Beispiel #1
0
        private void butOK_Click(object sender, EventArgs e)
        {
            bool   isEcw    = Programs.UsingEcwTightOrFullMode();
            string userName = "";

            if (PrefC.GetBool(PrefName.UserNameManualEntry))
            {
                //Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
                userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower());
            }
            else
            {
                userName = listUser.SelectedItem?.ToString();
            }
            if (string.IsNullOrEmpty(userName))
            {
                MsgBox.Show(this, "Login failed");
                return;
            }
            string passwordTyped = textPassword.Text;

            if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped))
            {
                MsgBox.Show(this, "When using the web service, not allowed to log in with no password.  A password should be added for this user.");
                return;
            }
            Userod userCur = null;

            if (isEcw)             //ecw requires hash, but non-ecw requires actual password
            {
                passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true);
            }
            if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ)
            {
                // No need to check password when changing task users at HQ to user "Stay Open".
                userCur = Userods.GetUserByNameNoCache(userName);
            }
            else              //Not HQ (most common scenario)
                              //Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn.
                              //That event would cause a second login window to pop with strange behavior.
                              //Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary.
            {
                if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
                {
                    userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false);
                    if (userCur == null)
                    {
                        MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts.");
                        return;
                    }
                }
                else                  //Directly connected to the database.  This code will give a more accurate error message to the user when failing to log in.
                {
                    try {
                        userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw);
                    }
                    catch (Exception ex) {
                        MessageBox.Show(ex.Message);
                        return;
                    }
                }
            }
            //successful login.
            if (_isSimpleSwitch)
            {
                CurUserSimpleSwitch = userCur;
            }
            else                            //Not a temporary login.
            {
                Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls.
                if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
                {
                    if (Userods.IsPasswordStrong(passwordTyped) != "")                   //Password is not strong
                    {
                        MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
                        if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache))
                        {
                            return;                            //Failed password update.
                        }
                        _refreshSecurityCache = true;          //Indicate to calling method that they should manually refresh the Security cache.
                    }
                }
                Security.IsUserLoggedIn = true;
                //Jason approved always storing the cleartext password that the user typed in
                //since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
                Security.PasswordTyped = passwordTyped;
                SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on."));
                UserOdPrefs.SetThemeForUserIfNeeded();
            }
            Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
            DialogResult = DialogResult.OK;
        }
Beispiel #2
0
        private void butOK_Click(object sender, System.EventArgs e)
        {
            bool   usingEcw     = Programs.UsingEcwTightOrFullMode();
            Userod selectedUser = null;

            if (PrefC.GetBool(PrefName.UserNameManualEntry))
            {
                for (int i = 0; i < listUser.Items.Count; i++)
                {
                    //Check the user name typed in using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
                    if (textUser.Text.Trim().ToLower() == listUser.Items[i].ToString().Trim().ToLower())
                    {
                        selectedUser = (Userod)listUser.Items[i];                      //Found the typed username
                        break;
                    }
                }
                if (selectedUser == null)
                {
                    MsgBox.Show(this, "Login failed");
                    return;
                }
            }
            else
            {
                selectedUser = (Userod)listUser.SelectedItem;
            }
            string password = textPassword.Text;

            if (usingEcw)             //ecw requires hash, but non-ecw requires actual password
            {
                password = Userods.HashPassword(password, true);
            }
            if (selectedUser.UserName == "Stay Open" && IsSimpleSwitch && PrefC.IsODHQ)
            {
                // No need to check password when changing task users at HQ to user "Stay Open".
            }
            else
            {
                try {
                    Userods.CheckUserAndPassword(selectedUser.UserName, password, usingEcw);
                }
                catch (Exception ex) {
                    MessageBox.Show(ex.Message);
                    return;
                }
            }
            if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && selectedUser.Password == "" && textPassword.Text == "")
            {
                MsgBox.Show(this, "When using the web service, not allowed to log in with no password.  A password should be added for this user.");
                return;
            }
            //successful login.
            if (!IsSimpleSwitch)
            {
                Security.CurUser        = selectedUser.Copy();
                Security.IsUserLoggedIn = true;
                //Jason approved always storing the cleartext password that the user typed in
                //since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
                Security.PasswordTyped = password;
                if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
                {
                    if (Userods.IsPasswordStrong(textPassword.Text) != "")                   //Password is not strong
                    {
                        MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
                        FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1.
                        if (!FormOD.ChangePassword(true))                                                    //Failed password update.
                        {
                            return;
                        }
                    }
                }
            }
            else
            {
                CurUserSimpleSwitch = selectedUser.Copy();
            }
            if (!IsSimpleSwitch)
            {
                SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on.");
            }
            Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
            DialogResult = DialogResult.OK;
        }
Beispiel #3
0
        private void butLogin_Click(object sender, EventArgs e)
        {
            Userod userEntered;
            string password;

            try {
                bool useEcwAlgorithm = Programs.UsingEcwTightOrFullMode();
                //ecw requires hash, but non-ecw requires actual password
                password = textPassword.Text;
                if (useEcwAlgorithm)
                {
                    //Userods.HashPassword explicitly goes over to middle tier in order to use it's MD5 algorithm.
                    //It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time.
                    //It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString.
                    if (Security.CurUser == null)
                    {
                        Security.CurUser = new Userod();
                    }
                    password = Userods.HashPassword(password, true);
                }
                string username = textUser.Text;
                                #if DEBUG
                if (username == "")
                {
                    username = "******";
                    password = "******";
                }
                                #endif
                userEntered = Userods.CheckUserAndPassword(username, password, useEcwAlgorithm);
            }
            catch (Exception ex) {
                MessageBox.Show(ex.Message);
                return;
            }
            //successful login.
            Security.CurUser              = userEntered;
            Security.PasswordTyped        = password;
            Security.IsUserLoggedIn       = true;
            RemotingClient.HasLoginFailed = false;
            if (RemotingClient.RemotingRole == RemotingRole.ClientWeb &&
                string.IsNullOrEmpty(userEntered.Password) &&
                string.IsNullOrEmpty(textPassword.Text))
            {
                MsgBox.Show(this, "When using the web service, not allowed to log in with no password.  A password should be added for this user.");
                FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1.
                if (!FormOD.ChangePassword(true))                                                    //Failed password update.
                {
                    return;
                }
            }
            if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) &&
                PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong) &&
                Userods.IsPasswordStrong(textPassword.Text) != "")                  //Password is not strong
            {
                MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
                FormOpenDental FormOD = Application.OpenForms.OfType <FormOpenDental>().ToList()[0]; //There always should be exactly 1.
                if (!FormOD.ChangePassword(true))                                                    //Failed password update.
                {
                    return;
                }
            }
            SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on.");
            DialogResult = DialogResult.OK;
        }