/// <summary> /// Handles the Click event of the btnEnter control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> /// <remarks></remarks> protected void btnEnter_Click(object sender, EventArgs e) { if (IsValidInfo()) { ////start building recaptch api call //var sb = new StringBuilder(); //sb.Append("https://www.google.com/recaptcha/api/siteverify?secret="); ////our secret key //var secretKey = "6LfCPbsUAAAAALvGNtSqXRZwX1dp0xUZhd0AIbUT"; //sb.Append(secretKey); ////response from recaptch control //sb.Append("&"); //sb.Append("response="); //var reCaptchaResponse = Request["g-recaptcha-response"]; //sb.Append(reCaptchaResponse); ////client ip address ////---- This Ip address part is optional. If you donot want to send IP address you can ////---- Skip(Remove below 4 lines) //sb.Append("&"); //sb.Append("remoteip="); ////var clientIpAddress = GetUserIp(); ////sb.Append(clientIpAddress); ////make the api call and determine validity //using (var client = new WebClient()) //{ // var uri = sb.ToString(); // var json = client.DownloadString(uri); // var serializer = new DataContractJsonSerializer(typeof(RecaptchaApiResponse)); // var ms = new MemoryStream(Encoding.Unicode.GetBytes(json)); // var result = serializer.ReadObject(ms) as RecaptchaApiResponse; // //--- Check if we are able to call api or not. // if (result == null) // { // lblMessage.Text = "Captcha was unable to make the api call"; // } // else // If Yes // { // //api call contains errors // if (result.ErrorCodes != null) // { // if (result.ErrorCodes.Count > 0) // { // foreach (var error in result.ErrorCodes) // { // lblMessage.Text = "reCAPTCHA Error: " + error; // } // } // } // else //api does not contain errors // { // if (!result.Success) //captcha was unsuccessful for some reason // { // lblMessage.Text = "Captcha did not pass, please try again."; // } // else //---- If successfully verified. Do your rest of logic. // { // lblMessage.Text = "Captcha cleared "; // } // } // } //} Session["CardHolderId"] = ""; lblMessage.Text = ""; DivMessage.Attributes.CssStyle.Add("display", "none"); //viewUserLoginError.Text = ""; bool ChkActiveUser = false; bool UserStatus = false; DateTime InvalidLoginDate; DateTime TodayDate; TimeSpan Diffrence; int DurationforActive = 24; CardHolderManager am = new CardHolderManager(); CardManager cardManager = new CardManager(); string PublicIP = Request.UserHostAddress; if (!cardManager.CheckOracleConnection()) { LblErrorMessage.Text = Constants.DbConnectionNotAvailable; DivERROR.Attributes.CssStyle.Add("display", "block"); return; } //commented by abhijeet on 23/01/2019 //CardHolder_MstDTO user = am.FindUser(txtCheckUsername.Text.Trim(), PublicIP); CardHolder_MstDTO user = am.FindActiveUser(txtCheckUsername.Text.Trim()); if (user != null) { UserStatus = cardManager.AuthenticateUserStatus(user.creditcard_acc_number.Decrypt()); if (UserStatus == true) { InvalidLoginDate = Convert.ToDateTime(user.InvalidLastLoginDt); TodayDate = System.DateTime.Now; Diffrence = TodayDate - InvalidLoginDate; int pendingtime = 24 - Convert.ToInt32(Diffrence.TotalHours); string[] parts = Convert.ToString(pendingtime).Split('.'); DurationforActive = int.Parse(parts[0]); if (Diffrence.TotalHours >= 24) { ChkActiveUser = am.SetCardHolderActive(user.CardHolder_Id); } if (ChkActiveUser == true) { if (user.IsPermanentDisable == true) { ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true); ClearControls(); } else { //mvCheckUser.ActiveViewIndex = 1; //lblPersonalMessage.Text = user.Personal_Msg; //txtUsername.Text = user.User_nm; Session["CardHolderId"] = user.CardHolder_Id; txtCheckUsername.Text = ""; txtCaptchaFirst.Text = ""; Response.Redirect("~/LoginNext.aspx"); //Redirect to next login here } } else { if (user.IsPermanentDisable == true && user.IsActive == false) { ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true); ClearControls(); } else if (user.IsPermanentDisable == true) { ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true); ClearControls(); } else if (user.IsActive == false) { if (DurationforActive == 0) { ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAccountAfter + "sometime');", true); } else { ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAccountAfter + DurationforActive + "hrs');", true); } ClearControls(); } else { //mvCheckUser.ActiveViewIndex = 1; //lblPersonalMessage.Text = user.Personal_Msg; //txtUsername.Text = user.User_nm; //Session["CardHolderId"] = user.CardHolder_Id; //txtUsername.Attributes.Add("readonly", "readonly"); Session["CardHolderId"] = user.CardHolder_Id; txtCheckUsername.Text = ""; txtCaptchaFirst.Text = ""; Response.Redirect("~/LoginNext.aspx"); //Page.ClientScript.RegisterStartupScript(this.GetType(), "VKeyboard", "init()", true); } } // CreateRequest(); } else { lblMessage.Text = Constants.AccNotInNormalState; DivMessage.Attributes.CssStyle.Add("display", "block"); } } else { lblMessage.Text = Constants.UnameNtExist; DivMessage.Attributes.CssStyle.Add("display", "block"); } } }
/// <summary> /// Handles the Click event of the btnSubmit control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> /// <remarks></remarks> protected void btnSubmit_Click(object sender, EventArgs e) { hdnErrormsgFromLoginNext.Value = ""; //Page.ClientScript.RegisterStartupScript(this.GetType(), "VKeyboard", "init();", true); Session["AccountNumber"] = null; _cardHolderId = Convert.ToInt32(Session["CardHolderId"]); bool UserStatus = false; if (hdnTabIndex.Value == "0" && (txtUsername.Text == "" || txtPassword.Text == "")) { LblErrorMessage.Text = Constants.InvalidUnamePwd; DivERROR.Attributes.CssStyle.Add("display", "block"); return; } if (hdnTabIndex.Value == "1" && (txtUsername.Text == "" || txtOTP.Text == "")) { LblErrorMessage.Text = Constants.InvalidUnamePwd; DivERROR.Attributes.CssStyle.Add("display", "block"); return; } var am = new CardHolderManager(); var cmn = new CardManager(); var chlm = new CardHolderLoginInfoManager(); var chdto = new List <CardHolderLogin_InfoDTO>(); string Paswd = txtPassword.Text.Trim(); txtPassword.Text = string.Empty; string publicIp = Request.UserHostAddress; var cardHolder = am.AuthenticateUser(txtUsername.Text.Trim(), publicIp); if (hdnTabIndex.Value == "0" && String.CompareOrdinal(Paswd, cardHolder.User_pwd) != 0) { if (_cardHolderId == 0) { Response.Redirect("ErrorPage/CodeError.aspx"); } int tries = 1; chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId); if (chdto.Count > 0) { if (chdto[0].Login_Attempt_FirstDt <= System.DateTime.Today.AddDays(-1) && chdto[0].Login_Attempts < 3) { chlm.DeleteCardHolderLoginInfo(_cardHolderId); } else if (chdto.Count == 2) { if (chdto[1].Login_Attempt_SecondDt <= System.DateTime.Today.AddDays(-1) && chdto[1].Login_Attempts < 3) { chlm.DeleteCardHolderLoginInfo(_cardHolderId); } } else if (chdto.Count == 3) { if (chdto[2].Login_Attempt_ThirdDt <= System.DateTime.Today.AddDays(-1) && chdto[2].Login_Attempts < 3) { chlm.DeleteCardHolderLoginInfo(_cardHolderId); } } } chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId); if (chdto.Count > 0) { if (chdto[0].Login_Attempt_FirstDt == System.DateTime.Today && chdto[0].Login_Attempts < 3) { tries = Convert.ToInt32(chdto[0].Login_Attempts) + 1; } if (chdto[0].Login_Attempt_FirstDt != null && chdto[0].Login_Attempts == 3) { if (chdto.Count > 1) { if (chdto[1].Login_Attempt_SecondDt == System.DateTime.Today && chdto[1].Login_Attempts < 3) { tries = Convert.ToInt32(chdto[1].Login_Attempts) + 1; } if (chdto[1].Login_Attempt_SecondDt != null && chdto[1].Login_Attempts == 3) { if (chdto.Count > 2) { if (chdto[2].Login_Attempt_ThirdDt == System.DateTime.Today && chdto[2].Login_Attempts < 3) { tries = Convert.ToInt32(chdto[2].Login_Attempts) + 1; } if (chdto[2].Login_Attempt_ThirdDt != null && chdto[2].Login_Attempts == 3) { //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true); // viewCheckUsernameError.Text = Constants.BlockedAccount; ClearControls(EnumBlockedAccount); } else { chlm.UpdateCardHolderLoginInfoThird(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, Login_Attempt_ThirdDt = System.DateTime.Today }); if (tries == 2) { lblMessage.Text = Constants.Leftwithonly1Attempt; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.SetCardHolderParmenentDisable(_cardHolderId); // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.ContinuesBlockedAccount + "');", true); //viewCheckUsernameError.Text = Constants.ContinuesBlockedAccount; ClearControls(EnumContinuesBlockedAccount); } } } else { if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_ThirdDt = System.DateTime.Today }); lblMessage.Text = Constants.ThirdDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } } } else { if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_ThirdDt = System.DateTime.Today }); lblMessage.Text = Constants.ThirdDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.UpdateCardHolderLoginInfoSecond(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, Login_Attempt_SecondDt = System.DateTime.Today }); if (tries == 2) { lblMessage.Text = Constants.SecndDayLeftwith1Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.SetCardHolderInActive(_cardHolderId); // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true); // viewCheckUsernameError.Text = Constants.InactiveAttempts; ClearControls(EnumInactiveAttempts); } } } } else { if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_SecondDt = System.DateTime.Today }); lblMessage.Text = Constants.SecndDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } } } else { if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today) { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_SecondDt = System.DateTime.Today }); lblMessage.Text = Constants.SecndDayLeftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.UpdateCardHolderLoginInfofirst(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, Login_Attempt_FirstDt = System.DateTime.Today }); if (tries == 2) { lblMessage.Text = Constants.Leftwith1Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } else { chlm.SetCardHolderInActive(_cardHolderId); //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true); //viewCheckUsernameError.Text = Constants.InactiveAttempts; ClearControls(EnumInactiveAttempts); } } } } else { chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO() { CardHolder_Id = _cardHolderId, Login_Attempts = tries, IP_Address = Request.UserHostAddress, Login_Attempt_FirstDt = System.DateTime.Today }); lblMessage.Text = Constants.Leftwith2Attempts; DivMessage.Attributes.CssStyle.Add("display", "block"); } } else if (hdnTabIndex.Value == "1" && String.CompareOrdinal(txtOTP.Text, hdnOTP.Value.ToString()) != 0) { lblMessage.Text = Constants.IncorrectOTP; DivMessage.Attributes.CssStyle.Add("display", "block"); divIncorrectOTP.Attributes.CssStyle.Add("display", "flex"); divOTPSent.Attributes.CssStyle.Add("display", "block"); divremaining.Attributes.CssStyle.Add("display", "block"); hideResultMobile.Text = strMobile; txtOTP.Focus(); StartOTPTimer(); return; } else { UserStatus = cmn.AuthenticateUserStatus(cardHolder.creditcard_acc_number.Decrypt()); if (UserStatus) { string blocked = Constants.BlockedAccount; Session["AccountNumber"] = cardHolder.creditcard_acc_number.Decrypt(); if (cardHolder.IsPermanentDisable == true && cardHolder.IsActive == false) { //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "return Blokalert('" + blocked + "');",true); //hdnErrormsgFromLoginNext.Value = Constants.BlockedAccount; ClearControls(EnumBlockedAccount); } else if (cardHolder.IsPermanentDisable == true) { // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true); //viewCheckUsernameError.Text = Constants.BlockedAccount; ClearControls(EnumBlockedAccount); } else if (cardHolder.IsActive == false) { // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAccount + "');", true); //viewCheckUsernameError.Text = Constants.InactiveAccount; ClearControls(EnumInactiveAccount); } else { Session["CardHolderId"] = cardHolder.CardHolder_Id; chlm.DeleteCardHolderLoginInfo(_cardHolderId); #region Create Session of IP and AntiFix for Privilege escalation (Horizontal) // Random Token antifix Random random = new Random(); string rndstr = random.Next(100000).ToString(); rndstr = Functions.GenerateHash(rndstr); Session["STTLII"] = rndstr; Response.Cookies["STTLII"].Value = rndstr; Response.Cookies["STTLII"].HttpOnly = true; //IP Of User Session["STTLI"] = Functions.GenerateHash(Functions.GetIP()); Response.Cookies["STTLI"].Value = Functions.GenerateHash(Functions.GetIP()); Response.Cookies["STTLI"].HttpOnly = true; #endregion //Step 3 Submit CardHolder Master Data CardHolderManager chm = new CardHolderManager(); CardHolder_MstDTO user = new CardHolder_MstDTO(); user.CardHolder_Id = _cardHolderId; //chm.UpdateCardHolderLastLoginDetails(user); chm.UpdateCardHolderDetailByID(user); SetCookieAndRedirectToProfilePage(Encoder.HtmlEncode(txtUsername.Text.Trim()), cardHolder.CardHolder_Id.ToString()); } } else { // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.AccNotInNormalState + "');", true); // viewCheckUsernameError.Text = Constants.AccNotInNormalState; ClearControls(EnumAccNotInNormalState); } } }