//Creaza comanda SQL de actualizarea a datelor in baza de date utilizand ca parametri un sir de bytes, hashcode-ul parolei si id-ul usrrului care cere resetarea parolei private int updatePassword(byte[] inputSalt, String inputHash, int userID) { MySqlCommand updatePasswordCommand = SQLCommandBuilder.getUpdatePasswordCommand(sqlStatementUpdatePassword, inputSalt, inputHash, userID); //Trimite comanda pt a fi executata de metoda specializata a clasei DBConnectionManager int executionResult = DBConnectionManager.insertData(updatePasswordCommand); return(executionResult); }
private void writeAuthenticationDataToDB(byte[] salt, String hashedPassword, int userID) { String sqlStatementInsertAuthenticationData = @"UPDATE users SET users.salt = @paramSalt, users.password = @paramPassword WHERE users.userID = @paramID"; MySqlCommand insertCommand = new MySqlCommand(sqlStatementInsertAuthenticationData); insertCommand.Parameters.AddWithValue("@paramSalt", salt); insertCommand.Parameters.AddWithValue("@paramPassword", hashedPassword); insertCommand.Parameters.AddWithValue("@paramID", userID); DBConnectionManager.insertData(insertCommand); }
private void registerButton_Click(object sender, EventArgs e) { string userName = userNameTextBox.Text; string password = passwordTextBox.Text; string emailAddress = emailTextBox.Text; if (!isValidUserName(userName)) { MessageBox.Show("The username must have at least 3 characters and can contain only lowercase(a-z) and uppercase(A-Z) letters, digits(0-9) and underscores(_)!", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } if (password.Length < minimumPasswordLength) { MessageBox.Show("Your password should be at least 10 characters long! Please try again.", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } if (!isValidPassword(password)) { MessageBox.Show("Invalid password! Your password must contain:\n1.Lowercase and uppercase letters (a-zA-z) \n2.Digits (0-9) \n3.Special characters (@#$%<>?)", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } if (!isValidEmail(emailAddress)) { MessageBox.Show("Invalid email address!", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning); return; } if (userExists(getUser(sqlStatementCheckUserExistence, userName))) { MessageBox.Show("The selected username already exists! Please try again", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Stop); return; } ConfirmationSender emailSender = new ConfirmationSender(); string emailSubject = "New user creation"; string emailBody = "A user creation request was made for an account that will associated to this email address.\nPlease enter the following code to finish user creation process and confirm your email: {0} \nIf you have not made such a request please ignore this email and delete it."; string onSuccessMessage = "An email containing the confirmation code for the new user creation was sent to the specified email address"; string parentWindowName = "Register"; string generatedConfirmationCode = emailSender.generateConfirmationCode(); emailSender.sendConfirmationEmail(emailAddress, emailSubject, emailBody, generatedConfirmationCode, onSuccessMessage, parentWindowName); String userInputConfirmationCode = Interaction.InputBox("Enter the code received on your email to finish the user creation process:", "Confirmation Code", "Enter code", 200, 200); if (emailSender.confirmationCodesMatch(generatedConfirmationCode, userInputConfirmationCode)) { PasswordSecurityManager securityManager = new PasswordSecurityManager(); byte[] salt = securityManager.getSalt(16); string hashCode = securityManager.createPasswordHash(password, salt); MySqlCommand userCreationCommand = SQLCommandBuilder.getNewUserCreationCommand(sqlStatementCreateNewUser, userName, salt, hashCode, emailAddress); int executionResult = DBConnectionManager.insertData(userCreationCommand); if (executionResult == -1) { MessageBox.Show("Could not create the requested user!", "Register", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } MessageBox.Show("Your user was succesfully created!", "Register", MessageBoxButtons.OK, MessageBoxIcon.Information); clearInputFields(textBoxes); registerButton.Enabled = false; } else { MessageBox.Show("Invalid confirmation code! Please try again.", "Register", MessageBoxButtons.OK, MessageBoxIcon.Error); } }