if (Session["username"] == null)
{
Response.Redirect("default.aspx");
}
else
Button1.Visible = false;
Button2.Visible = false;
Label3.Visible = false;
if (GridView1.Rows.Count == 0)
{
GridView1.Visible = false;
DetailsView2.Visible = false;
Label2.Text = "<b style='color:red'>There are currently no bookings. Please try again later.</b>";
}
else
{
GridView1.Visible = true;
}
DetailsView2.Visible = false;
if (GridView2.Rows.Count == 0)
{
GridView2.Visible = false;
Label4.Text = "<b style='color:red'>You have currently accepted no bookings. Please accept a booking first.</b>";
}
else
{
GridView2.Visible = true;
Label1.Text = "Please look to see which bookings you have already accepted.";
}
if (Request.QueryString["cust_id"] != null)
{
Session["bookings_cust_name"] = Request.QueryString["fname"];
Session["bookings_full_name"] = Request.QueryString["title"] + " " + Request.QueryString["fname"] + " " + Request.QueryString["sname"];
Session["bookings_cust_id"] = Request.QueryString["cust_id"];
Session["bookings_mobile"] = Request.QueryString["mobile"];
}
if (Session["bookings_cust_name"] != null)
{
Button1.Visible = true;
Button2.Visible = true;
Label3.Visible = true;
DetailsView2.Visible = true;
Label6.Text = "<div id = 'post'><h2>More Information</h2></div>";
Label7.Text = "<p>Below are all the details about the booking requested by <b style='color:red'>" + Session["full_name"] + "</b></p>";
Label3.Text = "<p>Do you want to accept this booking?</p>";
}
}
protected void Button2_Click1(object sender, EventArgs e)
{
Session["bookings_cust_name"] = null;
Session["bookings_cust_id"] = null;
Session["bookings_full_name"] = null;
DetailsView2.Visible = false;
Button1.Visible = false;
Button2.Visible = false;
Label3.Visible = false;
Label6.Visible = false;
Label7.Visible = false;
}
protected void Button1_Click(object sender, EventArgs e)
{
string conString = "Provider=Microsoft.Jet.OleDb.4.0;" + "Data Source=|DataDirectory|test.mdb;";
OleDbConnection empConnection = new OleDbConnection(conString);
string insertStatement = "UPDATE tbl_customer_bookings SET accepted = 'Yes', company_name = '"
+ Session["login_company_name"] + "' WHERE fname ='" + Session["bookings_cust_name"] + "'";
OleDbCommand insertCommand = new OleDbCommand(insertStatement, empConnection);
empConnection.Open();
try
{
IntelliSMS objIntelliSMS = new IntelliSMS();
objIntelliSMS.Username = "username";
objIntelliSMS.Password = "password";
String MobileNo = (Session["bookings_mobile"].ToString());
String Message = ("Thank you " + Session["bookings_full_name"].ToString() + ".Your taxi has been accepted by " + Session["login_company_name"].ToString() + ". If you want to cancel then please contact the taxi company on " + Session["login_phone"].ToString() + ".");
String Companyname = ("Just-Taxis.co.uk");
objIntelliSMS.SendMsg(MobileNo, Message, Companyname);
int count = insertCommand.ExecuteNonQuery();
GridView1.DataBind();
Response.Redirect("bookings.aspx");
}
finally
{
Session["bookings_cust_name"] = null;
Session["bookings_cust_id"] = null;
Session["bookings_cust_email"] = null;
Session["bookings_mobile"] = null;
empConnection.Close();
}
The green parts shows what is NOT working at the moment. Note Session["login_phone"] and Session["login_company_name"] have
been taken from the login page.
Now the following code works but is for a different part of the website. It sends a text message to my phone.
I have posted this just in case you need to look at it.
if (CheckBox1.Checked)
{
IntelliSMS objIntelliSMS = new IntelliSMS();
objIntelliSMS.Username = "username";
objIntelliSMS.Password = "password";
String MessageId = objIntelliSMS.SendMsg
(txt_mobile.Text, "Thank you " + DropDownList1.SelectedValue + " " + txt_fname.Text + " "
+ txt_sname.Text + ". Your taxi has been requested. You will be contacted within an hour giving details of acceptance.",
"Just-Taxis.co.uk");
}
<div mce_keep="true">You declared your QueryString like this: bookings.aspx?cust_id={0}title={1}&fname={2}&sname={3}&mobile_no={4}
but you're pulling value like this: Session["bookings_mobile"] = Request.QueryString["mobile"]</div>
<div mce_keep="true">Why do you even use Sessions? You can use this: String MobileNo = Request.QueryString["mobile_no"];</div>
<div mce_keep="true">But, even that is not good solution, because anyone can change querystring value and make a mess. You should use some other approach - maybe just send id of the user/value in the query string and than on the second page pull the desired
values from the database according to that id</div>
Yaaay! It works perfectly now. The code below sends a message to the customer exlaining who the taxi has been accepted by and what number to call them on.. :)
IntelliSMS objIntelliSMS = new IntelliSMS();
objIntelliSMS.Username = "username";
objIntelliSMS.Password = "password";
String Company = Session["login_company_name"].ToString();
String CompanyPhone = Session["login_phone"].ToString();
String MobileNo = Request.QueryString["mobile_no"];
String FullName = Request.QueryString["title"] + " " + Request.QueryString["fname"] + " " + Request.QueryString["sname"];
String Message = ("Thank you" + FullName + ".Your taxi has been accepted by " + Company + ". If you want to cancel then please contact the taxi company on " + CompanyPhone + ".");
String Companyname = ("Just-Taxis.co.uk");
objIntelliSMS.SendMsg(MobileNo, Message, Companyname);
I have the following code which registers users password in encrypted form with md5. But now when i log in i have to enter the hashed password not the actual username.
But my other code is now breaking. I have a change password facility. But i want to update the current password to a new password but encrypt it and send it in plain text via email at the same time :) (Here's where i get confused)
Would i be able to do this?
OleDbCommand cmd;
OleDbConnection conn;
string cmdString = "UPDATE tbl_taxicompanies SET password_test = @new_password" +
" WHERE ([password_test] = [@password]) AND ([username] = [@username])";
conn = new OleDbConnection("Provider=Microsoft.Jet.OleDb.4.0; " + "Data Source=|DataDirectory|test.mdb;" +
"Persist Security Info=False");
cmd = new OleDbCommand(cmdString, conn);
cmd.Parameters.Add("@new_password", OleDbType.VarChar, 50);
cmd.Parameters["@new_password"].Value = txt_new_password.Text;
cmd.Parameters.Add("@password", OleDbType.VarChar, 50);
cmd.Parameters["@password"].Value = txt_old.Text;
cmd.Parameters.Add("@username", OleDbType.VarChar, 50);
cmd.Parameters["@username"].Value = Session["username"].ToString();
conn.Open();
try
{
int count = cmd.ExecuteNonQuery();
MailMessage message = new MailMessage("noreply@csesalford.com", Session["email"].ToString());
//message.Subject = "RE: Password Changed";
message.Body = "Thanks " + Session["login_full_name"] + " for your request. Your password has not been changed to " +txt_new_password.Text+ ".";
SmtpClient client = new SmtpClient("mail.csesalford.com");
client.Send(message);
Response.Redirect("details_sent.aspx");
}
finally
{
conn.Close();
}
That code should work. Only thing that maybe could break it is the missing
catch{} part between try{} and finally{}. If that doesn't solve it, you should write on what line do you get the error (if you get the error, if not, you should explain what exactlly is the problem).
Thanks for your reply. sorry i may have been vague in my previous post. Basically I want to make my website more secure by using MD5 to encrypt passwords and store them in the form of a hash in the database.
The problem i am having is not with regsitering and enabling users to login, as i have already done this. I have used code below to encrypt password when registering:-
insertCommand.Parameters.Add("@password", OleDbType.Char).Value = hashedPassword; // store hashed password in database
However the problem begins on my forgot_password.aspx page. When users want to login and they have forgotten their password they are asked for their email and username. If these details are entered correctly then the password is sent to the user via email.
But as i have come to know MD5 is a one way hashing algorithm so cannot be decrypted, therfore a one time link must be sent to the users email where they can reset their password.
So after reviewing the problems i have come up with 2 solutions whihc i need your advice on.
Go with the reset password email link
When users register 2 forms of their passwords are stored into the database, one in plain text and one hashed. So when users forget their password they can enter their username and email and the plain text password will be sent to them is the detail are
correct instead of the hashed password.
What do you think is the best way to achieve my goal..?
kipo
All-Star
16475 Points
2811 Posts
Re: Web Service for Sending Messages
Mar 20, 2009 04:00 PM|LINK
Can you post the code where you filled those sessions with values?
billy_111
Member
333 Points
878 Posts
Re: Web Service for Sending Messages
Mar 20, 2009 05:49 PM|LINK
Ok basically i have the following code:-
if (Session["username"] == null) { Response.Redirect("default.aspx"); } else Button1.Visible = false; Button2.Visible = false; Label3.Visible = false; if (GridView1.Rows.Count == 0) { GridView1.Visible = false; DetailsView2.Visible = false; Label2.Text = "<b style='color:red'>There are currently no bookings. Please try again later.</b>"; } else { GridView1.Visible = true; } DetailsView2.Visible = false; if (GridView2.Rows.Count == 0) { GridView2.Visible = false; Label4.Text = "<b style='color:red'>You have currently accepted no bookings. Please accept a booking first.</b>"; } else { GridView2.Visible = true; Label1.Text = "Please look to see which bookings you have already accepted."; } if (Request.QueryString["cust_id"] != null) { Session["bookings_cust_name"] = Request.QueryString["fname"]; Session["bookings_full_name"] = Request.QueryString["title"] + " " + Request.QueryString["fname"] + " " + Request.QueryString["sname"]; Session["bookings_cust_id"] = Request.QueryString["cust_id"]; Session["bookings_mobile"] = Request.QueryString["mobile"]; } if (Session["bookings_cust_name"] != null) { Button1.Visible = true; Button2.Visible = true; Label3.Visible = true; DetailsView2.Visible = true; Label6.Text = "<div id = 'post'><h2>More Information</h2></div>"; Label7.Text = "<p>Below are all the details about the booking requested by <b style='color:red'>" + Session["full_name"] + "</b></p>"; Label3.Text = "<p>Do you want to accept this booking?</p>"; } } protected void Button2_Click1(object sender, EventArgs e) { Session["bookings_cust_name"] = null; Session["bookings_cust_id"] = null; Session["bookings_full_name"] = null; DetailsView2.Visible = false; Button1.Visible = false; Button2.Visible = false; Label3.Visible = false; Label6.Visible = false; Label7.Visible = false; } protected void Button1_Click(object sender, EventArgs e) { string conString = "Provider=Microsoft.Jet.OleDb.4.0;" + "Data Source=|DataDirectory|test.mdb;"; OleDbConnection empConnection = new OleDbConnection(conString); string insertStatement = "UPDATE tbl_customer_bookings SET accepted = 'Yes', company_name = '" + Session["login_company_name"] + "' WHERE fname ='" + Session["bookings_cust_name"] + "'"; OleDbCommand insertCommand = new OleDbCommand(insertStatement, empConnection); empConnection.Open(); try { IntelliSMS objIntelliSMS = new IntelliSMS(); objIntelliSMS.Username = "username"; objIntelliSMS.Password = "password"; String MobileNo = (Session["bookings_mobile"].ToString()); String Message = ("Thank you " + Session["bookings_full_name"].ToString() + ".Your taxi has been accepted by " + Session["login_company_name"].ToString() + ". If you want to cancel then please contact the taxi company on " + Session["login_phone"].ToString() + "."); String Companyname = ("Just-Taxis.co.uk"); objIntelliSMS.SendMsg(MobileNo, Message, Companyname); int count = insertCommand.ExecuteNonQuery(); GridView1.DataBind(); Response.Redirect("bookings.aspx"); } finally { Session["bookings_cust_name"] = null; Session["bookings_cust_id"] = null; Session["bookings_cust_email"] = null; Session["bookings_mobile"] = null; empConnection.Close(); }billy_111
Member
333 Points
878 Posts
Re: Web Service for Sending Messages
Mar 20, 2009 06:01 PM|LINK
Also the querystring values have been made up from the following Gridview:-
kipo
All-Star
16475 Points
2811 Posts
Re: Web Service for Sending Messages
Mar 20, 2009 06:52 PM|LINK
bookings.aspx?cust_id={0}title={1}&fname={2}&sname={3}&mobile_no={4}
but you're pulling value like this:
Session["bookings_mobile"] = Request.QueryString["mobile"]</div>
String MobileNo = Request.QueryString["mobile_no"];</div>
billy_111
Member
333 Points
878 Posts
Re: Web Service for Sending Messages
Mar 21, 2009 02:08 AM|LINK
Yaaay! It works perfectly now. The code below sends a message to the customer exlaining who the taxi has been accepted by and what number to call them on.. :)
I really appreciate your input.
Thanks a lot
billy_111
Member
333 Points
878 Posts
Re: Login with MD5
Mar 24, 2009 08:10 PM|LINK
Hey,
I have the following code which registers users password in encrypted form with md5. But now when i log in i have to enter the hashed password not the actual username.
the code below shows how i login, it is using parameterized values:-
How can i use the above code which i am currently using to decrypt the password and use it to login..?
Thanks
Regards
billy_111
Member
333 Points
878 Posts
Re: Login with MD5
Mar 24, 2009 08:53 PM|LINK
Hey,
I've figured that one, the working code is as follows:-
But my other code is now breaking. I have a change password facility. But i want to update the current password to a new password but encrypt it and send it in plain text via email at the same time :) (Here's where i get confused)
Would i be able to do this?
Thanks
kipo
All-Star
16475 Points
2811 Posts
Re: Login with MD5
Mar 28, 2009 12:00 PM|LINK
That code should work. Only thing that maybe could break it is the missing catch{} part between try{} and finally{}. If that doesn't solve it, you should write on what line do you get the error (if you get the error, if not, you should explain what exactlly is the problem).
billy_111
Member
333 Points
878 Posts
Re: Login with MD5
Mar 28, 2009 12:52 PM|LINK
Hey,
Thanks for your reply. sorry i may have been vague in my previous post. Basically I want to make my website more secure by using MD5 to encrypt passwords and store them in the form of a hash in the database.
The problem i am having is not with regsitering and enabling users to login, as i have already done this. I have used code below to encrypt password when registering:-
However the problem begins on my forgot_password.aspx page. When users want to login and they have forgotten their password they are asked for their email and username. If these details are entered correctly then the password is sent to the user via email. But as i have come to know MD5 is a one way hashing algorithm so cannot be decrypted, therfore a one time link must be sent to the users email where they can reset their password.
So after reviewing the problems i have come up with 2 solutions whihc i need your advice on.
What do you think is the best way to achieve my goal..?
Sorry for the confusion.
Thanks
Regards
billy_111
Member
333 Points
878 Posts
Re: Web Services
Apr 15, 2009 06:02 PM|LINK
Hey,
I am having some problems with creating a web method enabling users to login. Firstly i have the following web method:-
[WebMethod(Description = "Method to Authenticate Users")] public bool Authenticate(string username, string password) { const string connStr = "Provider=Microsoft.Jet.OleDb.4.0; " + "Data Source=|DataDirectory|forum.mdb;"; OleDbConnection dbConn = new OleDbConnection(connStr); string sqlStr = "Select username, password from members where username = @username AND password = @password"; dbConn.Open(); OleDbCommand dbCommand = new OleDbCommand(sqlStr, dbConn); OleDbDataReader dbReader = dbCommand.ExecuteReader(); dbCommand.Parameters.Add("@username", OleDbType.VarChar, 50); dbCommand.Parameters["@username"].Value = username; dbCommand.Parameters.Add("@password", OleDbType.VarChar, 50); dbCommand.Parameters["@password"].Value = password; bool returnBool; if (dbReader.Read()) { if ((dbReader[0].ToString() == username && dbReader[1].ToString() == password)) { returnBool = true; } else { returnBool = false; } } else { returnBool = false; } dbReader.Close(); dbConn.Close(); return returnBool;What i want to know is the web method correct?