Allow user password changes

3 years ago · 2ed3e02630
3 changed files with 45 additions and 1 deletions
--- a/Account.cs
+++ b/Account.cs
@ -170,6 +170,21 @@ namespace NightmareCoreWeb2
				@@ -170,6 +170,21 @@ namespace NightmareCoreWeb2
        {
            return verifier.Compare(this.Verifier);
        }
+        public void ChangePassword(string NewPassword) {
+            MySqlConnection conn = new MySqlConnection(Program.connStr);
+             conn.Open();
+                byte[] salt = new byte[32];
+                byte[] verifier = new byte[32];
+                (salt, verifier) = Framework.Cryptography.SRP6.MakeRegistrationData(this.Username, NewPassword);
+                
+                string sql = "UPDATE auth.account SET salt=@salt, verifier=@verifier where username=@username";
+                MySqlCommand cmd = new MySqlCommand(sql, conn);
+                cmd.Parameters.AddWithValue("username", Username);
+                cmd.Parameters.AddWithValue("salt", salt);
+                cmd.Parameters.AddWithValue("verifier", verifier);
+                cmd.ExecuteNonQuery();
+                conn.Close();
+        }

    }

--- a/Pages/Account.cshtml
+++ b/Pages/Account.cshtml
@ -47,8 +47,27 @@
				@@ -47,8 +47,27 @@
                            <p class="card-text">Username: @Model.UserAccount.Username</p>
                            <p class="card-text">Email: @Model.UserAccount.Email</p>
                            <p class="card-text">Last IP: @Model.UserAccount.LastIP</p>
-                            <p class="card-text">Last Login: @Model.UserAccount.LastLogin.ToLocalTime()</p>
+                            <p class="card-text">Last Login: @Model.UserAccount.LastLogin.ToLocalTime()</p>            
+                        </div>
+                    </div>

+                </div>
+                <div class="col-md-5">
+                                                            <div class="card">
+                        <div class="card-header">
+                            <h6>Change Password</h6>
+                        </div>
+                        <div class="card-body">
+                            <form action="?handler=ChangePassword" method="post" enctype="multipart/form-data"> 
+                                <div class="form-group">
+                                    <label for="NewPassword">New Password: </label>
+                                    <input asp-for="NewPassword" type="password" name="NewPassword" id="NewPassword">
+                                    <label for="NewPassword2">New Password Again: </label>
+                                    <input asp-for="NewPassword2" type="password" name="NewPassword2" id="NewPassword2">
+                                </div>                                                
+                                @Html.AntiForgeryToken()                                                                                                                                             
+                                <input class="button" type="submit" value="Change Password" name="changepassword">                                                                                                                                                 
+                            </form>               
                        </div>
                    </div>
                </div>
--- a/Pages/Account.cshtml.cs
+++ b/Pages/Account.cshtml.cs
@ -14,6 +14,8 @@ namespace NightmareCoreWeb2.Pages
				@@ -14,6 +14,8 @@ namespace NightmareCoreWeb2.Pages
        public string CharacterListType { get; set; }
        public string AuthToken { get; set; }
        public string Username { get; set; }
+        public string NewPassword {get; set;}
+        public string NewPassword2 {get; set;}
        public bool IsAuthenticated = false;
        public Account UserAccount { get; set; }
        public List<Character> OnlineCharacters = new List<Character>();
@ -109,6 +111,14 @@ namespace NightmareCoreWeb2.Pages
				@@ -109,6 +111,14 @@ namespace NightmareCoreWeb2.Pages
            }

        }
+        public void OnPostChangePassword() {
+            OnGet();
+            NewPassword = Request.Form["NewPassword"];
+            NewPassword2 = Request.Form["NewPassword2"];
+            if (NewPassword.Equals(NewPassword2)) {
+                this.UserAccount.ChangePassword(NewPassword);
+            }
+        }

    }
 }