Beispiel #1
0
        private void butOK_Click(object sender, EventArgs e)
        {
            bool   isEcw    = Programs.UsingEcwTightOrFullMode();
            string userName = "";

            if (PrefC.GetBool(PrefName.UserNameManualEntry))
            {
                //Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
                userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower());
            }
            else
            {
                userName = listUser.SelectedItem?.ToString();
            }
            if (string.IsNullOrEmpty(userName))
            {
                MsgBox.Show(this, "Login failed");
                return;
            }
            string passwordTyped = textPassword.Text;

            if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped))
            {
                MsgBox.Show(this, "When using the web service, not allowed to log in with no password.  A password should be added for this user.");
                return;
            }
            Userod userCur = null;

            if (isEcw)             //ecw requires hash, but non-ecw requires actual password
            {
                passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true);
            }
            if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ)
            {
                // No need to check password when changing task users at HQ to user "Stay Open".
                userCur = Userods.GetUserByNameNoCache(userName);
            }
            else              //Not HQ (most common scenario)
                              //Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn.
                              //That event would cause a second login window to pop with strange behavior.
                              //Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary.
            {
                if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
                {
                    userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false);
                    if (userCur == null)
                    {
                        MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts.");
                        return;
                    }
                }
                else                  //Directly connected to the database.  This code will give a more accurate error message to the user when failing to log in.
                {
                    try {
                        userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw);
                    }
                    catch (Exception ex) {
                        MessageBox.Show(ex.Message);
                        return;
                    }
                }
            }
            //successful login.
            if (_isSimpleSwitch)
            {
                CurUserSimpleSwitch = userCur;
            }
            else                            //Not a temporary login.
            {
                Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls.
                if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
                {
                    if (Userods.IsPasswordStrong(passwordTyped) != "")                   //Password is not strong
                    {
                        MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
                        if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache))
                        {
                            return;                            //Failed password update.
                        }
                        _refreshSecurityCache = true;          //Indicate to calling method that they should manually refresh the Security cache.
                    }
                }
                Security.IsUserLoggedIn = true;
                //Jason approved always storing the cleartext password that the user typed in
                //since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
                Security.PasswordTyped = passwordTyped;
                SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on."));
                UserOdPrefs.SetThemeForUserIfNeeded();
            }
            Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
            DialogResult = DialogResult.OK;
        }