Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.Data.SqlClient;
- using System.Linq;
- using System.Web;
- using System.Web.Configuration;
- using System.Web.UI;
- using System.Web.UI.WebControls;
- using System.Data;
- namespace Lab5
- {
- public partial class Login : System.Web.UI.Page
- {
- protected void Page_Load(object sender, EventArgs e)
- {
- if(!IsPostBack)
- {
- HeaderHypLink.Visible = false;
- lblStatus.Text = "";
- lblStatus.Visible = false;
- lblCookie.Visible = false;
- lblCustomerid.Visible = false;
- lblFirstname.Visible = false;
- lblLastname.Visible = false;
- lblStatus.Visible = false;
- HttpCookie cookie = Request.Cookies["Login"];
- if (cookie != null)
- {
- username.Text = Decode(cookie["UserName"]);
- //Display link to headers page
- HeaderHypLink.Visible = true;
- LogInButton.Visible = false;
- Customer cust = new Customer(cookie["UserName"]);
- if (cust.Exists)
- {
- lblCookie.Text = "Cookie: " + cookie["UserName"];
- lblCustomerid.Text = "Customer ID: " + cust.CustomerID.ToString();
- lblFirstname.Text = "First Name: " + cust.FirstName;
- lblLastname.Text = "Last Name: " + cust.LastName;
- lblCustomerid.Visible = true;
- lblFirstname.Visible = true;
- lblLastname.Visible = true;
- lblCookie.Visible = true;
- }
- }
- else
- {
- HeaderHypLink.Visible = false;
- }
- }
- // only run on first page load.
- if (!IsPostBack)
- {
- }
- //Decoding/Encoding: http://stackoverflow.com/questions/11743160/how-do-i-encode-and-decode-a-base64-string
- //Cookie info: https://msdn.microsoft.com/en-us/library/ms178194.aspx
- }
- //Login button code (when clicked)
- protected void LogInButton_Click(object sender, EventArgs e)
- {
- lblCookie.Visible = false;
- lblCustomerid.Visible = false;
- lblFirstname.Visible = false;
- lblLastname.Visible = false;
- lblStatus.Visible = false;
- //Extract the username from the textbox at a maximum of 16 characters/letters
- string usernameText = username.Text.Trim();
- string passwordText = password.Text.Trim();
- //Check if the username or password textboxes were empty
- if (usernameText == string.Empty || passwordText == string.Empty)
- {
- lblStatus.Text = "username and password required";
- lblStatus.Visible = true;
- return;
- }
- //Database stuff
- string connectionString = WebConfigurationManager.ConnectionStrings["pubs"].ConnectionString;
- SqlConnection con = new SqlConnection(connectionString);
- try
- {
- con.Open();
- SqlCommand checkUserPass = new SqlCommand();
- checkUserPass.Connection = con;
- checkUserPass.CommandText = "SELECT customerid FROM customers WHERE username=@user AND password=@pass";
- checkUserPass.Parameters.AddWithValue("@user", usernameText);
- checkUserPass.Parameters.AddWithValue("@pass", passwordText);
- SqlDataReader reader = checkUserPass.ExecuteReader();
- // if an entry exists with the specified username and password
- if (reader.Read())
- {
- //Encode the username so that we can use it as a value for the cookie
- string encodedText;
- encodedText = generateEncoding(usernameText);
- HttpCookie cookie = Request.Cookies["Login"];
- if (cookie == null)
- {
- cookie = new HttpCookie("Login");
- }
- cookie["UserName"] = encodedText;
- cookie.Expires = DateTime.Now.AddDays(7);
- Response.Cookies.Add(cookie);
- //Display link to headers page
- HeaderHypLink.Visible = true;
- username.Text = Decode(cookie["UserName"]);
- int customerID = (int)reader["customerid"];
- reader.Close();
- SqlCommand insertCookie = new SqlCommand();
- insertCookie.Connection = con;
- insertCookie.CommandText = "INSERT INTO sessions (customerid, cookie)"
- + " VALUES (@custID, @cookie)";
- insertCookie.Parameters.AddWithValue("@custID", customerID);
- insertCookie.Parameters.AddWithValue("@cookie", encodedText);
- insertCookie.ExecuteNonQuery();
- Customer cust = new Customer(cookie["UserName"]);
- if (cust.Exists)
- {
- lblCookie.Text = "Cookie: " + cookie["UserName"];
- lblCustomerid.Text = "Customer ID: " + cust.CustomerID.ToString();
- lblFirstname.Text = "First Name: " + cust.FirstName;
- lblLastname.Text = "Last Name: " + cust.LastName;
- lblCustomerid.Visible = true;
- lblFirstname.Visible = true;
- lblLastname.Visible = true;
- lblCookie.Visible = true;
- }
- LogInButton.Visible = false;
- }
- else
- {
- lblStatus.Visible = true;
- lblStatus.Text = "Username or password doesn't exist.";
- return;
- }
- }
- catch (Exception ex)
- {
- Response.Write(ex.Message);
- }
- finally
- {
- con.Close();
- }
- }
- //Takes in the username and spits it back out as a return value
- private string generateEncoding(string text)
- {
- // Adds some noise characters to the beginning
- text = generateNoiseCharacters() + text;
- var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(text);
- return Convert.ToBase64String(plainTextBytes);
- }
- private string Decode(string encodedText)
- {
- try
- {
- var base64EncodedBytes = Convert.FromBase64String(encodedText);
- string decoded = System.Text.Encoding.UTF8.GetString(base64EncodedBytes);
- decoded = decoded.Substring(3);
- return decoded;
- }
- catch(Exception)
- {
- Response.Write("Your user setting were weird: " + encodedText);
- return "";
- }
- }
- private static string generateNoiseCharacters(int length = 3)
- {
- Random random = new Random();
- const string chars = "ABCDEFGHIJKLMNOPQRSTUBWXYZ12345678I90!#$%^&*()-=_+/.,;'?><";
- // select length amount of random characters from the chars string, and return those.
- return new string(Enumerable.Repeat(chars, length).Select(s => s[random.Next(s.Length)]).ToArray());
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
