// populates the main user object field at the top of this class public string loadMainUserFromDb(string username, string password) { User user1 = new User(); user1.userName = username; // making sure user exists in database if (db.isObjectNameInDb(user1, username)) { user1 = (User)db.getObjectFromDbByName(user1, username); // making sure user has the correct password bool authenticPassword = SaltingHashing.AuthenticPass(password, user1.userPass, user1.userSalt); if (authenticPassword) { // setting main user mainUser = user1; return("Login successful."); } else { return("Our records do not show a user with the username and/or password entered."); } } else { return("Our records do not show a user with the username and/or password entered."); } }
// resets user password to a random password public string resetPassword(string username) { // checking to see if user exists if (db.isObjectNameInDb(new User(), username)) { User user1 = (User)db.getObjectFromDbByName(new User(), username); // blank string for password to concatenate with string tempPass = ""; // strings to hold potential password chars string alphaNums = "abcdefghijklmnopqrstuvwxyz0123456789"; string alphaCaps = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; string specials = "!@#$%^&*"; Random rand = new Random(); // concatenating password string with random picks making sure to include one uppercase and one special character tempPass += alphaCaps[rand.Next(0, alphaCaps.Length - 1)]; tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)]; tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)]; tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)]; tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)]; tempPass += alphaNums[rand.Next(0, alphaNums.Length - 1)]; tempPass += specials[rand.Next(0, specials.Length - 1)]; // SaltingHashing is used to encrypt the password // First variable in CreateSaltHash can be changed to increase or decrease length of hash SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, tempPass); string passwordHash = userHashSalt.passHash; string passwordSalt = userHashSalt.passSalt; user1.userPass = userHashSalt.passHash; user1.userSalt = userHashSalt.passSalt; // saving user db.updateDbFromObjectByName(user1); // email informing of change sendEmail(user1.userEmail, "Venzi: Password Reset", "Your password has been reset to " + tempPass + ". If you did not reset it yourself please contact the administrator."); return("A temporary password has been sent to your email."); } else { return("Our records do not show a user with this username."); } }
// creates a hashed password of the passed in length and creates a salt for the password public static SaltingHashing CreateSaltHash(int size, string password) { var saltSize = new byte[size]; var provider = new RNGCryptoServiceProvider(); provider.GetNonZeroBytes(saltSize); var salt = Convert.ToBase64String(saltSize); var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltSize, 10000); var rawHash = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256)); SaltingHashing hashSalt = new SaltingHashing { passHash = rawHash.ToString(), passSalt = salt.ToString() }; return(hashSalt); }
// creates a new user, returns string indicating success or type of error public string createNewUser(string username, string firstName, string lastName, string password, string usertype, string email) { // flags for each condition bool upper = false; bool lower = false; bool special = false; bool spaces = false; // validating user entry lengths if (valEntry(password, PASSWORDMIN, DEFAULTMAX) && valEntry(username, USERNAMEMIN, DEFAULTMAX) && valEntry(email, DEFAULTMIN, DEFAULTMAX) && valEntry(firstName, DEFAULTMIN, DEFAULTMAX) && valEntry(lastName, DEFAULTMIN, DEFAULTMAX)) { // for every char in password check to see if it meets each condition foreach (char ch in password) { if (Char.IsUpper(ch)) { upper = true; } if (Char.IsLower(ch)) { lower = true; } if (!Char.IsLetterOrDigit(ch)) { special = true; } } if (upper && lower && special) { // making sure username does not contain spaces foreach (char ch in username) { if (Char.IsWhiteSpace(ch)) { spaces = true; } } if (!spaces) { // validating email address if (sendEmail(email, "Venzi: Test", "This is a test email to validate your email address.") == "The email has been sent successfully") { // SaltingHashing is used to encrypt the password // First variable in CreateSaltHash can be changed to increase or decrease length of hash SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, password); string passwordHash = userHashSalt.passHash; string passwordSalt = userHashSalt.passSalt; // creating new user object User newUser = new User(); newUser.userName = username; newUser.userFirstName = firstName; newUser.userLastName = lastName; newUser.userPass = passwordHash; newUser.userTypeName = usertype; newUser.userEmail = email; newUser.userSalt = passwordSalt; // making sure email is unique if (!db.isObjectNameInDb(newUser, username)) { bool doesEmailAlreadyExist = false; List <User> allUsers = db.getAllFromTable(new User()).Cast <User>().ToList(); foreach (User i in allUsers) { if (i.userEmail.ToString() == newUser.userEmail) { doesEmailAlreadyExist = true; } } // if email is unique if (!doesEmailAlreadyExist) { // getting new user's type to check permissions UserType newUsersType = (UserType)ApplicationManager.i.getObjectFromDbByName(new UserType(), newUser.userTypeName); string returnMessage; // if the user is attempting to pick a user type with permissions above a 2 // it must be sent for approval. in the meantime it will be created as a Basic user if (newUsersType.userPermissionsLevel == 3 || newUsersType.userPermissionsLevel == 4) { UserTypeRequest request = new UserTypeRequest(); request.userTypeName = newUser.userTypeName; newUser.userTypeName = "Basic"; db.insertObjectIntoDb(newUser); newUser = (User)db.getObjectFromDbByName(newUser, username); request.userID = newUser.userID; db.insertObjectIntoDb(request); returnMessage = "The user has been created successfully. The user type selected requires " + "special permission from the administrator. A request has been made. In the meantime events " + "can be viewed under our basic user type. Please check your email for the result of the request."; } else { // if the user is attempting to pick a user type with permissions of 1 or 2 then let them db.insertObjectIntoDb(newUser); newUser = (User)db.getObjectFromDbByName(newUser, username); returnMessage = "The user has been created successfully."; } db.createItinerary(newUser); // send welcome email sendEmail(newUser.userEmail, "Venzi: Welcome", "Welcome! You will find our app to be the go-to software for planning and running a convention. " + "If you are a convention attendee you will find our app is great for scheduling " + "your own convention experience. " + "We hope you have a wonderful time."); return(returnMessage); } else { return("This email address is already in use."); } } else { return("This username already exists."); } } else { return("A valid email address must be used."); } } else { return("The username cannot contain spaces."); } } else { return("The password does not meet criteria."); } } else { return("The username, password, or email is not the correct length"); } }