Beispiel #1
0
        private bool IsValidCredential(UserInfo uinfo)
        {
            bool IsValid = false;

            if (uinfo.Password == hdnPassword.Value)
            {
                string clientMD5 = txtPassword.Text.Trim();

                string serverMD5 = MD5HASH.GetMD5HashCode(uinfo.UserName + "#" + uinfo.Password + "#" + Session["CaptchaImageText"].ToString().ToLower());
                if (!string.IsNullOrEmpty(serverMD5))
                {
                    IsValid = serverMD5.Equals(clientMD5);
                    IsValid = true;
                }
                else
                {
                    RemovedLoggedUser();
                    lblMessageDisplay.Text = "Invalid User name and password! Please Try Again";
                }
            }
            if (IsValid == true)
            {
                return(true);
            }
            else
            {
                return(false);
            }
        }
Beispiel #2
0
        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            try
            {
                lblMessageDisplay.Text = "";
                string captchaString = Session["CaptchaImageText"].ToString();
                if (!string.IsNullOrEmpty(txtUserName.Text) && !string.IsNullOrEmpty(txtEmail.Text))
                {
                    lblMessageDisplay.Text = "Please enter either Username or Email at a time.";
                    //Please enter Valid Username or Email Address...!";
                    return;
                }
                if (!string.IsNullOrEmpty(txtEmail.Text))
                {
                    //lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!";
                    txtEmail.Attributes.Add("email", "1");
                    // return;
                }
                DataSet ds = new DataSet();
                if (txtUserName.Text.Trim() == "" && txtEmail.Text.Trim() == "")
                {
                    lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!";
                }
                else if (!captchaString.Equals(txtCaptcha.Text))
                {
                    txtCaptcha.Text        = "";
                    lblMessageDisplay.Text = "Code entered does not match, please try again !";
                    return;
                }
                else if (txtUserName.Text.Trim() != "")
                {
                    // If user has entered username while making a request of new password. (Zahir)
                    ds = AuthoProvider.IsUserExists(txtUserName.Text);
                }
                else
                {
                    // If user has entered Email while making a request of new password. (Zahir)
                    ds = AuthoProvider.IsUserExists(txtEmail.Text.Trim());
                }

                if (ds.IsValid())
                {
                    DataRow     dr      = ds.Tables[0].Rows[0];
                    CommonClass cRandom = new CommonClass();

                    string pwd = cRandom.RandomPassword(8);                                // Generating the new random password. (Zahir)

                    bool ifSuccess = cRandom.SendMail(pwd, Convert.ToString(dr["Email"])); // Sending new password to user on its registered email address. (Zahir)

                    if (ifSuccess)
                    {
                        // after email is sent successfull the new generated password is encrypted and stored in the database. (Zahir)
                        pwd = MD5HASH.GetMD5HashCode(pwd);
                        AuthoProvider.UpdateTemporaryPassword(Convert.ToString(dr["UserName"]), pwd, "F");
                        lblMessageDisplay.Text      = "Your new Temporary Password is being sent to your Email, Please Check your Email...!";
                        Session["CaptchaImageText"] = null;
                        UserBAL.Instance.InsertAuditTrailDetail("Temporary Password has sent to registered Email", "Forgot Password");
                    }
                    else
                    {
                        lblMessageDisplay.Text = "Error Occured while sending Email...!";
                    }
                }
                else
                {
                    lblMessageDisplay.Text = "Please enter Valid Username or Email Address...!";
                }
            }
            catch (Exception ex)
            {
                LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType());
                Response.RedirectPermanent("~/ErrorPage.aspx", false);
            }
        }
Beispiel #3
0
        protected void btnLogin_Click(object sender, EventArgs e)
        {
            Application["LoggedInUsers"] = null;
            try
            {
                if (!IsLogedIn(txtUserName.Text.Trim()))
                {
                    return;
                }
                MD5HASH.Encryptdata(txtPassword.Text);

                if (Session["CaptchaImageText"] != null)
                {
                    string   captchaString  = Session["CaptchaImageText"].ToString();
                    string   hiddenPassword = hdnPassword.Value;
                    string   mixedPassword  = AESEncrytDecry.DecryptStringAES(hiddenPassword);
                    string[] mixedValue     = mixedPassword.Split('#');

                    string codeNumber = mixedValue[1];
                    hdnPassword.Value = mixedValue[0];
                    if (!captchaString.Equals(codeNumber))
                    {
                        RemovedLoggedUser();
                        txtCaptcha.Text        = "";
                        lblMessageDisplay.Text = "Code entered does not match, please try again !";
                        return;
                    }
                    else
                    {
                        DataSet ds = AuthoProvider.IsUserLocked(txtUserName.Text); // We are checking whether User is Locked from login or Not. (Zahir)
                        if (ds.IsValid())                                          // If any unsuccessfull login entry is found then dataset will contain rows for that particular user. (Zahir)
                        {
                            DataRow dr           = ds.Tables[0].Rows[0];
                            int     idLocked     = Convert.ToInt16(dr[DataBaseFields.IsLocked]);
                            double  totalSeconds = 0;
                            double  seconds      = 900;
                            if (idLocked > 0) // If IdLocked is 1 then User is not allowed to Login. (Zahir)
                            {
                                totalSeconds = (DateTime.Now - Convert.ToDateTime(dr[DataBaseFields.lock_time])).TotalSeconds;
                                if (totalSeconds <= seconds)
                                {
                                    RemovedLoggedUser();
                                    lblMessageDisplay.Text = "Your Id is being Locked, Please try after " + Math.Round((seconds - totalSeconds) / 60) + " Mins...!";
                                    return;
                                }
                                else
                                {
                                    // If the lock Time is passed then the entries is deleted for that particular user. (Zahir)

                                    int n = AuthoProvider.DeleteLoginErrorInfo(txtUserName.Text);

                                    checkAuthentication(); // call the function for redirecting user after checking username and password. (Zahir)
                                }
                            }
                            else
                            {
                                checkAuthentication();
                            }
                        }
                        else
                        {
                            checkAuthentication();
                        }
                    }
                }
                else
                {
                    lblMessageDisplay.Text = "Session has been expired Please refresh page";
                    RemovedLoggedUser();
                }
            }
            catch (Exception ex)
            {
                RemovedLoggedUser();
                LogHandler.LogFatal((ex.InnerException != null ? ex.InnerException.Message : ex.Message), ex, this.GetType());
                Response.RedirectPermanent("~/ErrorPage.aspx", false);
            }
        }