private static string hashPassword(string pass) { var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; var random = new Random(); var result = new string(Enumerable.Repeat(chars, 32).Select(s => s[random.Next(s.Length)]).ToArray()); CCMSBusinessLayer md = new CCMSBusinessLayer(); string hash = ""; string source = pass + result; using (MD5 md5Hash = MD5.Create()) { hash = md.getMd5Hash(md5Hash, source); } string combinedPassword = hash + ":" + result; return(combinedPassword); }
protected void UserLogin(object sender, EventArgs e) { String cmdStr = null; string concatenateDomain = "@deerwalk.edu.np"; SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["dbConnection"].ConnectionString); //check whether the username contains @deerwalk.edu.np if (txtUserName.Text.Contains('@')) { cmdStr = "select UserId from Users where userEmail = '" + txtUserName.Text + "'"; } else { cmdStr = "select UserId from Users where userEmail = '" + txtUserName.Text + concatenateDomain + "'"; } SqlCommand CheckUser = new SqlCommand(cmdStr, con); con.Open(); object UserID = CheckUser.ExecuteScalar(); if (UserID != null) { if (Convert.ToInt32(UserID.ToString()) >= 1) { String cmdStr2 = "select password,Role,isPasswordUpdated from Users where UserId = " + UserID; SqlCommand pass = new SqlCommand(cmdStr2, con); SqlDataAdapter sqlAdapter = new SqlDataAdapter(); DataTable userDetail = new DataTable(); sqlAdapter.SelectCommand = pass; sqlAdapter.Fill(userDetail); CCMSBusinessLayer md = new CCMSBusinessLayer(); if (userDetail.Rows.Count > 0) { string inputPass = txtPassword.Text; string hash; string password = userDetail.Rows[0][0].ToString(); string isPasswordUpdated = userDetail.Rows[0][2].ToString(); if (password.Contains(':')) { string[] passSplit = password.Split(':'); string hashValue = passSplit[0]; string saltValue = passSplit[1]; string pass_salt = txtPassword.Text + saltValue; using (MD5 md5Hash = MD5.Create()) { hash = md.getMd5Hash(md5Hash, pass_salt); } if (hashValue == hash) { Session["UserId"] = UserID; Session["Role"] = userDetail.Rows[0][1].ToString(); Session["isPasswordUpdated"] = userDetail.Rows[0][2].ToString(); Session["password"] = txtPassword.Text; if (isPasswordUpdated.Equals("")) { Panel p = (Panel)Master.FindControl("menubar"); p.Visible = false; ContentPlaceHolder cp = (ContentPlaceHolder)Master.FindControl("menu"); cp.Visible = false; ContentPlaceHolder cpuser = (ContentPlaceHolder)Master.FindControl("menuuser"); cpuser.Visible = false; Response.Redirect("FirstLoginPasswordChange.aspx"); } else { Response.Redirect("TimeEntry.aspx"); } } else { lblMessage.Visible = true; lblMessage.ForeColor = Color.Red; lblMessage.Text = "Invalid password .........!!"; } } else { if (password == txtPassword.Text) { Session["UserId"] = UserID; Session["Role"] = userDetail.Rows[0][1].ToString(); Session["isPasswordUpdated"] = userDetail.Rows[0][2].ToString(); Session["password"] = txtPassword.Text; if (isPasswordUpdated.Equals("False")) { Response.Redirect("FirstLoginPasswordChange.aspx"); } else { Response.Redirect("TimeEntry.aspx"); } } else { lblMessage.Visible = true; lblMessage.ForeColor = Color.Red; lblMessage.Text = "Invalid password .........!!"; } } con.Close(); } else { lblMessage.Visible = true; lblMessage.ForeColor = Color.Red; lblMessage.Text = "Invalid userName.....!!"; } } } }
public void updatePassword(Object sender, EventArgs e) { if (!string.IsNullOrEmpty(originalPassword.Text) && !string.IsNullOrEmpty(newPassword.Text) && !string.IsNullOrEmpty(confirmedPassword.Text)) { if (originalPassword.Text != Session["password"].ToString()) { lblMessage.Visible = true; lblMessage.Text = "Original Password entry incorrect."; } else if (!Regex.Equals(confirmedPassword.Text, newPassword.Text)) { lblMessage.Visible = true; lblMessage.Text = "Password doesnot match."; } else { var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; var random = new Random(); var result = new string(Enumerable.Repeat(chars, 32).Select(s => s[random.Next(s.Length)]).ToArray()); CCMSBusinessLayer md = new CCMSBusinessLayer(); string hash = ""; string source = confirmedPassword.Text + result; using (MD5 md5Hash = MD5.Create()) { hash = md.getMd5Hash(md5Hash, source); } string combinedPassword = hash + ":" + result; CreateConnection(); cmd = new SqlCommand(); cmd.Connection = conDatabase; cmd.CommandText = "Update users set password = @password,isPasswordUpdated = 'true' where UserID = @User "; cmd.Parameters.AddWithValue("@password", combinedPassword); cmd.Parameters.AddWithValue("@User", Convert.ToInt32(Session["UserId"].ToString())); try { OpenConnection(); int affectedRows = cmd.ExecuteNonQuery(); if (affectedRows > 0) { ContinueAfterPasswordChange(); Session["password"] = confirmedPassword.Text; Session["isPasswordUpdated"] = "true"; } } catch (SqlException ex) { throw ex; } finally { if (conDatabase != null) { conDatabase.Close(); } } } } }