//===============================================================
// Function: VerifyLogin
//===============================================================
public loginResults VerifyLogin(string emailAddress, string testPassword,
Boolean passwordIsEncrypted, Boolean recordInLoginHistory, string source)
{
loginResults returnValue = loginResults.loginFailed;
DbConnection conn = new SqlConnection(GlobalSettings.connectionString);
try
{
conn.Open();
// Get contact info
DbCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "spVerifyUserLogin";
DbParameter param = cmd.CreateParameter();
param.ParameterName = "@EmailAddress";
param.Value = emailAddress.Trim();
cmd.Parameters.Add(param);
DbDataReader rdr = cmd.ExecuteReader();
if (rdr.HasRows == false)
{
// Update the DB with a failed login attempt (email address not recognised)
UpdateLoginHistory(-1, "U", source); // Unknown user
returnValue = loginResults.loginFailed;
}
else
{
// Email address exists, now check the password is OK
int userID;
Boolean loginEnabled = false;
string userPassword = "";
int failedLoginCount = 0;
DateTime passwordExpiryDate = DateTime.MinValue;
rdr.Read();
userID = (int)rdr["UserID"];
if (!rdr.IsDBNull(rdr.GetOrdinal("LoginEnabled")))
{
loginEnabled = (Boolean)rdr["LoginEnabled"];
}
if (!rdr.IsDBNull(rdr.GetOrdinal("UserPassword")))
{
userPassword = (string)rdr["UserPassword"];
}
if (!rdr.IsDBNull(rdr.GetOrdinal("FailedLoginCount")))
{
failedLoginCount = (int)rdr["FailedLoginCount"];
}
if (!rdr.IsDBNull(rdr.GetOrdinal("PasswordExpiryDate")))
{
passwordExpiryDate = (DateTime)rdr["PasswordExpiryDate"];
}
rdr.Close();
if (DateTime.Compare(passwordExpiryDate, DateTime.Now) > 0)
{
// Update the DB with a failed login attempt (password expired)
if (recordInLoginHistory == true)
{
UpdateLoginHistory(userID, "E", source); // Password expired
}
returnValue = loginResults.passwordExpired;
m_userID = userID;
ReadUserDetails();
}
PasswordEncrypt pe = new PasswordEncrypt();
string encryptedTestPassword = "";
if (passwordIsEncrypted == false)
{
encryptedTestPassword = pe.EncryptPassword(testPassword);
}
else
{
encryptedTestPassword = testPassword;
}
if ((userPassword != encryptedTestPassword) || (loginEnabled == false))
{
// Update the DB with a failed login attempt (invalid password)
UpdateLoginHistory(userID, "P", source); // Invalid Password
if (loginEnabled == false)
{
returnValue = loginResults.loginNotActivated;
}
else
{
returnValue = loginResults.loginFailed;
}
}
else
{
// Update the DB with a successful login attempt
if (recordInLoginHistory == true)
{
UpdateLoginHistory(userID, "S", source); // Success
}
returnValue = loginResults.loginSuccess;
m_userID = userID;
ReadUserDetails();
}
}
}
catch (Exception ex)
{
ErrorLog errorLog = new ErrorLog();
errorLog.WriteLog("SedogoUser", "VerifyLogin", ex.Message, logMessageLevel.errorMessage);
throw ex;
}
finally
{
conn.Close();
}
return returnValue;
}
//===============================================================
// Function: VerifyPassword
//===============================================================
public Boolean VerifyPassword(string testPassword)
{
Boolean returnStatus = false;
DbConnection conn = new SqlConnection(GlobalSettings.connectionString);
try
{
conn.Open();
DbCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "spSelectUserPassword";
DbParameter param = cmd.CreateParameter();
param.ParameterName = "@UserID";
param.Value = m_userID;
cmd.Parameters.Add(param);
DbDataReader rdr = cmd.ExecuteReader();
if (rdr.HasRows != false)
{
string userPassword;
rdr.Read();
userPassword = (string)rdr["UserPassword"];
rdr.Close();
PasswordEncrypt pe = new PasswordEncrypt();
string encryptedTestPassword = pe.EncryptPassword(testPassword);
// note that passwords are case sensitive
if (userPassword == encryptedTestPassword)
{
returnStatus = true;
}
}
}
catch (Exception ex)
{
ErrorLog errorLog = new ErrorLog();
errorLog.WriteLog("SedogoUser", "VerifyPassword", ex.Message, logMessageLevel.errorMessage);
throw ex;
}
finally
{
conn.Close();
}
return returnStatus;
}
//===============================================================
// Function: UpdatePassword
//===============================================================
public void UpdatePassword(string newPassword)
{
PasswordEncrypt pe = new PasswordEncrypt();
string encryptedPassword = pe.EncryptPassword(newPassword);
SqlConnection conn = new SqlConnection(GlobalSettings.connectionString);
try
{
conn.Open();
// Update users password
SqlCommand cmd = new SqlCommand("spUpdateUserPassword", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@UserID", SqlDbType.Int).Value = m_userID;
cmd.Parameters.Add("@UserPassword", SqlDbType.NVarChar, 50).Value = encryptedPassword;
cmd.Parameters.Add("@LastUpdatedDate", SqlDbType.DateTime).Value = DateTime.Now;
cmd.Parameters.Add("@LastUpdatedByFullName", SqlDbType.NVarChar, 200).Value = m_loggedInUser;
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
ErrorLog errorLog = new ErrorLog();
errorLog.WriteLog("SedogoUser", "UpdatePassword", ex.Message, logMessageLevel.errorMessage);
throw ex;
}
finally
{
conn.Close();
}
}