Beispiel #1
0
        static public int UserLogin(string login, string password)
        {
            // TODO: for testing stage only
            if (login.IndexOf("@") >= 0)
            {
                login = login.Substring(0, login.IndexOf("@"));
            }

/*			int userId = DBUser.UserLogin(login, password);
 *                      switch(userId)
 *                      {
 *                              case -1:
 *                                      throw new InvalidAccountException();
 *                              case -2:
 *                                      throw new InvalidPasswordException();
 *                              case -3:
 *                                      throw new NotActiveAccountException();
 *                              case -4:
 *                                      throw new ExternalOrPendingAccountException();
 *                      }
 */

            // O.R. [2008-12-09]
            //-----------------------------------------------------
            int    userId        = -1;
            string salt          = string.Empty;
            string hash          = string.Empty;
            bool   isExternal    = true;
            bool   isPending     = true;
            byte   activity      = 1;
            int    originalId    = -1;
            bool   emptyPassword = false;

            using (IDataReader reader = DBUser.GetUserInfoByLogin(login))
            {
                /// UserId, Login, FirstName, LastName, Email, Activity, IMGroupId, OriginalId, IsExternal,
                /// IsPending, salt, hash
                if (reader.Read())
                {
                    userId     = (int)reader["UserId"];
                    salt       = (string)reader["salt"];
                    hash       = (string)reader["hash"];
                    isExternal = (bool)reader["IsExternal"];
                    isPending  = (bool)reader["IsPending"];
                    activity   = (byte)reader["Activity"];
                    if (reader["OriginalId"] != DBNull.Value)
                    {
                        originalId = (int)reader["OriginalId"];
                    }
                    if ((string)reader["password"] == string.Empty)
                    {
                        emptyPassword = true;
                    }
                }
            }

            // Audit
            if (userId == -1 || userId == -2)
            {
                if (PortalConfig.AuditWebLogin)
                {
                    HttpRequest request  = HttpContext.Current.Request;
                    string      referrer = "";
                    if (request.UrlReferrer != null)
                    {
                        referrer = String.Concat(request.UrlReferrer.Host, request.UrlReferrer.PathAndQuery);
                    }
                    string message = String.Format(CultureInfo.InvariantCulture,
                                                   "Failed IBN portal login.\r\n\r\nLogin: {0}\r\nIP: {1}\r\nReferrer: {2}",
                                                   login,
                                                   request.UserHostAddress,
                                                   referrer);
                    Log.WriteEntry(message, System.Diagnostics.EventLogEntryType.FailureAudit);
                }
            }
            //

            if (userId <= 0)
            {
                throw new InvalidAccountException();
            }
            else if (activity != 3)
            {
                throw new NotActiveAccountException();
            }
            else if (isExternal || isPending)
            {
                throw new ExternalOrPendingAccountException();
            }
            else if (!PasswordUtil.Check(password, salt, hash))
            {
                throw new InvalidPasswordException();
            }

            // reset password if necessary
            if (!emptyPassword)
            {
                using (DbTransaction tran = DbTransaction.Begin())
                {
                    DBUser.ResetPassword(userId);
                    if (originalId > 0)
                    {
                        DBUser.ResetPasswordInMain(originalId);
                    }

                    tran.Commit();
                }
            }
            //-----------------------------------------------------

            return(userId);
        }