private void butOK_Click(object sender, System.EventArgs e)
{
Userod selectedUser = null;
if (IsMiddleTierSync)
{
selectedUser = new Userod();
selectedUser.UserName = textUser.Text;
selectedUser.LoginDetails = Authentication.GenerateLoginDetails(textPassword.Text, HashTypes.SHA3_512);
Security.CurUser = selectedUser;
Security.PasswordTyped = textPassword.Text;
}
else
{
if (PrefC.GetBool(PrefName.UserNameManualEntry))
{
for (int i = 0; i < listUser.Items.Count; i++)
{
//Check the user name typed in using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
if (textUser.Text.Trim().ToLower() == listUser.Items[i].ToString().Trim().ToLower())
{
selectedUser = (Userod)listUser.Items[i]; //Found the typed username
break;
}
}
if (selectedUser == null)
{
MessageBox.Show(this, "Login failed");
return;
}
}
else
{
selectedUser = (Userod)listUser.SelectedItem;
}
try {
Userods.CheckUserAndPassword(selectedUser.UserName, textPassword.Text, false);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && selectedUser.PasswordHash == "" && textPassword.Text == "")
{
MessageBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
return;
}
Security.CurUser = selectedUser.Copy();
Security.PasswordTyped = textPassword.Text;
UserOdPrefs.SetThemeForUserIfNeeded();
}
//if(RemotingClient.RemotingRole==RemotingRole.ClientWeb){//Not sure we need this when connecting to CEMT, but not sure enough to delete.
// string password=textPassword.Text;
// if(Programs.UsingEcwTightOrFullMode()) {//ecw requires hash, but non-ecw requires actual password
// password=Userods.EncryptPassword(password,true);
// }
// Security.PasswordTyped=password;
//}
DialogResult = DialogResult.OK;
}
private void SavePreferences()
{
#region Logoff After Minutes
if (textLogOffAfterMinutes.Text.IsNullOrEmpty() && !_logOffAfterMinutesInitialValue.IsNullOrEmpty())
{
UserOdPrefs.Delete(_logOffAfterMinutes.UserOdPrefNum);
}
else if (textLogOffAfterMinutes.Text != _logOffAfterMinutesInitialValue) //Only do this if the value has changed
{
if (_logOffAfterMinutes == null)
{
_logOffAfterMinutes = new UserOdPref()
{
Fkey = 0, FkeyType = UserOdFkeyType.LogOffTimerOverride, UserNum = Security.CurUser.UserNum
};
}
_logOffAfterMinutes.ValueString = textLogOffAfterMinutes.Text;
UserOdPrefs.Upsert(_logOffAfterMinutes);
if (!PrefC.GetBool(PrefName.SecurityLogOffAllowUserOverride))
{
MsgBox.Show(this, "User logoff overrides will not take effect until the Global Security setting \"Allow user override for automatic logoff\" is checked");
}
}
#endregion
#region Suppress Logoff Message
if (checkSuppressMessage.Checked && _suppressLogOffMessage == null)
{
UserOdPrefs.Insert(new UserOdPref()
{
UserNum = Security.CurUser.UserNum,
FkeyType = UserOdFkeyType.SuppressLogOffMessage
});
}
else if (!checkSuppressMessage.Checked && _suppressLogOffMessage != null)
{
UserOdPrefs.Delete(_suppressLogOffMessage.UserOdPrefNum);
}
#endregion
#region Theme Change
if (_themePref == null)
{
_themePref = new UserOdPref()
{
UserNum = Security.CurUser.UserNum, FkeyType = UserOdFkeyType.UserTheme
};
}
_themePref.Fkey = comboTheme.SelectedIndex;
UserOdPrefs.Upsert(_themePref);
if (PrefC.GetBool(PrefName.ThemeSetByUser))
{
UserOdPrefs.SetThemeForUserIfNeeded();
}
else
{
//No need to return, just showing a warning so they know why the theme will not change.
MsgBox.Show("Theme will not take effect until the miscellaneous preference has been set for users can set their own theme.");
}
#endregion
}
private void butOK_Click(object sender, EventArgs e)
{
bool isEcw = Programs.UsingEcwTightOrFullMode();
string userName = "";
if (PrefC.GetBool(PrefName.UserNameManualEntry))
{
//Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower());
}
else
{
userName = listUser.SelectedItem?.ToString();
}
if (string.IsNullOrEmpty(userName))
{
MsgBox.Show(this, "Login failed");
return;
}
string passwordTyped = textPassword.Text;
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped))
{
MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
return;
}
Userod userCur = null;
if (isEcw) //ecw requires hash, but non-ecw requires actual password
{
passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true);
}
if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ)
{
// No need to check password when changing task users at HQ to user "Stay Open".
userCur = Userods.GetUserByNameNoCache(userName);
}
else //Not HQ (most common scenario)
//Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn.
//That event would cause a second login window to pop with strange behavior.
//Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary.
{
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
{
userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false);
if (userCur == null)
{
MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts.");
return;
}
}
else //Directly connected to the database. This code will give a more accurate error message to the user when failing to log in.
{
try {
userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
}
}
//successful login.
if (_isSimpleSwitch)
{
CurUserSimpleSwitch = userCur;
}
else //Not a temporary login.
{
Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls.
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
{
if (Userods.IsPasswordStrong(passwordTyped) != "") //Password is not strong
{
MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache))
{
return; //Failed password update.
}
_refreshSecurityCache = true; //Indicate to calling method that they should manually refresh the Security cache.
}
}
Security.IsUserLoggedIn = true;
//Jason approved always storing the cleartext password that the user typed in
//since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
Security.PasswordTyped = passwordTyped;
SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on."));
UserOdPrefs.SetThemeForUserIfNeeded();
}
Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
DialogResult = DialogResult.OK;
}
private void butLogin_Click(object sender, EventArgs e)
{
Userod userEntered;
string password;
try {
bool useEcwAlgorithm = Programs.UsingEcwTightOrFullMode();
//ecw requires hash, but non-ecw requires actual password
password = textPassword.Text;
if (useEcwAlgorithm)
{
//It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time.
//It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString.
if (Security.CurUser == null)
{
Security.CurUser = new Userod();
}
password = Authentication.HashPasswordMD5(password, true);
}
string username = textUser.Text;
#if DEBUG
if (username == "")
{
username = "******";
password = "******";
}
#endif
//Set the PasswordTyped property prior to checking the credentials for Middle Tier.
Security.PasswordTyped = password;
userEntered = Userods.CheckUserAndPassword(username, password, useEcwAlgorithm);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
//successful login.
Security.CurUser = userEntered;
Security.IsUserLoggedIn = true;
RemotingClient.HasLoginFailed = false;
UserOdPrefs.SetThemeForUserIfNeeded();
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb &&
string.IsNullOrEmpty(userEntered.PasswordHash) &&
string.IsNullOrEmpty(textPassword.Text))
{
MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
if (!SecurityL.ChangePassword(true)) //Failed password update.
{
return;
}
}
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) &&
PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong) &&
Userods.IsPasswordStrong(textPassword.Text) != "") //Password is not strong
{
MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
if (!SecurityL.ChangePassword(true)) //Failed password update.
{
return;
}
}
SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on.");
DialogResult = DialogResult.OK;
}
