Ejemplo n.º 1
0
        }//end event

        protected void btnCreate_Click(object sender, EventArgs e)
        {
            if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
            {
                HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
                FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
                Session sessionObject = new Session();
                FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, DateTime.Now, DateTime.Now.AddMinutes(sessionObject.getSessionTimeLimit()), ticket.IsPersistent, ticket.UserData);
                string encryptedTicket = FormsAuthentication.Encrypt(newTicket);
                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                cookie.Expires = newTicket.Expiration;
                Response.Cookies.Add(cookie);

            }//end if

            CreatePassword passwordObject = new CreatePassword();

            string password = passwordObject.Create_Password(8);

            string firstName = txtFirstName.Text;
            string lastName = txtLastName.Text;
            string username = txtUsername.Text;
            string role = ddlRole.SelectedValue;
            string verified = "N";
            string counselor = ddlCounselor.SelectedValue;
            DateTime dateCreated = DateTime.Today;
            int numberOfLogins = 0;
            string securityQuestion = ddlSecurityQuestion.SelectedValue;
            string securityAnswer = txtSecurityAnswer.Text;

            txtFirstName.Text = string.Empty;
            txtLastName.Text = string.Empty;
            txtUsername.Text = string.Empty;
            ddlSecurityQuestion.SelectedValue = string.Empty;
            txtSecurityAnswer.Text = string.Empty;
            txtConfirm.Text = string.Empty;

            if (role == "Counselor")
            {
                role = "Admin";

            }//end if

            string errorMessage;

            Select selectObject = new Select();

            string counselorName;

            counselorName = Select.Select_Counselor_Name(counselor);

            errorMessage = selectObject.getErrorMessage();

            if (errorMessage != null)
            {
                lblError.Text = errorMessage;
                lblError.Visible = true;

                ErrorMessage message = new ErrorMessage();

                MsgBox(message.SQLServerErrorMessage);

            }//end if

            else
            {
                Validate validationObject = new Validate();

                username = validationObject.Truncate(username, 100);
                firstName = validationObject.Truncate(firstName, 100);
                lastName = validationObject.Truncate(lastName, 100);
                password = validationObject.Truncate(password, 100);
                role = validationObject.Truncate(role, 100);
                verified = validationObject.Truncate(verified, 900);
                counselor = validationObject.Truncate(counselor, 900);
                counselorName = validationObject.Truncate(counselorName, 100);
                securityQuestion = validationObject.Truncate(securityQuestion, 100);
                securityAnswer = validationObject.Truncate(securityAnswer, 100);

                Aes encryptionObject = Aes.Create();

                byte[] AesKey = encryptionObject.Key;

                byte[] AesIV = encryptionObject.IV;

                string AesKeyString = Convert.ToBase64String(AesKey);

                string AesIVString = Convert.ToBase64String(AesIV);

                byte[] MasterKey = Encryption.GetMasterKey();

                byte[] MasterIV = Encryption.GetMasterIV();

                byte[] encryptedFirstName = Encryption.Encrypt_AES(firstName, AesKey, AesIV);

                string encryptedFirstNameString = Convert.ToBase64String(encryptedFirstName);

                byte[] encryptedLastName = Encryption.Encrypt_AES(lastName, AesKey, AesIV);

                string encryptedLastNameString = Convert.ToBase64String(encryptedLastName);

                byte[] encryptedRole = Encryption.Encrypt_AES(role, AesKey, AesIV);

                string encryptedRoleString = Convert.ToBase64String(encryptedRole);

                byte[] encryptedPassword = Encryption.Encrypt_AES(password, AesKey, AesIV);

                string encryptedPasswordString = Convert.ToBase64String(encryptedPassword);

                byte[] encryptedSecurityQuestion = Encryption.Encrypt_AES(securityQuestion, AesKey, AesIV);

                string encryptedSecurityQuestionString = Convert.ToBase64String(encryptedSecurityQuestion);

                byte[] encryptedSecurityAnswer = Encryption.Encrypt_AES(securityAnswer, AesKey, AesIV);

                string encryptedSecurityAnswerString = Convert.ToBase64String(encryptedSecurityAnswer);

                byte[] encryptedAesKey = Encryption.Encrypt_AES(AesKeyString, MasterKey, MasterIV);

                byte[] encryptedAesIV = Encryption.Encrypt_AES(AesIVString, MasterKey, MasterIV);

                string encryptedAesKeyString = Convert.ToBase64String(encryptedAesKey);

                string encryptedAesIVString = Convert.ToBase64String(encryptedAesIV);

                byte[] encryptedCounselorName = Encryption.Encrypt_AES(counselorName, AesKey, AesIV);

                string encryptedCounselorNameString = Convert.ToBase64String(encryptedCounselorName);

                bool recordExists;

                string errorMessage2;

                Select selectObject2 = new Select();

                recordExists = Select.User_Exists(username);

                errorMessage2 = selectObject2.getErrorMessage();

                if (errorMessage2 != null)
                {
                    lblError.Text = errorMessage2;
                    lblError.Visible = true;

                    ErrorMessage message = new ErrorMessage();

                    MsgBox(message.SQLServerErrorMessage);

                }//end if

                if (recordExists == true)
                {
                    MsgBox("Invalid username. An account for this username already exists. Please try again.");

                }//end if

                else if (recordExists == false)
                {
                    string errorMessage3;

                    errorMessage3 = Insert.Insert_BESTPATH_USER(encryptedFirstNameString, encryptedLastNameString, username, encryptedPasswordString, encryptedRoleString, verified, counselor, encryptedCounselorNameString, dateCreated, numberOfLogins, encryptedSecurityQuestionString, encryptedSecurityAnswerString, encryptedAesKeyString, encryptedAesIVString);

                    if (errorMessage3 != null)
                    {
                        lblError.Text = errorMessage3;
                        lblError.Visible = true;

                        ErrorMessage message = new ErrorMessage();

                        MsgBox(message.SQLServerErrorMessage);

                    }//end if

                    else
                    {
                        string errorMessage4;

                        errorMessage4 = Insert.Insert_BESTPATH_STATUS(username);

                        if (errorMessage4 != null)
                        {
                            lblError.Text = errorMessage4;
                            lblError.Visible = true;

                            ErrorMessage message = new ErrorMessage();

                            MsgBox(message.SQLServerErrorMessage);

                        }//end if

                        else
                        {
                            string urlBase = Request.Url.GetLeftPart(UriPartial.Authority) + Request.ApplicationPath;
                            string registrationUrl = "/PL/Membership/Registration.aspx";
                            string fullPath = urlBase + registrationUrl;
                            string AppPath = Request.PhysicalApplicationPath;
                            StreamReader sr = new StreamReader(AppPath + "SA/Email_Templates/Welcome.txt");

                            Email emailObject = new Email();

                            string errorMessage5;

                            errorMessage5 = Email.Email_Welcome(counselor, firstName, username, password, fullPath, sr);

                            if (errorMessage5 != null)
                            {
                                lblError.Text = errorMessage5;
                                lblError.Visible = true;

                                ErrorMessage message = new ErrorMessage();

                                MsgBox(message.EmailErrorMessage);

                            }//end if

                            else
                            {
                                MsgBox("Account created successfully. An email has just been sent to the client who will need to check their email for his/her login credentials and further instructions, in order to login to the website.");

                            }//end else

                        }//end else

                    }//end else

                }//end else if

            }//end else

        }//end event
Ejemplo n.º 2
0
        }//end event

        protected void btnCreate_Click(object sender, EventArgs e)
        {
 

            CreatePassword passwordObject = new CreatePassword();

            string password = passwordObject.Create_Password(8);

            string firstName = txtFirstName.Text;
            string lastName = txtLastName.Text;
            string username = txtUsername.Text;
            string role = ddlRole.SelectedValue;
            string verified = "N";
            string counselor = "N/A";
            DateTime dateCreated = DateTime.Today;
            int numberOfLogins = 0;
            string securityQuestion = ddlSecurityQuestion.SelectedValue;
            string securityAnswer = txtSecurityAnswer.Text;

            txtFirstName.Text = string.Empty;
            txtLastName.Text = string.Empty;
            txtUsername.Text = string.Empty;
            ddlSecurityQuestion.SelectedValue = string.Empty;
            txtSecurityAnswer.Text = string.Empty;
            txtConfirm.Text = string.Empty;

            //string errorMessage;

            //Select selectObject = new Select();

            //string counselorName;

            //counselorName = Select.Select_Counselor_Name(counselor);

            //errorMessage = selectObject.getErrorMessage();

            //if (errorMessage != null)
            //{
            //    lblError.Text = errorMessage;
            //    lblError.Visible = true;

            //    ErrorMessage message = new ErrorMessage();

            //    MsgBox(message.SQLServerErrorMessage);

            //}//end if

            //else
            //{
                Validate validationObject = new Validate();

                username = validationObject.Truncate(username, 100);
                firstName = validationObject.Truncate(firstName, 100);
                lastName = validationObject.Truncate(lastName, 100);
                password = validationObject.Truncate(password, 100);
                role = validationObject.Truncate(role, 100);
                verified = validationObject.Truncate(verified, 900);
                counselor = validationObject.Truncate(counselor, 900);
                securityQuestion = validationObject.Truncate(securityQuestion, 100);
                securityAnswer = validationObject.Truncate(securityAnswer, 100);

                Aes encryptionObject = Aes.Create();

                byte[] AesKey = encryptionObject.Key;

                byte[] AesIV = encryptionObject.IV;

                string AesKeyString = Convert.ToBase64String(AesKey);

                string AesIVString = Convert.ToBase64String(AesIV);

                byte[] MasterKey = Encryption.GetMasterKey();

                byte[] MasterIV = Encryption.GetMasterIV();

                byte[] encryptedFirstName = Encryption.Encrypt_AES(firstName, AesKey, AesIV);

                string encryptedFirstNameString = Convert.ToBase64String(encryptedFirstName);

                byte[] encryptedLastName = Encryption.Encrypt_AES(lastName, AesKey, AesIV);

                string encryptedLastNameString = Convert.ToBase64String(encryptedLastName);

                byte[] encryptedRole = Encryption.Encrypt_AES(role, AesKey, AesIV);

                string encryptedRoleString = Convert.ToBase64String(encryptedRole);

                byte[] encryptedPassword = Encryption.Encrypt_AES(password, AesKey, AesIV);

                string encryptedPasswordString = Convert.ToBase64String(encryptedPassword);

                byte[] encryptedSecurityQuestion = Encryption.Encrypt_AES(securityQuestion, AesKey, AesIV);

                string encryptedSecurityQuestionString = Convert.ToBase64String(encryptedSecurityQuestion);

                byte[] encryptedSecurityAnswer = Encryption.Encrypt_AES(securityAnswer, AesKey, AesIV);

                string encryptedSecurityAnswerString = Convert.ToBase64String(encryptedSecurityAnswer);

                byte[] encryptedAesKey = Encryption.Encrypt_AES(AesKeyString, MasterKey, MasterIV);

                byte[] encryptedAesIV = Encryption.Encrypt_AES(AesIVString, MasterKey, MasterIV);

                string encryptedAesKeyString = Convert.ToBase64String(encryptedAesKey);

                string encryptedAesIVString = Convert.ToBase64String(encryptedAesIV);

                bool recordExists;

                string errorMessage2;

                Select selectObject2 = new Select();

                recordExists = Select.User_Exists(username);

                errorMessage2 = selectObject2.getErrorMessage();

                if (errorMessage2 != null)
                {
                    lblError.Text = errorMessage2;
                    lblError.Visible = true;

                    ErrorMessage message = new ErrorMessage();

                    MsgBox(message.SQLServerErrorMessage);

                }//end if

                if (recordExists == true)
                {
                    MsgBox("Invalid username. An account for this username already exists. Please try again.");

                }//end if

                else if (recordExists == false)
                {
                    string errorMessage3;

                    errorMessage3 = Insert.Insert_BESTPATH_USER(encryptedFirstNameString, encryptedLastNameString, username, encryptedPasswordString, encryptedRoleString, verified, counselor, "N/A", dateCreated, numberOfLogins, encryptedSecurityQuestionString, encryptedSecurityAnswerString, encryptedAesKeyString, encryptedAesIVString);

                    if (errorMessage3 != null)
                    {
                        lblError.Text = errorMessage3;
                        lblError.Visible = true;

                        ErrorMessage message = new ErrorMessage();

                        MsgBox(message.SQLServerErrorMessage);

                    }//end if

                    else
                    {
                        string errorMessage4;

                        errorMessage4 = Insert.Insert_BESTPATH_STATUS(username);

                        if (errorMessage4 != null)
                        {
                            lblError.Text = errorMessage4;
                            lblError.Visible = true;

                            ErrorMessage message = new ErrorMessage();

                            MsgBox(message.SQLServerErrorMessage);

                        }//end if

                        else
                        {
                            //string urlBase = Request.Url.GetLeftPart(UriPartial.Authority) + Request.ApplicationPath;
                            //string registrationUrl = "/PL/Membership/Registration.aspx";
                            //string fullPath = urlBase + registrationUrl;
                            //string AppPath = Request.PhysicalApplicationPath;
                            //StreamReader sr = new StreamReader(AppPath + "SA/Email_Templates/Welcome.txt");

                            //Email emailObject = new Email();

                            //string errorMessage5;

                            //errorMessage5 = Email.Email_Welcome(counselor, firstName, username, password, fullPath, sr);

                            //if (errorMessage5 != null)
                            //{
                            //    lblError.Text = errorMessage5;
                            //    lblError.Visible = true;

                            //    ErrorMessage message = new ErrorMessage();

                            //    MsgBox(message.EmailErrorMessage);

                            //}//end if

                            //else
                            //{
                                MsgBox(password);

                            //}//end else

                    }//end else

                }//end else if

            }//end else

        }//end event