protected void Login(object sender, EventArgs e)
{
System.Threading.Thread.Sleep(3000);
UserModule userModule = new UserModule();
string userid = input_userid.Text;
string password = input_password.Text;
try
{
UserAccount authenticatedUser = userModule.login(userid, password);
SessionIDManager sessionIdManager = new SessionIDManager();
string newId = sessionIdManager.CreateSessionID(Context);
string oldUserId = "";
string oldUsername = "";
string oldUserRole = "";
if(Session["userid"] != null) oldUserId = Session["userid"].ToString();
if(Session["username"] != null) oldUsername = Session["username"].ToString();
if(Session["userRole"] != null) oldUserRole = Session["userRole"].ToString();
Session["userid"] = userid;
Session["username"] = authenticatedUser.USERNAME;
Session["userRole"] = authenticatedUser.ROLE;
//Session["Sessionid"] = Session.SessionID; //Unnecessary
if (Session["previous_url"] != null &&
userid.Equals(oldUserId)) //impt! potential security vulnerability
{
string previous_url = Session["previous_url"].ToString();
Session["previous_url"] = ""; //Clear session variable just in case
Response.Redirect(previous_url);
}
string redirectURL = UserRoleDispatcher.getPageByUserRole(authenticatedUser.ROLE);
if (redirectURL.Length <= 0)
{
throw new Exception("No role configured for " + authenticatedUser.ROLE + " yet, please contact administrator.");
}
Response.Redirect(redirectURL);
}
catch (LoginException lex)
{
login_message.Controls.Add(new LiteralControl(
"<div class='alert alert-danger col-sm-10 col-sm-offset-1'>"
+ lex.Message
+ "</div>"));
}
catch (Exception ex)
{
login_message.Controls.Add(new LiteralControl(
"<div class='alert alert-danger col-sm-10 col-sm-offset-1'>"
+ ex.Message
+ "</div>"));
}
}
public void login(string userid, string password)
{
UserModule userModule = new UserModule();
userModule.login(userid, password);
}
