diagnostics.Debug.WriteLine(digit);
//uncomment this
string resPhone = "+65" + resultPhone;
Tzwilio g = new Tzwilio(resPhone, digit);
g.choasSms();
}
protected void Button1_Click(object sender, EventArgs e)
{
UserCustomer cs = new UserCustomer();
string saltFrodb = cs.getAllDataByName(Session["forgetPassTosaveusername"].ToString()).Passwordsalt;
byte[] saltpls = Convert.FromBase64String(saltFrodb);
//pass from form
string passfromform = Session["md5hashforforgetpassplsthx"].ToString();
//hash on server side
SHA512Managed hashing = new SHA512Managed();
string finalHashval;
string serverhashwithSaltText = passfromform + saltFrodb;
System.Diagnostics.Debug.WriteLine("combining salt" + serverhashwithSaltText);
byte[] serverHashwithSaltHashed = hashing.ComputeHash(Encoding.UTF8.GetBytes(serverhashwithSaltText));
System.Diagnostics.Debug.WriteLine("Server hashed value before convert" + serverHashwithSaltHashed);
finalHashval = Convert.ToBase64String(serverHashwithSaltHashed);
System.Diagnostics.Debug.WriteLine("Server hashed value " + finalHashval);
//get
string encryptedfirstname = HiddenFieldFirstNameEncrypted.Value;
string encryptedlastname = HiddenFieldLastNameEncrypted.Value;
string encrypaddress = HiddenFieldAddressEncrypted.Value;
System.Diagnostics.Debug.WriteLine("dasdsa" + encryptedfirstname);
System.Diagnostics.Debug.WriteLine(encryptedlastname);
System.Diagnostics.Debug.WriteLine(encrypaddress);
string passhashfromform = Session["md5hashforforgetpassplsthx"].ToString();
string savetofirstname = encryptData(encryptedfirstname, passhashfromform, saltpls);
string savetolastanme = encryptData(encryptedlastname, passhashfromform, saltpls);
string savetoaddress = encryptData(encrypaddress, passhashfromform, saltpls);
string encryptednric = Session["encryptedforforgetpassthxnric"].ToString();
string encryptedbirthday = Session["encryptedforforgetpassthxbirthday"].ToString();
string encryotedphone = Session["encryptedforforgetpassthxphone"].ToString();
string encryptedemail = Session["encryptedforforgetpassthxemail"].ToString();
string usernamm = Session["forgetPassTosaveusername"].ToString();
UserCustomer asc = new UserCustomer();
asc.updateforForgetpass(usernamm, finalHashval, encryotedphone, savetoaddress, savetofirstname, savetolastanme, encryptedemail, encryptedbirthday, encryptednric);
asc.updateuserattempts(usernamm, 0);
Response.Redirect("successForgetPass.aspx");
}
protected void Page_Load(object sender, EventArgs e)
{
string retrievemd5hash = TextBox6.Text;
string salt = TextBox5.Text;
System.Diagnostics.Debug.WriteLine("retrieved md5 val" + retrievemd5hash);
System.Diagnostics.Debug.WriteLine("salt value" + salt);
string serversidecombine = retrievemd5hash + salt;
System.Diagnostics.Debug.WriteLine("serverside combine" + serversidecombine);
SHA512Managed hashing = new SHA512Managed();
byte[] serverHashwithSaltHashed = hashing.ComputeHash(Encoding.UTF8.GetBytes(serversidecombine));
string finalHashval = Convert.ToBase64String(serverHashwithSaltHashed);
System.Diagnostics.Debug.WriteLine("serverside final hash val" + finalHashval);
//decr
byte[] Key;
byte[] IV;
System.Diagnostics.Debug.WriteLine("new te---------------------------------------------------------------");
RijndaelManaged cipher = new RijndaelManaged();
cipher.GenerateKey();
Key = cipher.Key;
IV = cipher.IV;
System.Diagnostics.Debug.Write("The guy key: ");
for (int i = 0; i < Key.Length; i++)
{
System.Diagnostics.Debug.Write(Key[i] + " ");
}
System.Diagnostics.Debug.Write("IV: ");
for (int i = 0; i < IV.Length; i++)
{
System.Diagnostics.Debug.Write(IV[i] + " ");
}
System.Diagnostics.Debug.WriteLine("The guy key: " + Key);
System.Diagnostics.Debug.WriteLine("IV: " + IV);
System.Diagnostics.Debug.WriteLine("Testing Retrieve Mtd ");
UserCustomer custTest = new UserCustomer();
custTest = custTest.getAllDataByName("123");
System.Diagnostics.Debug.WriteLine("username " + custTest.Username);
System.Diagnostics.Debug.WriteLine("hash " + custTest.Passwordhash);
System.Diagnostics.Debug.WriteLine("salt " + custTest.Passwordsalt);
System.Diagnostics.Debug.WriteLine("PhoneNo " + custTest.PhoneNo);
System.Diagnostics.Debug.WriteLine("Address " + custTest.Address);
System.Diagnostics.Debug.WriteLine("FirstName " + custTest.FirstName);
System.Diagnostics.Debug.WriteLine("LastName " + custTest.LastName);
System.Diagnostics.Debug.WriteLine("Email " + custTest.Email);
System.Diagnostics.Debug.WriteLine("Birthday " + custTest.Birthday);
System.Diagnostics.Debug.WriteLine("EmailVerified " + custTest.EmailVerified);
System.Diagnostics.Debug.WriteLine("PhoneVerified " + custTest.PhoneVerified);
System.Diagnostics.Debug.WriteLine("Nric " + custTest.Nric);
}