private bool hasValidCredentials(DataTable inputDataTable, String userInputPassword)
{
//Verificare existenta date in DataTable
if (inputDataTable != null && inputDataTable.Rows.Count == 1)
{
//Se extrage salt si hashcode-ul parolei
byte[] salt = (byte[])inputDataTable.Rows[0].ItemArray[2];
String storedHash = inputDataTable.Rows[0].ItemArray[3].ToString();
PasswordSecurityManager securityManager = new PasswordSecurityManager();
//Se genereaza hashcode-ul parolei introduse de utilizator la autentificare
String actualHash = securityManager.createPasswordHash(userInputPassword, salt);
//Se compara daca cele doua hashcode-uri sunt identice
return(storedHash.Equals(actualHash));
}
return(false);
}
private void registerButton_Click(object sender, EventArgs e)
{
string userName = userNameTextBox.Text;
string password = passwordTextBox.Text;
string emailAddress = emailTextBox.Text;
if (!isValidUserName(userName))
{
MessageBox.Show("The username must have at least 3 characters and can contain only lowercase(a-z) and uppercase(A-Z) letters, digits(0-9) and underscores(_)!", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning);
return;
}
if (password.Length < minimumPasswordLength)
{
MessageBox.Show("Your password should be at least 10 characters long! Please try again.", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning);
return;
}
if (!isValidPassword(password))
{
MessageBox.Show("Invalid password! Your password must contain:\n1.Lowercase and uppercase letters (a-zA-z) \n2.Digits (0-9) \n3.Special characters (@#$%<>?)", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning);
return;
}
if (!isValidEmail(emailAddress))
{
MessageBox.Show("Invalid email address!", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Warning);
return;
}
if (userExists(getUser(sqlStatementCheckUserExistence, userName)))
{
MessageBox.Show("The selected username already exists! Please try again", "User registration", MessageBoxButtons.OK, MessageBoxIcon.Stop);
return;
}
ConfirmationSender emailSender = new ConfirmationSender();
string emailSubject = "New user creation";
string emailBody = "A user creation request was made for an account that will associated to this email address.\nPlease enter the following code to finish user creation process and confirm your email: {0} \nIf you have not made such a request please ignore this email and delete it.";
string onSuccessMessage = "An email containing the confirmation code for the new user creation was sent to the specified email address";
string parentWindowName = "Register";
string generatedConfirmationCode = emailSender.generateConfirmationCode();
emailSender.sendConfirmationEmail(emailAddress, emailSubject, emailBody, generatedConfirmationCode, onSuccessMessage, parentWindowName);
String userInputConfirmationCode = Interaction.InputBox("Enter the code received on your email to finish the user creation process:", "Confirmation Code", "Enter code", 200, 200);
if (emailSender.confirmationCodesMatch(generatedConfirmationCode, userInputConfirmationCode))
{
PasswordSecurityManager securityManager = new PasswordSecurityManager();
byte[] salt = securityManager.getSalt(16);
string hashCode = securityManager.createPasswordHash(password, salt);
MySqlCommand userCreationCommand = SQLCommandBuilder.getNewUserCreationCommand(sqlStatementCreateNewUser, userName, salt, hashCode, emailAddress);
int executionResult = DBConnectionManager.insertData(userCreationCommand);
if (executionResult == -1)
{
MessageBox.Show("Could not create the requested user!", "Register", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
MessageBox.Show("Your user was succesfully created!", "Register", MessageBoxButtons.OK, MessageBoxIcon.Information);
clearInputFields(textBoxes);
registerButton.Enabled = false;
}
else
{
MessageBox.Show("Invalid confirmation code! Please try again.", "Register", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public PasswordResetManager()
{
this.securityManager = new PasswordSecurityManager();
}