From 2ed3e02630d35ec8484c9a02294643f9bb7ac992 Mon Sep 17 00:00:00 2001
From: Gregory Rudolph <rudi@nightmare.haus>
Date: Mon, 18 Oct 2021 20:43:38 -0400
Subject: [PATCH] Allow user password changes

---
 Account.cs              | 15 +++++++++++++++
 Pages/Account.cshtml    | 21 ++++++++++++++++++++-
 Pages/Account.cshtml.cs | 10 ++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/Account.cs b/Account.cs
index 0d2e175..15674d6 100644
--- a/Account.cs
+++ b/Account.cs
@@ -170,6 +170,21 @@ namespace NightmareCoreWeb2
         {
             return verifier.Compare(this.Verifier);
         }
+        public void ChangePassword(string NewPassword) {
+            MySqlConnection conn = new MySqlConnection(Program.connStr);
+             conn.Open();
+                byte[] salt = new byte[32];
+                byte[] verifier = new byte[32];
+                (salt, verifier) = Framework.Cryptography.SRP6.MakeRegistrationData(this.Username, NewPassword);
+                
+                string sql = "UPDATE auth.account SET salt=@salt, verifier=@verifier where username=@username";
+                MySqlCommand cmd = new MySqlCommand(sql, conn);
+                cmd.Parameters.AddWithValue("username", Username);
+                cmd.Parameters.AddWithValue("salt", salt);
+                cmd.Parameters.AddWithValue("verifier", verifier);
+                cmd.ExecuteNonQuery();
+                conn.Close();
+        }
 
     }
 
diff --git a/Pages/Account.cshtml b/Pages/Account.cshtml
index 828c5d4..6a5411a 100644
--- a/Pages/Account.cshtml
+++ b/Pages/Account.cshtml
@@ -47,8 +47,27 @@
                             <p class="card-text">Username: @Model.UserAccount.Username</p>
                             <p class="card-text">Email: @Model.UserAccount.Email</p>
                             <p class="card-text">Last IP: @Model.UserAccount.LastIP</p>
-                            <p class="card-text">Last Login: @Model.UserAccount.LastLogin.ToLocalTime()</p>
+                            <p class="card-text">Last Login: @Model.UserAccount.LastLogin.ToLocalTime()</p>            
+                        </div>
+                    </div>
 
+                </div>
+                <div class="col-md-5">
+                                                            <div class="card">
+                        <div class="card-header">
+                            <h6>Change Password</h6>
+                        </div>
+                        <div class="card-body">
+                            <form action="?handler=ChangePassword" method="post" enctype="multipart/form-data"> 
+                                <div class="form-group">
+                                    <label for="NewPassword">New Password: </label>
+                                    <input asp-for="NewPassword" type="password" name="NewPassword" id="NewPassword">
+                                    <label for="NewPassword2">New Password Again: </label>
+                                    <input asp-for="NewPassword2" type="password" name="NewPassword2" id="NewPassword2">
+                                </div>                                                
+                                @Html.AntiForgeryToken()                                                                                                                                             
+                                <input class="button" type="submit" value="Change Password" name="changepassword">                                                                                                                                                 
+                            </form>               
                         </div>
                     </div>
                 </div>
diff --git a/Pages/Account.cshtml.cs b/Pages/Account.cshtml.cs
index 0de24c5..2152209 100644
--- a/Pages/Account.cshtml.cs
+++ b/Pages/Account.cshtml.cs
@@ -14,6 +14,8 @@ namespace NightmareCoreWeb2.Pages
         public string CharacterListType { get; set; }
         public string AuthToken { get; set; }
         public string Username { get; set; }
+        public string NewPassword {get; set;}
+        public string NewPassword2 {get; set;}
         public bool IsAuthenticated = false;
         public Account UserAccount { get; set; }
         public List<Character> OnlineCharacters = new List<Character>();
@@ -109,6 +111,14 @@ namespace NightmareCoreWeb2.Pages
             }
 
         }
+        public void OnPostChangePassword() {
+            OnGet();
+            NewPassword = Request.Form["NewPassword"];
+            NewPassword2 = Request.Form["NewPassword2"];
+            if (NewPassword.Equals(NewPassword2)) {
+                this.UserAccount.ChangePassword(NewPassword);
+            }
+        }
 
     }
 }