Example #1
0
        //===============================================================
        // Function: VerifyLogin
        //===============================================================
        public loginResults VerifyLogin(string emailAddress, string testPassword,
            Boolean passwordIsEncrypted, Boolean recordInLoginHistory, string source)
        {
            loginResults returnValue = loginResults.loginFailed;

            DbConnection conn = new SqlConnection(GlobalSettings.connectionString);

            try
            {
                conn.Open();

                // Get contact info
                DbCommand cmd = conn.CreateCommand();
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.CommandText = "spVerifyUserLogin";
                DbParameter param = cmd.CreateParameter();
                param.ParameterName = "@EmailAddress";
                param.Value = emailAddress.Trim();
                cmd.Parameters.Add(param);
                DbDataReader rdr = cmd.ExecuteReader();
                if (rdr.HasRows == false)
                {
                    // Update the DB with a failed login attempt (email address not recognised)
                    UpdateLoginHistory(-1, "U", source);     // Unknown user
                    returnValue = loginResults.loginFailed;
                }
                else
                {
                    // Email address exists, now check the password is OK
                    int userID;
                    Boolean loginEnabled = false;
                    string userPassword = "";
                    int failedLoginCount = 0;
                    DateTime passwordExpiryDate = DateTime.MinValue;

                    rdr.Read();
                    userID = (int)rdr["UserID"];
                    if (!rdr.IsDBNull(rdr.GetOrdinal("LoginEnabled")))
                    {
                        loginEnabled = (Boolean)rdr["LoginEnabled"];
                    }
                    if (!rdr.IsDBNull(rdr.GetOrdinal("UserPassword")))
                    {
                        userPassword = (string)rdr["UserPassword"];
                    }
                    if (!rdr.IsDBNull(rdr.GetOrdinal("FailedLoginCount")))
                    {
                        failedLoginCount = (int)rdr["FailedLoginCount"];
                    }
                    if (!rdr.IsDBNull(rdr.GetOrdinal("PasswordExpiryDate")))
                    {
                        passwordExpiryDate = (DateTime)rdr["PasswordExpiryDate"];
                    }
                    rdr.Close();

                    if (DateTime.Compare(passwordExpiryDate, DateTime.Now) > 0)
                    {
                        // Update the DB with a failed login attempt (password expired)
                        if (recordInLoginHistory == true)
                        {
                            UpdateLoginHistory(userID, "E", source);     // Password expired
                        }
                        returnValue = loginResults.passwordExpired;

                        m_userID = userID;
                        ReadUserDetails();
                    }

                    PasswordEncrypt pe = new PasswordEncrypt();
                    string encryptedTestPassword = "";
                    if (passwordIsEncrypted == false)
                    {
                        encryptedTestPassword = pe.EncryptPassword(testPassword);
                    }
                    else
                    {
                        encryptedTestPassword = testPassword;
                    }

                    if ((userPassword != encryptedTestPassword) || (loginEnabled == false))
                    {
                        // Update the DB with a failed login attempt (invalid password)
                        UpdateLoginHistory(userID, "P", source);     // Invalid Password
                        if (loginEnabled == false)
                        {
                            returnValue = loginResults.loginNotActivated;
                        }
                        else
                        {
                            returnValue = loginResults.loginFailed;
                        }
                    }
                    else
                    {
                        // Update the DB with a successful login attempt
                        if (recordInLoginHistory == true)
                        {
                            UpdateLoginHistory(userID, "S", source);      // Success
                        }
                        returnValue = loginResults.loginSuccess;

                        m_userID = userID;
                        ReadUserDetails();
                    }
                }
            }
            catch (Exception ex)
            {
                ErrorLog errorLog = new ErrorLog();
                errorLog.WriteLog("SedogoUser", "VerifyLogin", ex.Message, logMessageLevel.errorMessage);
                throw ex;
            }
            finally
            {
                conn.Close();
            }

            return returnValue;
        }
Example #2
0
        //===============================================================
        // Function: VerifyPassword
        //===============================================================
        public Boolean VerifyPassword(string testPassword)
        {
            Boolean returnStatus = false;

            DbConnection conn = new SqlConnection(GlobalSettings.connectionString);
            try
            {
                conn.Open();

                DbCommand cmd = conn.CreateCommand();
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.CommandText = "spSelectUserPassword";
                DbParameter param = cmd.CreateParameter();
                param.ParameterName = "@UserID";
                param.Value = m_userID;
                cmd.Parameters.Add(param);
                DbDataReader rdr = cmd.ExecuteReader();
                if (rdr.HasRows != false)
                {
                    string userPassword;

                    rdr.Read();
                    userPassword = (string)rdr["UserPassword"];
                    rdr.Close();

                    PasswordEncrypt pe = new PasswordEncrypt();
                    string encryptedTestPassword = pe.EncryptPassword(testPassword);

                    // note that passwords are case sensitive
                    if (userPassword == encryptedTestPassword)
                    {
                        returnStatus = true;
                    }
                }
            }
            catch (Exception ex)
            {
                ErrorLog errorLog = new ErrorLog();
                errorLog.WriteLog("SedogoUser", "VerifyPassword", ex.Message, logMessageLevel.errorMessage);
                throw ex;
            }
            finally
            {
                conn.Close();
            }

            return returnStatus;
        }
Example #3
0
        //===============================================================
        // Function: UpdatePassword
        //===============================================================
        public void UpdatePassword(string newPassword)
        {
            PasswordEncrypt pe = new PasswordEncrypt();
            string encryptedPassword = pe.EncryptPassword(newPassword);

            SqlConnection conn = new SqlConnection(GlobalSettings.connectionString);
            try
            {
                conn.Open();

                // Update users password
                SqlCommand cmd = new SqlCommand("spUpdateUserPassword", conn);
                cmd.CommandType = CommandType.StoredProcedure;

                cmd.Parameters.Add("@UserID", SqlDbType.Int).Value = m_userID;
                cmd.Parameters.Add("@UserPassword", SqlDbType.NVarChar, 50).Value = encryptedPassword;
                cmd.Parameters.Add("@LastUpdatedDate", SqlDbType.DateTime).Value = DateTime.Now;
                cmd.Parameters.Add("@LastUpdatedByFullName", SqlDbType.NVarChar, 200).Value = m_loggedInUser;

                cmd.ExecuteNonQuery();
            }
            catch (Exception ex)
            {
                ErrorLog errorLog = new ErrorLog();
                errorLog.WriteLog("SedogoUser", "UpdatePassword", ex.Message, logMessageLevel.errorMessage);
                throw ex;
            }
            finally
            {
                conn.Close();
            }
        }