我的问题是如何更改密码,当它已经散列和盐,我有web应用程序asp.net C#,我想在我的网站上更改密码选项,但我不能更改数据库中的密码,如果有人知道请这样做,请提前帮助或随意提出考虑链接。
这是我的代码
List<String> salthashlist = null;
List<String> newlist = null;
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegisterConnectionString"].ConnectionString);
conn.Open();
QueryStr = "select Password,UserName FROM UserData WHERE UserName= @uname";
cmd = new SqlCommand(QueryStr, conn);
cmd.Parameters.AddWithValue("@uname", Userlbl.Text);
reader = cmd.ExecuteReader();
while (reader.HasRows && reader.Read())
{
if (salthashlist == null)
{
salthashlist = new List<String>();
newlist = new List<String>();
}
String salHashes = reader.GetString(reader.GetOrdinal("Password"));
salthashlist.Add(salHashes);
String fullname = reader.GetString(reader.GetOrdinal("UserName"));
newlist.Add(fullname);
}
reader.Close();
if (salthashlist != null)
{
for (int i = 0; i < salthashlist.Count; i++)
{
QueryStr = "";
bool validuser = PasswordHash.Validatepass(oldpasswordtxt.Text, salthashlist[i]);
if (validuser == true)
{
Session["New"] = newlist[i];
Response.BufferOutput = true;
String salthashreturned = PasswordHash.makehash(newpassconfirmtxt.Text);
int commaindex = salthashreturned.IndexOf(":");
String extractedstring = salthashreturned.Substring(0, commaindex);
commaindex = salthashreturned.IndexOf(":");
extractedstring = salthashreturned.Substring(commaindex + 1);
commaindex = extractedstring.IndexOf(":");
String salt = extractedstring.Substring(0, commaindex);
commaindex = extractedstring.IndexOf(":");
extractedstring = extractedstring.Substring(commaindex + 1);
String hash = extractedstring;
cmd.Parameters.AddWithValue("@password", salthashreturned);
passchangelbl.Text = "Your new password is changed successfully";
cmd.ExecuteReader();
conn.Close();
}
else
{
passchangelbl.Text = "Please check your old password";
}
}
}
}
catch (Exception ex)
{
passchangelbl.Text = "Please check your password" + ex;
}
答案 0 :(得分:0)
您需要将新密码更新到数据库。你忘了那样做。您执行了错误的SELECT命令。
...
if (validuser == true)
{
...
// error here:
cmd.Parameters.AddWithValue("@password", salthashreturned);
passchangelbl.Text = "Your new password is changed successfully";
cmd.ExecuteReader();
conn.Close();
}
您需要在数据库中UPDATE密码哈希。原理:
...
if (validuser == true)
{
...
// possible solution in principle:
cmd = new SqlCommand(
"UPDATE UserData SET Password=@newPassword WHERE UserName= @uname", conn);
cmd.Parameters.AddWithValue("@uname", Userlbl.Text);
cmd.Parameters.AddWithValue("@newPassword", salthashreturned);
cmd.ExecuteScalar();
conn.Close();
passchangelbl.Text = "Your new password is changed successfully";
}