Example #1
0
        /// <summary>
        /// Handles the Click event of the btnSubmit control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
        /// <remarks></remarks>
        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            hdnErrormsgFromLoginNext.Value = "";
            //Page.ClientScript.RegisterStartupScript(this.GetType(), "VKeyboard", "init();", true);
            Session["AccountNumber"] = null;
            _cardHolderId            = Convert.ToInt32(Session["CardHolderId"]);

            bool UserStatus = false;

            if (hdnTabIndex.Value == "0" && (txtUsername.Text == "" || txtPassword.Text == ""))
            {
                LblErrorMessage.Text = Constants.InvalidUnamePwd;
                DivERROR.Attributes.CssStyle.Add("display", "block");
                return;
            }
            if (hdnTabIndex.Value == "1" && (txtUsername.Text == "" || txtOTP.Text == ""))
            {
                LblErrorMessage.Text = Constants.InvalidUnamePwd;
                DivERROR.Attributes.CssStyle.Add("display", "block");
                return;
            }
            var    am    = new CardHolderManager();
            var    cmn   = new CardManager();
            var    chlm  = new CardHolderLoginInfoManager();
            var    chdto = new List <CardHolderLogin_InfoDTO>();
            string Paswd = txtPassword.Text.Trim();

            txtPassword.Text = string.Empty;
            string publicIp   = Request.UserHostAddress;
            var    cardHolder = am.AuthenticateUser(txtUsername.Text.Trim(), publicIp);


            if (hdnTabIndex.Value == "0" && String.CompareOrdinal(Paswd, cardHolder.User_pwd) != 0)
            {
                if (_cardHolderId == 0)
                {
                    Response.Redirect("ErrorPage/CodeError.aspx");
                }


                int tries = 1;
                chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId);

                if (chdto.Count > 0)
                {
                    if (chdto[0].Login_Attempt_FirstDt <= System.DateTime.Today.AddDays(-1) &&
                        chdto[0].Login_Attempts < 3)
                    {
                        chlm.DeleteCardHolderLoginInfo(_cardHolderId);
                    }
                    else if (chdto.Count == 2)
                    {
                        if (chdto[1].Login_Attempt_SecondDt <= System.DateTime.Today.AddDays(-1) &&
                            chdto[1].Login_Attempts < 3)
                        {
                            chlm.DeleteCardHolderLoginInfo(_cardHolderId);
                        }
                    }
                    else if (chdto.Count == 3)
                    {
                        if (chdto[2].Login_Attempt_ThirdDt <= System.DateTime.Today.AddDays(-1) &&
                            chdto[2].Login_Attempts < 3)
                        {
                            chlm.DeleteCardHolderLoginInfo(_cardHolderId);
                        }
                    }
                }

                chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId);
                if (chdto.Count > 0)
                {
                    if (chdto[0].Login_Attempt_FirstDt == System.DateTime.Today && chdto[0].Login_Attempts < 3)
                    {
                        tries = Convert.ToInt32(chdto[0].Login_Attempts) + 1;
                    }

                    if (chdto[0].Login_Attempt_FirstDt != null && chdto[0].Login_Attempts == 3)
                    {
                        if (chdto.Count > 1)
                        {
                            if (chdto[1].Login_Attempt_SecondDt == System.DateTime.Today && chdto[1].Login_Attempts < 3)
                            {
                                tries = Convert.ToInt32(chdto[1].Login_Attempts) + 1;
                            }

                            if (chdto[1].Login_Attempt_SecondDt != null && chdto[1].Login_Attempts == 3)
                            {
                                if (chdto.Count > 2)
                                {
                                    if (chdto[2].Login_Attempt_ThirdDt == System.DateTime.Today &&
                                        chdto[2].Login_Attempts < 3)
                                    {
                                        tries = Convert.ToInt32(chdto[2].Login_Attempts) + 1;
                                    }

                                    if (chdto[2].Login_Attempt_ThirdDt != null && chdto[2].Login_Attempts == 3)
                                    {
                                        //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true);
                                        // viewCheckUsernameError.Text = Constants.BlockedAccount;
                                        ClearControls(EnumBlockedAccount);
                                    }
                                    else
                                    {
                                        chlm.UpdateCardHolderLoginInfoThird(new CardHolderLogin_InfoDTO()
                                        {
                                            CardHolder_Id         = _cardHolderId,
                                            Login_Attempts        = tries,
                                            Login_Attempt_ThirdDt = System.DateTime.Today
                                        });
                                        if (tries == 2)
                                        {
                                            lblMessage.Text = Constants.Leftwithonly1Attempt;
                                            DivMessage.Attributes.CssStyle.Add("display", "block");
                                        }
                                        else
                                        {
                                            chlm.SetCardHolderParmenentDisable(_cardHolderId);
                                            // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.ContinuesBlockedAccount + "');", true);
                                            //viewCheckUsernameError.Text = Constants.ContinuesBlockedAccount;
                                            ClearControls(EnumContinuesBlockedAccount);
                                        }
                                    }
                                }
                                else
                                {
                                    if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today)
                                    {
                                        chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
                                        {
                                            CardHolder_Id         = _cardHolderId,
                                            Login_Attempts        = tries,
                                            IP_Address            = Request.UserHostAddress,
                                            Login_Attempt_ThirdDt = System.DateTime.Today
                                        });
                                        lblMessage.Text = Constants.ThirdDayLeftwith2Attempts;
                                        DivMessage.Attributes.CssStyle.Add("display", "block");
                                    }
                                }
                            }
                            else
                            {
                                if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today)
                                {
                                    chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
                                    {
                                        CardHolder_Id         = _cardHolderId,
                                        Login_Attempts        = tries,
                                        IP_Address            = Request.UserHostAddress,
                                        Login_Attempt_ThirdDt = System.DateTime.Today
                                    });
                                    lblMessage.Text = Constants.ThirdDayLeftwith2Attempts;
                                    DivMessage.Attributes.CssStyle.Add("display", "block");
                                }

                                else
                                {
                                    chlm.UpdateCardHolderLoginInfoSecond(new CardHolderLogin_InfoDTO()
                                    {
                                        CardHolder_Id          = _cardHolderId,
                                        Login_Attempts         = tries,
                                        Login_Attempt_SecondDt = System.DateTime.Today
                                    });

                                    if (tries == 2)
                                    {
                                        lblMessage.Text = Constants.SecndDayLeftwith1Attempts;
                                        DivMessage.Attributes.CssStyle.Add("display", "block");
                                    }
                                    else
                                    {
                                        chlm.SetCardHolderInActive(_cardHolderId);
                                        // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true);
                                        // viewCheckUsernameError.Text = Constants.InactiveAttempts;
                                        ClearControls(EnumInactiveAttempts);
                                    }
                                }
                            }
                        }
                        else
                        {
                            if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today)
                            {
                                chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
                                {
                                    CardHolder_Id          = _cardHolderId,
                                    Login_Attempts         = tries,
                                    IP_Address             = Request.UserHostAddress,
                                    Login_Attempt_SecondDt = System.DateTime.Today
                                });
                                lblMessage.Text = Constants.SecndDayLeftwith2Attempts;
                                DivMessage.Attributes.CssStyle.Add("display", "block");
                            }
                        }
                    }
                    else
                    {
                        if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today)
                        {
                            chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
                            {
                                CardHolder_Id          = _cardHolderId,
                                Login_Attempts         = tries,
                                IP_Address             = Request.UserHostAddress,
                                Login_Attempt_SecondDt = System.DateTime.Today
                            });
                            lblMessage.Text = Constants.SecndDayLeftwith2Attempts;
                            DivMessage.Attributes.CssStyle.Add("display", "block");
                        }
                        else
                        {
                            chlm.UpdateCardHolderLoginInfofirst(new CardHolderLogin_InfoDTO()
                            {
                                CardHolder_Id         = _cardHolderId,
                                Login_Attempts        = tries,
                                Login_Attempt_FirstDt = System.DateTime.Today
                            });
                            if (tries == 2)
                            {
                                lblMessage.Text = Constants.Leftwith1Attempts;
                                DivMessage.Attributes.CssStyle.Add("display", "block");
                            }
                            else
                            {
                                chlm.SetCardHolderInActive(_cardHolderId);
                                //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true);
                                //viewCheckUsernameError.Text = Constants.InactiveAttempts;
                                ClearControls(EnumInactiveAttempts);
                            }
                        }
                    }
                }

                else
                {
                    chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
                    {
                        CardHolder_Id         = _cardHolderId,
                        Login_Attempts        = tries,
                        IP_Address            = Request.UserHostAddress,
                        Login_Attempt_FirstDt = System.DateTime.Today
                    });
                    lblMessage.Text = Constants.Leftwith2Attempts;
                    DivMessage.Attributes.CssStyle.Add("display", "block");
                }
            }
            else if (hdnTabIndex.Value == "1" && String.CompareOrdinal(txtOTP.Text, hdnOTP.Value.ToString()) != 0)
            {
                lblMessage.Text = Constants.IncorrectOTP;
                DivMessage.Attributes.CssStyle.Add("display", "block");
                divIncorrectOTP.Attributes.CssStyle.Add("display", "flex");
                divOTPSent.Attributes.CssStyle.Add("display", "block");
                divremaining.Attributes.CssStyle.Add("display", "block");
                hideResultMobile.Text = strMobile;
                txtOTP.Focus();
                StartOTPTimer();
                return;
            }
            else
            {
                UserStatus = cmn.AuthenticateUserStatus(cardHolder.creditcard_acc_number.Decrypt());
                if (UserStatus)
                {
                    string blocked = Constants.BlockedAccount;
                    Session["AccountNumber"] = cardHolder.creditcard_acc_number.Decrypt();
                    if (cardHolder.IsPermanentDisable == true && cardHolder.IsActive == false)
                    {
                        //ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "return Blokalert('" + blocked + "');",true);
                        //hdnErrormsgFromLoginNext.Value = Constants.BlockedAccount;
                        ClearControls(EnumBlockedAccount);
                    }
                    else if (cardHolder.IsPermanentDisable == true)
                    {
                        // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true);
                        //viewCheckUsernameError.Text = Constants.BlockedAccount;
                        ClearControls(EnumBlockedAccount);
                    }
                    else if (cardHolder.IsActive == false)
                    {
                        // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAccount + "');", true);
                        //viewCheckUsernameError.Text = Constants.InactiveAccount;
                        ClearControls(EnumInactiveAccount);
                    }
                    else
                    {
                        Session["CardHolderId"] = cardHolder.CardHolder_Id;
                        chlm.DeleteCardHolderLoginInfo(_cardHolderId);

                        #region Create Session of IP and AntiFix for Privilege escalation (Horizontal)

                        // Random Token antifix
                        Random random = new Random();
                        string rndstr = random.Next(100000).ToString();
                        rndstr            = Functions.GenerateHash(rndstr);
                        Session["STTLII"] = rndstr;
                        Response.Cookies["STTLII"].Value    = rndstr;
                        Response.Cookies["STTLII"].HttpOnly = true;
                        //IP Of User
                        Session["STTLI"] = Functions.GenerateHash(Functions.GetIP());
                        Response.Cookies["STTLI"].Value    = Functions.GenerateHash(Functions.GetIP());
                        Response.Cookies["STTLI"].HttpOnly = true;

                        #endregion

                        //Step 3 Submit CardHolder Master Data
                        CardHolderManager chm  = new CardHolderManager();
                        CardHolder_MstDTO user = new CardHolder_MstDTO();
                        user.CardHolder_Id = _cardHolderId;
                        //chm.UpdateCardHolderLastLoginDetails(user);
                        chm.UpdateCardHolderDetailByID(user);

                        SetCookieAndRedirectToProfilePage(Encoder.HtmlEncode(txtUsername.Text.Trim()),
                                                          cardHolder.CardHolder_Id.ToString());
                    }
                }
                else
                {
                    // ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.AccNotInNormalState + "');", true);
                    // viewCheckUsernameError.Text = Constants.AccNotInNormalState;
                    ClearControls(EnumAccNotInNormalState);
                }
            }
        }