private void signupButtonClicked(object sender, EventArgs e)
{
var userName = userNameTextBox.Text;
var password = passwordTextBox.Text;
var cmd = new SqlCommand();
if (userName.Length < 6 || password.Length < 6 /*use premade libary for this*/)
{
MessageBox.Show("Need at lease 1 number and blablalba etc...");
return;
}
HashSalt hashSalt = HashSalt.GenerateSaltedHash(64, password);
using (SqlConnection connection = new SqlConnection(Uti.CONSTRING)) {
connection.Open();
cmd.Parameters.AddWithValue("@userName", userName);
cmd.Parameters.AddWithValue("@hash", hashSalt.Hash);
cmd.Parameters.AddWithValue("@salt", hashSalt.Salt);
cmd.CommandText = "INSERT INTO Users(Username ,Hash, Salt) VALUES ( @userName, @hash, @salt)";
cmd.Connection = connection;
try {
cmd.ExecuteNonQuery();
} catch (SqlException ex) {
if (ex.Number == 2601 || ex.Number == 2627)
{
MessageBox.Show("User already exist!");
return;
}
}
MessageBox.Show("New user added!");
}
}
private void loginButtonClicked(object sender, EventArgs e)
{
var cmd = new SqlCommand();
var userName = userNameTextBox.Text;
var userHashSalt = new HashSalt();
using (SqlConnection connection = new SqlConnection(Uti.CONSTRING)) {
connection.Open();
cmd.Parameters.AddWithValue("@userName", userName);
cmd.CommandText = "SELECT TOP 1 * FROM Users WHERE Username=@userName";
cmd.Connection = connection;
using (SqlDataReader oReader = cmd.ExecuteReader()) {
if (oReader.Read())
{
userHashSalt = new HashSalt {
Hash = oReader["Hash"].ToString(), Salt = oReader["Salt"].ToString()
};
user.id = (int)oReader["Id"];
}
else
{
MessageBox.Show("User or password invalid!" /*no user*/);
return;
}
}
bool isPasswordMatched = HashSalt.VerifyPassword(passwordTextBox.Text, userHashSalt.Hash, userHashSalt.Salt);
if (isPasswordMatched)
{
MessageBox.Show("Login success!" /*password match*/);
StartTimer();
cmd.Parameters.AddWithValue("@userId", user.id);
cmd.Parameters.AddWithValue("@enterTime", user.connectedTime);
cmd.CommandText = "INSERT INTO Attendance(EnterTime,UserId) Values(@enterTime,@userId); SELECT SCOPE_IDENTITY();";
user.attendanceId = int.Parse(cmd.ExecuteScalar().ToString());
}
else
{
MessageBox.Show("User or password invalid!" /*Password invalid!*/);
return;
}
}
LogInLabel.Text = DateTime.Now.ToString();
statusLabel.ForeColor = Color.LimeGreen;
statusLabel.Text = "User Online!";
if (userName == "adminadmin")
{
using (var adminForm = new AdminForm())
adminForm.ShowDialog();
}
}
//public HashSalt(string hash, string salt) { Hash = hash; Salt = salt; }
public static HashSalt GenerateSaltedHash(int size, string password)
{
var saltBytes = new byte[size];
var provider = new RNGCryptoServiceProvider();
provider.GetNonZeroBytes(saltBytes);
var salt = Convert.ToBase64String(saltBytes);
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000);
var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
HashSalt hashSalt = new HashSalt {
Hash = hashPassword, Salt = salt
};
return(hashSalt);
}
