//Add new user
public static bool addUser(string email, string phone, string password)
{
string keyGen = KeyIvGenerator(32);
string ivGen = KeyIvGenerator(16);
// Encryption for Email
// byte[] EmailByte = System.Text.Encoding.UTF8.GetBytes(email);
// byte[] encryptedEmail = EncryptAES256(EmailByte, keyGen, ivGen);
byte[] phoneByte = System.Text.Encoding.UTF8.GetBytes(phone);
byte[] encryptedPhone = EncryptAES256(phoneByte, keyGen, ivGen);
//byte[] passwordByte = System.Text.Encoding.UTF8.GetBytes(password);
//byte[] encryptedpassword = EncryptAES256(passwordByte, keyGen, ivGen);
Guid userGuid = System.Guid.NewGuid();
string hashedPassword = SecurityHash.HashSHA1(password + userGuid.ToString());
Guid emailGuid = System.Guid.NewGuid();
DateTime currentEmailTime = DateTime.Now;
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["SecureNetCon"].ConnectionString);
using (SqlCommand cmd = new SqlCommand
("INSERT INTO [Users](userEmail, userMaster, userPhone, userGuid, codeGuid, timeSavedGuid, timeLockedOut) values (@userEmail, @userMaster, @userPhone, @userGuid, @codeGuid, @timeSavedGuid, @timeLockedOut)", Users.GetConnection()))
{
cmd.Parameters.AddWithValue("@userEmail", email);
//cmd.Parameters.AddWithValue("@userMaster", encryptedpassword);
cmd.Parameters.AddWithValue("@userMaster", hashedPassword); //store hashed value
cmd.Parameters.AddWithValue("@userPhone", encryptedPhone);
cmd.Parameters.AddWithValue("@userGuid", userGuid);
cmd.Parameters.AddWithValue("@codeGuid", emailGuid);
cmd.Parameters.AddWithValue("@timeSavedGuid", currentEmailTime);
cmd.Parameters.AddWithValue("@timeLockedOut", currentEmailTime);
con.Open();
SqlCommand cmd2 = new SqlCommand("INSERT into UserValue(userEmail,userKey,userIV)"
+ "VALUES(@userEmail,@userKey,@userIV)", Users.GetConnection());
cmd2.Parameters.Add(new SqlParameter("@userEmail", SqlDbType.NVarChar, 32));
cmd2.Parameters.Add(new SqlParameter("@userKey", SqlDbType.NVarChar, 32));
cmd2.Parameters.Add(new SqlParameter("@userIV", SqlDbType.NVarChar, 16));
cmd2.Prepare();
cmd2.Parameters["@userEmail"].Value = email;
cmd2.Parameters["@userKey"].Value = keyGen;
cmd2.Parameters["@userIV"].Value = ivGen;
cmd2.ExecuteNonQuery();
cmd.ExecuteNonQuery();
con.Close();
}
return(true);
}
public static int GetUserIdByEmailAndPassword(string userEmail, string masterPass)
{
// this is the value we will return
int userId = 0;
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["SecureNetCon"].ConnectionString);
using (
SqlCommand cmd =
new SqlCommand("SELECT userID, userMaster, userPhone, userguid FROM [Users] WHERE userEmail=@userEmail", GetConnection()))
{
cmd.Parameters.AddWithValue("@userEmail", userEmail);
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
// read data from database if we found any user
int dbUserId = Convert.ToInt32(dr["userID"]);
string dbPassword = Convert.ToString(dr["userMaster"]);
string dbUserGuid = Convert.ToString(dr["userguid"]);
// Now we hash the UserGuid from the database with the password we want to check
// In the same way as saving it to the database in the first place.
string hashedPassword = SecurityHash.HashSHA1(masterPass + dbUserGuid);
using (
SqlCommand cmd2 = new SqlCommand("SELECT * FROM [UserValue] WHERE userEmail=@userEmail", GetConnection()))
{
cmd2.Parameters.AddWithValue("@userEmail", userEmail);
SqlDataReader dr2 = cmd2.ExecuteReader();
while (dr2.Read())
{
string userKey = Convert.ToString(dr2["userKey"]);
string userIV = Convert.ToString(dr2["userIV"]);
byte[] decryptPhone = DecryptAES256((byte[])dr["userPhone"], userKey, userIV);
string decryptedPhone = System.Text.Encoding.UTF8.GetString(decryptPhone);
string phoneNumber = decryptedPhone;
}
}
// SqlCommand cmd1 =new SqlCommand ("SELECT verified FROM [Users] WHERE Username=@Username", con);
// if its correct password the result of the hash is the same as in the database
if (dbPassword == hashedPassword)
{
// The password is correct
userId = dbUserId;
}
else
{
}
}
}
// Return the user id which is 0 if we did not found a user.
return(userId);
}
