make password change secure

This commit is contained in:
JackTerok 2021-02-19 22:14:01 +01:00
parent 91e8fecb28
commit b9082c7889
2 changed files with 40 additions and 22 deletions

View File

@ -14,9 +14,18 @@
<h3 class="text-center"> <strong class="text-custom">PT Magic</strong> </h3>
<p class="text-center">Setup your password.</p>
</div>
<div class="p-20">
<form class="form-horizontal m-t-20" method="post">
@if (System.IO.File.Exists(System.IO.Directory.GetCurrentDirectory().Split("Monitor")[0] + "settings.secure.json"))
{
<div class="form-group">
<div class="col-12">
<input name="OldPassword" class="form-control" type="password" required="" placeholder="Old Password">
</div>
</div>
}
<div class="form-group">
<div class="col-12">
<input name="Password" class="form-control" type="password" required="" placeholder="Password">
@ -29,14 +38,6 @@
</div>
</div>
@if (!Model.ValidationMessage.Equals("")) {
<div class="form-group">
<div class="text-danger m-l-10">
@Model.ValidationMessage
</div>
</div>
}
<div class="form-group text-center m-t-40">
<div class="col-12">
<button class="btn btn-ptmagic btn-block text-uppercase waves-effect waves-light" type="submit">
@ -44,9 +45,7 @@
</button>
</div>
</div>
</form>
</div>
</div>

View File

@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;
using Newtonsoft.Json;
using Core.Main;
using Core.Helper;
namespace Monitor.Pages
{
@ -16,21 +17,39 @@ namespace Monitor.Pages
base.PreInit();
}
public void OnPost(string password, string passwordConfirm)
{
if (!password.Equals(passwordConfirm))
public void OnPost(string OldPassword, string Password, string PasswordConfirm)
{
base.PreInit();
string encryptedOldPassword = null;
if (OldPassword != null)
{
encryptedOldPassword = EncryptionHelper.Encrypt(OldPassword);
if (!Password.Equals(PasswordConfirm) || !encryptedOldPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword) && System.IO.File.Exists(System.IO.Directory.GetCurrentDirectory().Split("Monitor")[0] + "settings.secure.json"))
{
Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "SetupPassword");
}
else if (ModelState.IsValid)
{
base.PreInit();
PTMagicConfiguration.WriteSecureSettings(password);
PTMagicConfiguration.WriteSecureSettings(Password);
Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "Login");
}
}
else
{
if (!Password.Equals(PasswordConfirm) && !System.IO.File.Exists(System.IO.Directory.GetCurrentDirectory().Split("Monitor")[0] + "settings.secure.json"))
{
Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "SetupPassword");
}
else if (ModelState.IsValid)
{
PTMagicConfiguration.WriteSecureSettings(Password);
Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "Login");
}
}
}
}
}