} // end update username btn click

        protected void btnUpdatePassword_Click(object sender, EventArgs e)
        { // validate user input for password
            Session["remain"] = 1;

            Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");

            // make sure entered password matches criteria
            if (txtNewPassword.Text == "" || !regexPassword.IsMatch(txtNewPassword.Text))
            {
                lblPasswordError.Text = "Please enter your new password."; txtNewPassword.Text = "";
                txtNewPassword.CssClass += " is-invalid"; return;
            } // end check
            if (txtNewPassword.Text != txtConfirmPassword.Text)
            {
                txtConfirmPassword.CssClass += " is-invalid";
                txtConfirmPassword.Text = ""; return;
            }
            else
            {
                // has password
                byte[] saltArray = CryptoUtilities.GenerateSalt();
                byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, txtNewPassword.Text);

                SqlCommand objUpdatePass = new SqlCommand();
                objUpdatePass.CommandType = CommandType.StoredProcedure;
                objUpdatePass.CommandText = "TP_UpdatePassword";
                objUpdatePass.Parameters.AddWithValue("@userID", userID);
                objUpdatePass.Parameters.AddWithValue("@pass", hashPassword);
                objUpdatePass.Parameters.AddWithValue("@salt", saltArray);
                obj.DoUpdateUsingCmdObj(objUpdatePass, out string error);
                if (String.IsNullOrEmpty(error))
                {
                    txtConfirmPassword.Text = ""; txtNewPassword.Text = "";
                    txtNewPassword.CssClass = txtNewPassword.CssClass.Replace("is-invalid", "").Trim();
                    ClientScript.RegisterStartupScript(this.GetType(), "SuccessToast", "showSuccess();", true);

                    // ScriptManager.RegisterClientScriptBlock(this, GetType(), "alertMessage", @"alert('Successfully updated password')", true);
                }
            }
        } // end update password btn click
示例#2
0
        protected void btnCreateAccount_Click(object sender, EventArgs e)
        {
            //Basic validation


            divUsernameExists.Visible = false;
            divEmailExists.Visible    = false;

            string username        = txtUsername.Text;
            string email           = txtEmail.Text.Trim();
            string password        = txtPassword.Text;
            string passwordConfirm = txtConfirmPassword.Text;
            string firstName       = txtFName.Text;
            string lastName        = txtLName.Text;
            string AddressOne      = txtAddressOne.Text;
            string AddressTwo      = txtAddressTwo.Text;
            string city            = txtCity.Text;
            string state           = ddlState.SelectedValue;
            string zip             = txtZip.Text;

            string SQOne   = txtSecurityQOne.Text;
            string SQTwo   = txtSecurityQTwo.Text;
            string SQThree = txtSecurityQThree.Text;

            //
            //Regular Expressions sourced from http://regexlib.com
            //

            Regex regexEmail    = new Regex(@"^([\w\d\-\.]+)@{1}(([\w\d\-]{1,67})|([\w\d\-]+\.[\w\d\-]{1,67}))\.(([a-zA-Z\d]{2,4})(\.[a-zA-Z\d]{2})?)$");
            Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");
            Regex regexZip      = new Regex(@"(^\d{5}$)|(^\d{5}-\d{4}$)");

            txtUsername.CssClass        = txtUsername.CssClass.Replace("is-invalid", "").Trim();
            txtEmail.CssClass           = txtEmail.CssClass.Replace("is-invalid", "").Trim();
            txtPassword.CssClass        = txtPassword.CssClass.Replace("is-invalid", "").Trim();
            txtConfirmPassword.CssClass = txtConfirmPassword.CssClass.Replace("is-invalid", "").Trim();
            txtFName.CssClass           = txtFName.CssClass.Replace("is-invalid", "").Trim();
            txtLName.CssClass           = txtLName.CssClass.Replace("is-invalid", "").Trim();
            txtAddressOne.CssClass      = txtAddressOne.CssClass.Replace("is-invalid", "").Trim();
            txtAddressTwo.CssClass      = txtAddressTwo.CssClass.Replace("is-invalid", "").Trim();
            txtCity.CssClass            = txtCity.CssClass.Replace("is-invalid", "").Trim();
            ddlState.CssClass           = ddlState.CssClass.Replace("is-invalid", "").Trim();
            txtZip.CssClass             = txtZip.CssClass.Replace("is-invalid", "").Trim();

            txtSecurityQOne.CssClass   = txtSecurityQOne.CssClass.Replace("is-invalid", "").Trim();
            txtSecurityQTwo.CssClass   = txtSecurityQTwo.CssClass.Replace("is-invalid", "").Trim();
            txtSecurityQThree.CssClass = txtSecurityQThree.CssClass.Replace("is-invalid", "").Trim();

            ddlSecurityQOne.CssClass   = ddlSecurityQOne.CssClass.Replace("is-invalid", "").Trim();
            ddlSecurityQTwo.CssClass   = ddlSecurityQTwo.CssClass.Replace("is-invalid", "").Trim();
            ddlSecurityQThree.CssClass = ddlSecurityQThree.CssClass.Replace("is-invalid", "").Trim();


            Boolean trigger = false;

            if (username.Length <= 0)
            {
                trigger = true;
                txtUsername.CssClass += " is-invalid";
            }
            if (email.Length <= 0 || !regexEmail.IsMatch(email))
            {
                trigger            = true;
                txtEmail.CssClass += " is-invalid";
            }
            if (password.Length <= 0 || !regexPassword.IsMatch(password))
            {
                trigger = true;
                txtPassword.CssClass += " is-invalid";
                txtPassword.Text      = "";
            }
            if (password != passwordConfirm)
            {
                txtConfirmPassword.CssClass += " is-invalid";
                txtConfirmPassword.Text      = "";
            }
            if (firstName.Length <= 0)
            {
                trigger            = true;
                txtFName.CssClass += " is-invalid";
            }
            if (lastName.Length <= 0)
            {
                trigger            = true;
                txtLName.CssClass += " is-invalid";
            }
            if (AddressOne.Length <= 0)
            {
                trigger = true;
                txtAddressOne.CssClass += " is-invalid";
            }
            if (city.Length <= 0)
            {
                trigger           = true;
                txtCity.CssClass += " is-invalid";
            }
            if (state.Length <= 0)
            {
                trigger            = true;
                ddlState.CssClass += " is-invalid";
            }
            if (zip.Length <= 0 || !regexZip.IsMatch(zip))
            {
                trigger          = true;
                txtZip.CssClass += " is-invalid";
            }
            if (SQOne.Length <= 0)
            {
                trigger = true;
                txtSecurityQOne.CssClass += " is-invalid";
            }
            if (SQTwo.Length <= 0)
            {
                trigger = true;
                txtSecurityQTwo.CssClass += " is-invalid";
            }
            if (SQThree.Length <= 0)
            {
                trigger = true;
                txtSecurityQThree.CssClass += " is-invalid";
            }
            if (ddlSecurityQOne.SelectedValue == "")
            {
                trigger = true;
                ddlSecurityQOne.CssClass += " is-invalid";
            }
            if (ddlSecurityQTwo.SelectedValue == "")
            {
                trigger = true;
                ddlSecurityQTwo.CssClass += " is-invalid";
            }
            if (ddlSecurityQThree.SelectedValue == "")
            {
                trigger = true;
                ddlSecurityQThree.CssClass += " is-invalid";
            }

            if (trigger)
            {
            }
            else
            {
                //Password Salting & Hashing
                byte [] saltArray    = CryptoUtilities.GenerateSalt();
                byte[]  hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password);

                commandObj.Parameters.Clear();
                commandObj.CommandType = CommandType.StoredProcedure;
                commandObj.CommandText = "TP_CreateUser";

                SqlParameter inputUsername = new SqlParameter("@username", username)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };
                SqlParameter inputPassword = new SqlParameter("@password", hashPassword)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarBinary
                };
                SqlParameter inputSalt = new SqlParameter("@salt", saltArray)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarBinary
                };
                SqlParameter inputEmail = new SqlParameter("@emailAddress", email)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };
                SqlParameter inputFirstName = new SqlParameter("@firstName", firstName)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };
                SqlParameter inputLastName = new SqlParameter("@lastName", lastName)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };

                SqlParameter inputBilling = new SqlParameter("@billing", AddressOne)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };

                SqlParameter inputCity = new SqlParameter("@city", city)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };
                SqlParameter inputState = new SqlParameter("@state", state)
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };
                SqlParameter inputZip = new SqlParameter("@zip", Convert.ToInt32(zip))
                {
                    Direction = ParameterDirection.Input,

                    SqlDbType = SqlDbType.VarChar
                };
                SqlParameter outputUsernameExists = new SqlParameter("@UsernameExists", SqlDbType.Int)
                {
                    Direction = ParameterDirection.Output
                };
                SqlParameter outputEmailExists = new SqlParameter("@EmailExists", SqlDbType.Int)
                {
                    Direction = ParameterDirection.Output
                };
                SqlParameter outputNewUserID = new SqlParameter("@NewUserID", SqlDbType.Int)
                {
                    Direction = ParameterDirection.Output
                };
                commandObj.Parameters.Add(inputUsername);
                commandObj.Parameters.Add(inputPassword);
                commandObj.Parameters.Add(inputSalt);
                commandObj.Parameters.Add(inputEmail);
                commandObj.Parameters.Add(inputFirstName);
                commandObj.Parameters.Add(inputLastName);
                commandObj.Parameters.Add(inputBilling);
                commandObj.Parameters.Add(inputCity);
                commandObj.Parameters.Add(inputState);
                commandObj.Parameters.Add(inputZip);
                commandObj.Parameters.Add(outputNewUserID);

                commandObj.Parameters.Add(outputEmailExists);
                commandObj.Parameters.Add(outputUsernameExists);


                if (dbConnection.DoUpdateUsingCmdObj(commandObj, out string exception) == -2)
                {
                    ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
                }
                else
                {
                    //Two output parameters tell us if the username or email exists
                    if (Int32.Parse(outputUsernameExists.Value.ToString()) == 1)
                    {
                        divUsernameExists.Visible = true;
                    }
                    if (Int32.Parse(outputEmailExists.Value.ToString()) == 1)
                    {
                        divEmailExists.Visible = true;
                    }
                    if (!(Int32.Parse(outputUsernameExists.Value.ToString()) == 1 && (Int32.Parse(outputEmailExists.Value.ToString()) == 1)))
                    {
                        //If we pass the checks, then also update the security questions

                        commandObj.Parameters.Clear();
                        commandObj.CommandType = CommandType.StoredProcedure;
                        commandObj.CommandText = "TP_UpdateSecurityQuestions";
                        DataTable dtSecurityQuestions = new DataTable();
                        dtSecurityQuestions.Columns.Add("UserId", typeof(int));
                        dtSecurityQuestions.Columns.Add("QuestionID", typeof(int));
                        dtSecurityQuestions.Columns.Add("QuestionAnswer", typeof(string));

                        DataRow newRow = dtSecurityQuestions.NewRow();
                        newRow["UserId"]         = Int32.Parse(outputNewUserID.Value.ToString());
                        newRow["QuestionId"]     = Int32.Parse(ddlSecurityQOne.SelectedValue);
                        newRow["QuestionAnswer"] = txtSecurityQOne.Text;
                        dtSecurityQuestions.Rows.Add(newRow);

                        newRow                   = dtSecurityQuestions.NewRow();
                        newRow["UserId"]         = Int32.Parse(outputNewUserID.Value.ToString());
                        newRow["QuestionId"]     = Int32.Parse(ddlSecurityQTwo.SelectedValue);
                        newRow["QuestionAnswer"] = txtSecurityQTwo.Text;
                        dtSecurityQuestions.Rows.Add(newRow);

                        newRow                   = dtSecurityQuestions.NewRow();
                        newRow["UserId"]         = Int32.Parse(outputNewUserID.Value.ToString());
                        newRow["QuestionId"]     = Int32.Parse(ddlSecurityQThree.SelectedValue);
                        newRow["QuestionAnswer"] = txtSecurityQThree.Text;
                        dtSecurityQuestions.Rows.Add(newRow);

                        commandObj.Parameters.AddWithValue("@SecurityQuestions", dtSecurityQuestions);
                        commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString());
                        if (dbConnection.DoUpdateUsingCmdObj(commandObj, out exception) == -2)
                        {
                            ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
                        }
                        else
                        {
                            // insert empty list of prefs
                            insertPreferences(Convert.ToInt32(outputNewUserID.Value.ToString()));
                            Session["RegisteringUserID"] = outputNewUserID;


                            //Generate a random verification code using the crypto provider
                            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
                            byte[] random = new byte[16];
                            rng.GetBytes(random);

                            string rngString = Convert.ToBase64String(random);
                            string trimmed   = rngString.Substring(0, rngString.Length - 2);

                            // send email
                            string      sendAdd = "*****@*****.**";
                            MailMessage msg     = new MailMessage();
                            msg.To.Add(new MailAddress(@email));
                            msg.Subject    = "QUERY Welcome Email";
                            msg.From       = new MailAddress(sendAdd);
                            msg.IsBodyHtml = true;
                            msg.Body       = "<div> Thank you for signing up for Query.com! <Br><BR> You have successfully " +
                                             "created an account. To verify, please enter the verification code: <strong>" + trimmed +
                                             "</strong><Br><BR> <div>";
                            SmtpClient smtp = new SmtpClient("smtp.gmail.com", 587);
                            smtp.Credentials = new System.Net.NetworkCredential(sendAdd, "CIS3342TermProject");
                            smtp.EnableSsl   = true;

                            smtp.Send(msg);
                            Session["email"] = email;



                            commandObj.Parameters.Clear();
                            commandObj.CommandType = CommandType.StoredProcedure;
                            commandObj.CommandText = "TP_InsertVerification";

                            commandObj.Parameters.AddWithValue("@UserID", outputNewUserID.Value.ToString());
                            commandObj.Parameters.AddWithValue("@code", trimmed);


                            DBConnect OBJ = new DBConnect();
                            if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) != -2)
                            {
                                Response.Redirect("Verification.aspx");
                            }
                            else
                            {
                                ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
                            } // end inner else
                        }     // end outter else
                    }         // end inner if
                }             // end outter else
            }                 // end outermose else
        }                     // end button click - create account
        protected void btnChangePass_Click(object sender, EventArgs e)
        {
            string password        = txtNewPass.Text;
            string passwordConfirm = txtConfirmPass.Text;

            Regex regexPassword = new Regex(@"^(?=.*\d).{7,20}$");

            bool trigger = false;

            //Validate password; Make sure it passes regex and matches the confirm password input

            if (password.Length <= 0 || !regexPassword.IsMatch(password))
            {
                trigger              = true;
                txtNewPass.CssClass += " is-invalid";
                txtNewPass.Text      = "";
            }
            if (password != passwordConfirm)
            {
                trigger = true;
                txtConfirmPass.CssClass += " is-invalid";
                txtConfirmPass.Text      = "";
            }
            if (!trigger)
            {
                //Salt the password and update it in the db

                //Password Salting & Hashing
                byte[] saltArray    = CryptoUtilities.GenerateSalt();
                byte[] hashPassword = CryptoUtilities.CalculateMD5Hash(saltArray, password);
                try
                {
                    SqlCommand commandObj = new SqlCommand();
                    commandObj.Parameters.Clear();
                    commandObj.CommandType = CommandType.StoredProcedure;
                    commandObj.CommandText = "TP_UpdatePassword";

                    commandObj.Parameters.AddWithValue("@userID", Session["VerifyingID"].ToString());
                    commandObj.Parameters.AddWithValue("@pass", hashPassword);
                    commandObj.Parameters.AddWithValue("@salt", saltArray);

                    DBConnect OBJ = new DBConnect();
                    if (OBJ.DoUpdateUsingCmdObj(commandObj, out string err) == -2)
                    {
                        ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
                    }
                    else
                    {
                        divSuccess.Visible        = true;
                        divChangePassword.Visible = false;
                    }
                }
                catch
                {
                    ClientScript.RegisterStartupScript(this.GetType(), "FailureToast", "showDBError();", true);
                }
            }
            else
            {
                divInvalidPassword.Visible = true;
            }
        }