i want to try sha256 encrypt password store in Database and making login page with encrypted password
protected void submit_Click(object sender, EventArgs e)
{
if (Session["CAPTCHA"] != null && Session["CAPTCHA"].ToString().Equals(txtcaptcha.Text) && Validation.ValUsername(username.Text) && Validation.ValPassword(password.Text))
{
SqlConnection cnn = new SqlConnection();
cnn.ConnectionString = ConfigurationManager.ConnectionStrings["MCC"].ConnectionString;
SqlCommand cmd = new SqlCommand("select * from [EmployeeList] where userid = @name", cnn);
cnn.Open();
cmd.Parameters.Add("@name", SqlDbType.VarChar).Value = username.Text;
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
dr.Read();
string rnostr = Convert.ToString(Session["rnumb"]) + dr["password"].ToString();
MD5 md5Hash = MD5.Create();
string strHash = GetMd5Hash(md5Hash, rnostr);
if (strHash.ToLower().Trim() == password.Text.ToLower().Trim())
{
Session["id"] = dr["ID"].ToString();
Session["role"] = dr["role"].ToString();
Session["level"] = dr["Level"].ToString();
Session["designation"] = dr["designation"].ToString();
Session["name"] = dr["Name"].ToString();
Session["mobno"] = dr["MobileNo"].ToString();
Session["email"] = dr["Email"].ToString();
Session["ip"] = Request.UserHostAddress;
Random rd = new Random();
HttpCookie ck = new HttpCookie("mcc");
ck.HttpOnly = true;
Session["ck"] = GetMD5.getMD(rd.Next().ToString());
ck["rnd"] = Session["ck"].ToString();
Response.Cookies.Add(ck);
Database.LogData("Login", username.Text + " " + Session["name"].ToString(), Request.UserHostAddress, Session["id"].ToString(), "");
if (Session["role"].ToString() == "admin")
{
Response.Redirect("~/Auth/adm/Map.aspx", false);
}
else if (Session["role"].ToString() == "user")
{
Response.Redirect("~/Auth/usr/OfficerInbox.aspx", false);
}
else if (Session["role"].ToString() == "entry")
{
Response.Redirect("~/Auth/rpt/EnterGrievanceUser.aspx", false);
}
else if (Session["role"].ToString() == "complaint_entry")
{
Response.Redirect("~/Auth/rpt/EnterComplaint.aspx", false);
}
else if (Session["role"].ToString() == "GPU")
{
Response.Redirect("~/Auth/adm/GPUBinCheck.aspx", false);
}
else if (Session["role"].ToString() == "SanitaryAdmin")
{
Response.Redirect("~/Auth/adm/BinMaster.aspx", false);
}
else if (Session["role"].ToString() == "Report")
{
Response.Redirect("~/Auth/adm/LocWiseReport.aspx", false);
}
else if (Session["role"].ToString() == "Nodal")
{
Response.Redirect("~/Auth/usr/ComplMark.aspx", false);
}
}
else
{
Database.LogData("LoginFailure", username.Text, Request.UserHostAddress,"", "");
MessageBox("Incorrect User Name or Password");
}
}
else
{
Database.LogData("LoginFailure", username.Text, Request.UserHostAddress, "", "");
MessageBox("Incorrect User Name or Password");
}
dr.Dispose();
cnn.Close();
}
else
{
Database.LogData("LoginFailure", username.Text, Request.UserHostAddress, "", "");
MessageBox("Incorrect verification string or username or password");
}
Random rd1 = new Random();
MD5 md5Hash1 = MD5.Create();
string strHash1 = GetMd5Hash(md5Hash1, rd1.Next().ToString());
Session["rnumb"] = strHash1;
hfrandam.Value = Session["rnumb"].ToString();
}
function EncryptPassword1() {
try {
var x = document.getElementById('').value;
if (document.getElementById('').value == '') {
alert('Enter username');
document.getElementById('').value = ''
document.getElementById('').focus();
return false;
}
if (document.getElementById('').value == '') {
alert('Enter password');
document.getElementById('').value = ''
document.getElementById('').focus();
return false;
}
if (document.getElementById('').value != "") {
var md5encypt = hex_md5(document.getElementById('').value);
var passstr = x + (md5encypt);
document.getElementById('').value = hex_md5(passstr);
}
}
catch (err) {
alert(err.message);
}
}
What I have tried:
i want to try sha256 encrypt password store in Database and making login page with encrypted password