internal static bool changePassword(Credentials newPassword) { String database = DatabaseConnectionManager.getDatabaseConnectionString(); using (OleDbConnection sqlConn = new OleDbConnection(database)) { try { sqlConn.Open(); String update = "UPDATE [PASSWORD] SET [password] = @password, [salt] = @salt WHERE [password_id] = @userId"; OleDbCommand cmd = new OleDbCommand(update, sqlConn); cmd.Parameters.Add("password", OleDbType.VarChar, 255).Value = newPassword.getPassword(); cmd.Parameters.Add("salt", OleDbType.VarChar, 255).Value = newPassword.getSalt(); cmd.Parameters.Add("userId", OleDbType.Integer).Value = newPassword.getUserId(); int rows = cmd.ExecuteNonQuery(); if (rows == 1) { return true; } else return false; } catch(OleDbException ex) { return false; } finally { sqlConn.Close(); } } }
private Credentials generateNewPassword() { HashAlgorithm algorithm = new SHA256Managed(); //hashing algorithm used for passwords byte[] pass = createByteArrayFromString(password); //create byte array String salt = generateSalt(); //get different salt for each password byte[] saltArray = createByteArrayFromString(salt); //create byte array for salt byte[] passWithSalt = pass.Concat(saltArray).ToArray(); //concate both pass array and salt array String hashedPass = Convert.ToBase64String(algorithm.ComputeHash(passWithSalt)); //create hash from salt and convert to string for storing in db Credentials newPass = new Credentials(userId, username, hashedPass, salt, "2"); //create credentails object to send to db for saving return newPass; }
internal static bool createAccount(Credentials newUser) { Boolean created; String database = DatabaseConnectionManager.getDatabaseConnectionString(); using (OleDbConnection sqlConn = new OleDbConnection(database)) { try { sqlConn.Open(); OleDbCommand cmd = sqlConn.CreateCommand(); OleDbTransaction transact = sqlConn.BeginTransaction(); cmd.Transaction = transact; String insert1 = "INSERT INTO [USERS]([username], [access_level], [account_creation_date]) VALUES(@username, @accessLevel, @accountCreationDate)"; cmd.Parameters.Clear(); cmd.CommandText = insert1; cmd.Parameters.Add("username", OleDbType.VarChar, 255).Value = newUser.getUsername(); cmd.Parameters.Add("accessLevel", OleDbType.VarChar, 255).Value = newUser.getAccessLevel(); cmd.Parameters.Add("accountCreationDate", OleDbType.Date).Value = System.DateTime.Now; cmd.Prepare(); cmd.ExecuteNonQuery(); String select = "SELECT @@IDENTITY"; cmd.Parameters.Clear(); cmd.CommandText = select; cmd.Prepare(); int userId = (int)cmd.ExecuteScalar(); String insert2 = "INSERT INTO [PASSWORD]([password_id], [password], [salt]) VALUES(@passwordId, @password, @salt)"; cmd.Parameters.Clear(); cmd.CommandText = insert2; cmd.Parameters.Add("passwordId", OleDbType.Integer).Value = userId; cmd.Parameters.Add("password", OleDbType.VarChar, 255).Value = newUser.getPassword(); cmd.Parameters.Add("salt", OleDbType.VarChar, 255).Value = newUser.getSalt(); cmd.Prepare(); int rows2 = cmd.ExecuteNonQuery(); if (rows2 > 0) { created = true; transact.Commit(); } else { created = false; transact.Rollback(); } return created; } catch (OleDbException ex) { created = false; return created; } finally { sqlConn.Close(); } } }
internal static Credentials getUserCredentials(string username) { Credentials credentials = null; String database = DatabaseConnectionManager.getDatabaseConnectionString(); using (OleDbConnection sqlConn = new OleDbConnection(database)) { try { sqlConn.Open(); OleDbCommand cmd = sqlConn.CreateCommand(); String select = "SELECT [USERS].user_id, [USERS].username, [USERS].access_level, [PASSWORD].password, [PASSWORD].salt FROM [USERS] " + "INNER JOIN [PASSWORD] ON [PASSWORD].password_id = [USERS].user_id " + "WHERE [username] = @username"; cmd.CommandText = select; cmd.Parameters.Add("username", OleDbType.VarChar, 255).Value = username; cmd.Prepare(); OleDbDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { int userId = (int) reader["user_id"]; String user = reader["username"].ToString(); String password = reader["password"].ToString(); String salt = reader["salt"].ToString(); String accessLevel = reader["access_level"].ToString(); credentials = new Credentials(userId, user, password, salt, accessLevel); } return credentials; } catch (OleDbException ex) { Console.WriteLine("exception caught" + ex.GetBaseException()); credentials = null; return credentials; } finally { sqlConn.Close(); } } }