Beispiel #1
0
        public void ChangePassword(GreyFoxUser user, string newPassword)
        {
            string ipAddress     = "No Web Server";
            string clientDetails = "No Web Server";

            if (System.Web.HttpContext.Current != null)
            {
                ipAddress     = System.Web.HttpContext.Current.Request.UserHostAddress;
                clientDetails = System.Web.HttpContext.Current.Request.UserAgent;
            }

            // Log an event
            Amns.GreyFox.EventLog.GreyFoxEvent e =
                new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
            e.Category    = "Login";
            e.Description = "Lost password; username '" +
                            user.UserName + "'.<BR>" +
//				"Old Password: "******"<BR>" +
//				"New Password: "******"<BR>" +
                            "IP Address: " + ipAddress + "<BR>" +
                            "Client: " + clientDetails;
            e.EventDate = DateTime.Now;
            e.EventID   = 25201;
            e.Source    = "AUDITOR";
            e.Type      = 105;
            e.User      = user;
            e.Save();

            user.LoginPassword = newPassword;
            user.Encrypt();
            user.Save();
        }
Beispiel #2
0
        /// <summary>
        /// Logs in a user to the system and optionally logs success and failures to the audit log.
        /// </summary>
        /// <returns>Returns associated user if one exists, or returns null if no user exists.</returns>
        public GreyFoxUser Login(string username, string password, string ipAddress,
                                 string clientDetails, bool logSuccess, bool logFailure)
        {
            GreyFoxUser user = null;

            try
            {
                user = GetByUsername(username);
            }
            catch
            {
                if (logFailure)
                {
                    Amns.GreyFox.EventLog.GreyFoxEvent e =
                        new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
                    e.Category    = "Login";
                    e.Description = "Login failure; invalid username '" +
                                    username + "'.<BR>" +
                                    "IP Address: " + ipAddress + "<BR>" +
                                    "Client: " + clientDetails;
                    e.EventDate = DateTime.Now;
                    e.EventID   = 25104;
                    e.Source    = "AUDITOR";
                    e.Type      = 105;
                    e.User      = null;
                    e.Save();
                }

                throw(new Exception("Login failure; invalid username."));
            }

            if (GreyFoxPassword.DecodePassword(user.loginPassword).ToLower() !=
                password.ToLower())
            {
                if (logFailure)
                {
                    Amns.GreyFox.EventLog.GreyFoxEvent e =
                        new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
                    e.Category    = "Login";
                    e.Description = "Login failure; incorrect password for '" + username + "'.<BR>" +
                                    "Password used '" + password + "'.<BR>" +
                                    "IP Address: " + ipAddress + "<BR>" +
                                    "Client: " + clientDetails;
                    e.EventDate = DateTime.Now;
                    e.EventID   = 25105;
                    e.Source    = "AUDITOR";
                    e.Type      = 105;
                    e.User      = user;
                    e.Save();

                    user.LoginCount++;
                    user.Save();

                    // Delay the user 15 seconds if he's tried in the last 24 hours
                    if (user.LoginCount == 4)
                    {
                        System.Threading.Thread.Sleep(15 * 1000);
                    }
                    // Delay the user 15 seconds + 5 second increments
                    else if (user.LoginCount > 5 & user.LoginCount <= 11)
                    {
                        System.Threading.Thread.Sleep(5 * 1000 * user.LoginCount + 15 * 1000);
                    }
                    // Delay the user 15 seconds + 10 second increments
                    else if (user.LoginCount > 11)
                    {
                        System.Threading.Thread.Sleep(15 * 1000 * user.LoginCount + 15 * 1000);
                    }
                }
                throw(new Exception("Login failure; incorrect password."));
            }
            if (user.isDisabled)
            {
                if (logFailure)
                {
                    Amns.GreyFox.EventLog.GreyFoxEvent e =
                        new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
                    e.Category    = "Login";
                    e.Description = "Login failure; '" + username + "' disabled.<BR>" +
                                    "IP Address: " + ipAddress + "<BR>" +
                                    "Client: " + clientDetails;
                    e.EventDate = DateTime.Now;
                    e.EventID   = 25110;
                    e.Source    = "AUDITOR";
                    e.Type      = 105;
                    e.User      = user;
                    e.Save();
                }

                throw(new Exception("Login failure; user disabled."));
            }

            if (logSuccess)
            {
                Amns.GreyFox.EventLog.GreyFoxEvent e =
                    new Amns.GreyFox.EventLog.GreyFoxEvent("sysGlobal_Events");
                e.Category    = "Login";
                e.Description = "Login success; '" + username + "'.<BR>" +
                                "IP Address: " + ipAddress + "<BR>" +
                                "Client: " + clientDetails;
                e.EventDate = DateTime.Now;
                e.EventID   = 25001;
                e.Source    = "AUDITOR";
                e.Type      = 100;
                e.User      = user;
                e.Save();

                // Delay the user 15 seconds if he's tried in the last 24 hours
                if (user.LoginCount == 4)
                {
                    System.Threading.Thread.Sleep(15 * 1000);
                }
                // Delay the user 15 seconds + 5 second increments
                else if (user.LoginCount > 5 & user.LoginCount <= 11)
                {
                    System.Threading.Thread.Sleep(5 * 1000 * user.LoginCount + 15 * 1000);
                }
                // Delay the user 15 seconds + 10 second increments
                else if (user.LoginCount > 11)
                {
                    System.Threading.Thread.Sleep(15 * 1000 * user.LoginCount + 15 * 1000);
                }
            }

            user.loginCount = 1;
            user.loginDate  = DateTime.Now;
            user.isSynced   = false;
            user.Save();

            return(user);
        }