/// <summary>
/// Handles the Click event of the btnEnter control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
/// <remarks></remarks>
protected void btnEnter_Click(object sender, EventArgs e)
{
if (IsValidInfo())
{
////start building recaptch api call
//var sb = new StringBuilder();
//sb.Append("https://www.google.com/recaptcha/api/siteverify?secret=");
////our secret key
//var secretKey = "6LfCPbsUAAAAALvGNtSqXRZwX1dp0xUZhd0AIbUT";
//sb.Append(secretKey);
////response from recaptch control
//sb.Append("&");
//sb.Append("response=");
//var reCaptchaResponse = Request["g-recaptcha-response"];
//sb.Append(reCaptchaResponse);
////client ip address
////---- This Ip address part is optional. If you donot want to send IP address you can
////---- Skip(Remove below 4 lines)
//sb.Append("&");
//sb.Append("remoteip=");
////var clientIpAddress = GetUserIp();
////sb.Append(clientIpAddress);
////make the api call and determine validity
//using (var client = new WebClient())
//{
// var uri = sb.ToString();
// var json = client.DownloadString(uri);
// var serializer = new DataContractJsonSerializer(typeof(RecaptchaApiResponse));
// var ms = new MemoryStream(Encoding.Unicode.GetBytes(json));
// var result = serializer.ReadObject(ms) as RecaptchaApiResponse;
// //--- Check if we are able to call api or not.
// if (result == null)
// {
// lblMessage.Text = "Captcha was unable to make the api call";
// }
// else // If Yes
// {
// //api call contains errors
// if (result.ErrorCodes != null)
// {
// if (result.ErrorCodes.Count > 0)
// {
// foreach (var error in result.ErrorCodes)
// {
// lblMessage.Text = "reCAPTCHA Error: " + error;
// }
// }
// }
// else //api does not contain errors
// {
// if (!result.Success) //captcha was unsuccessful for some reason
// {
// lblMessage.Text = "Captcha did not pass, please try again.";
// }
// else //---- If successfully verified. Do your rest of logic.
// {
// lblMessage.Text = "Captcha cleared ";
// }
// }
// }
//}
Session["CardHolderId"] = "";
lblMessage.Text = "";
DivMessage.Attributes.CssStyle.Add("display", "none");
//viewUserLoginError.Text = "";
bool ChkActiveUser = false;
bool UserStatus = false;
DateTime InvalidLoginDate;
DateTime TodayDate;
TimeSpan Diffrence;
int DurationforActive = 24;
CardHolderManager am = new CardHolderManager();
CardManager cardManager = new CardManager();
string PublicIP = Request.UserHostAddress;
if (!cardManager.CheckOracleConnection())
{
LblErrorMessage.Text = Constants.DbConnectionNotAvailable;
DivERROR.Attributes.CssStyle.Add("display", "block");
return;
}
//commented by abhijeet on 23/01/2019
//CardHolder_MstDTO user = am.FindUser(txtCheckUsername.Text.Trim(), PublicIP);
CardHolder_MstDTO user = am.FindActiveUser(txtCheckUsername.Text.Trim());
if (user != null)
{
UserStatus = cardManager.AuthenticateUserStatus(user.creditcard_acc_number.Decrypt());
if (UserStatus == true)
{
InvalidLoginDate = Convert.ToDateTime(user.InvalidLastLoginDt);
TodayDate = System.DateTime.Now;
Diffrence = TodayDate - InvalidLoginDate;
int pendingtime = 24 - Convert.ToInt32(Diffrence.TotalHours);
string[] parts = Convert.ToString(pendingtime).Split('.');
DurationforActive = int.Parse(parts[0]);
if (Diffrence.TotalHours >= 24)
{
ChkActiveUser = am.SetCardHolderActive(user.CardHolder_Id);
}
if (ChkActiveUser == true)
{
if (user.IsPermanentDisable == true)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('" + Constants.BlockedAccount + "');", true);
ClearControls();
}
else
{
//mvCheckUser.ActiveViewIndex = 1;
//lblPersonalMessage.Text = user.Personal_Msg;
//txtUsername.Text = user.User_nm;
Session["CardHolderId"] = user.CardHolder_Id;
txtCheckUsername.Text = "";
txtCaptchaFirst.Text = "";
Response.Redirect("~/LoginNext.aspx"); //Redirect to next login here
}
}
else
{
if (user.IsPermanentDisable == true && user.IsActive == false)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('" + Constants.BlockedAccount + "');", true);
ClearControls();
}
else if (user.IsPermanentDisable == true)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('" + Constants.BlockedAccount + "');", true);
ClearControls();
}
else if (user.IsActive == false)
{
if (DurationforActive == 0)
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('" + Constants.InactiveAccountAfter +
"sometime');", true);
}
else
{
ScriptManager.RegisterStartupScript(this, GetType(), "showalert",
"alert('" + Constants.InactiveAccountAfter +
DurationforActive + "hrs');", true);
}
ClearControls();
}
else
{
//mvCheckUser.ActiveViewIndex = 1;
//lblPersonalMessage.Text = user.Personal_Msg;
//txtUsername.Text = user.User_nm;
//Session["CardHolderId"] = user.CardHolder_Id;
//txtUsername.Attributes.Add("readonly", "readonly");
Session["CardHolderId"] = user.CardHolder_Id;
txtCheckUsername.Text = "";
txtCaptchaFirst.Text = "";
Response.Redirect("~/LoginNext.aspx");
//Page.ClientScript.RegisterStartupScript(this.GetType(), "VKeyboard", "init()", true);
}
}
// CreateRequest();
}
else
{
lblMessage.Text = Constants.AccNotInNormalState;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
}
else
{
lblMessage.Text = Constants.UnameNtExist;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
}
}
/// <summary>
/// Handles the Click event of the btnSubmit control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
/// <remarks></remarks>
protected void btnSubmit_Click(object sender, EventArgs e)
{
hdnErrormsgFromLoginNext.Value = "";
//Page.ClientScript.RegisterStartupScript(this.GetType(), "VKeyboard", "init();", true);
Session["AccountNumber"] = null;
_cardHolderId = Convert.ToInt32(Session["CardHolderId"]);
bool UserStatus = false;
if (hdnTabIndex.Value == "0" && (txtUsername.Text == "" || txtPassword.Text == ""))
{
LblErrorMessage.Text = Constants.InvalidUnamePwd;
DivERROR.Attributes.CssStyle.Add("display", "block");
return;
}
if (hdnTabIndex.Value == "1" && (txtUsername.Text == "" || txtOTP.Text == ""))
{
LblErrorMessage.Text = Constants.InvalidUnamePwd;
DivERROR.Attributes.CssStyle.Add("display", "block");
return;
}
var am = new CardHolderManager();
var cmn = new CardManager();
var chlm = new CardHolderLoginInfoManager();
var chdto = new List <CardHolderLogin_InfoDTO>();
string Paswd = txtPassword.Text.Trim();
txtPassword.Text = string.Empty;
string publicIp = Request.UserHostAddress;
var cardHolder = am.AuthenticateUser(txtUsername.Text.Trim(), publicIp);
if (hdnTabIndex.Value == "0" && String.CompareOrdinal(Paswd, cardHolder.User_pwd) != 0)
{
if (_cardHolderId == 0)
{
Response.Redirect("ErrorPage/CodeError.aspx");
}
int tries = 1;
chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId);
if (chdto.Count > 0)
{
if (chdto[0].Login_Attempt_FirstDt <= System.DateTime.Today.AddDays(-1) &&
chdto[0].Login_Attempts < 3)
{
chlm.DeleteCardHolderLoginInfo(_cardHolderId);
}
else if (chdto.Count == 2)
{
if (chdto[1].Login_Attempt_SecondDt <= System.DateTime.Today.AddDays(-1) &&
chdto[1].Login_Attempts < 3)
{
chlm.DeleteCardHolderLoginInfo(_cardHolderId);
}
}
else if (chdto.Count == 3)
{
if (chdto[2].Login_Attempt_ThirdDt <= System.DateTime.Today.AddDays(-1) &&
chdto[2].Login_Attempts < 3)
{
chlm.DeleteCardHolderLoginInfo(_cardHolderId);
}
}
}
chdto = chlm.getCardHolderLoginInfoByID(_cardHolderId);
if (chdto.Count > 0)
{
if (chdto[0].Login_Attempt_FirstDt == System.DateTime.Today && chdto[0].Login_Attempts < 3)
{
tries = Convert.ToInt32(chdto[0].Login_Attempts) + 1;
}
if (chdto[0].Login_Attempt_FirstDt != null && chdto[0].Login_Attempts == 3)
{
if (chdto.Count > 1)
{
if (chdto[1].Login_Attempt_SecondDt == System.DateTime.Today && chdto[1].Login_Attempts < 3)
{
tries = Convert.ToInt32(chdto[1].Login_Attempts) + 1;
}
if (chdto[1].Login_Attempt_SecondDt != null && chdto[1].Login_Attempts == 3)
{
if (chdto.Count > 2)
{
if (chdto[2].Login_Attempt_ThirdDt == System.DateTime.Today &&
chdto[2].Login_Attempts < 3)
{
tries = Convert.ToInt32(chdto[2].Login_Attempts) + 1;
}
if (chdto[2].Login_Attempt_ThirdDt != null && chdto[2].Login_Attempts == 3)
{
//ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true);
// viewCheckUsernameError.Text = Constants.BlockedAccount;
ClearControls(EnumBlockedAccount);
}
else
{
chlm.UpdateCardHolderLoginInfoThird(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
Login_Attempt_ThirdDt = System.DateTime.Today
});
if (tries == 2)
{
lblMessage.Text = Constants.Leftwithonly1Attempt;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
else
{
chlm.SetCardHolderParmenentDisable(_cardHolderId);
// ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.ContinuesBlockedAccount + "');", true);
//viewCheckUsernameError.Text = Constants.ContinuesBlockedAccount;
ClearControls(EnumContinuesBlockedAccount);
}
}
}
else
{
if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today)
{
chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
IP_Address = Request.UserHostAddress,
Login_Attempt_ThirdDt = System.DateTime.Today
});
lblMessage.Text = Constants.ThirdDayLeftwith2Attempts;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
}
}
else
{
if (chdto[1].Login_Attempt_SecondDt != System.DateTime.Today)
{
chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
IP_Address = Request.UserHostAddress,
Login_Attempt_ThirdDt = System.DateTime.Today
});
lblMessage.Text = Constants.ThirdDayLeftwith2Attempts;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
else
{
chlm.UpdateCardHolderLoginInfoSecond(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
Login_Attempt_SecondDt = System.DateTime.Today
});
if (tries == 2)
{
lblMessage.Text = Constants.SecndDayLeftwith1Attempts;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
else
{
chlm.SetCardHolderInActive(_cardHolderId);
// ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true);
// viewCheckUsernameError.Text = Constants.InactiveAttempts;
ClearControls(EnumInactiveAttempts);
}
}
}
}
else
{
if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today)
{
chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
IP_Address = Request.UserHostAddress,
Login_Attempt_SecondDt = System.DateTime.Today
});
lblMessage.Text = Constants.SecndDayLeftwith2Attempts;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
}
}
else
{
if (chdto[0].Login_Attempt_FirstDt != System.DateTime.Today)
{
chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
IP_Address = Request.UserHostAddress,
Login_Attempt_SecondDt = System.DateTime.Today
});
lblMessage.Text = Constants.SecndDayLeftwith2Attempts;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
else
{
chlm.UpdateCardHolderLoginInfofirst(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
Login_Attempt_FirstDt = System.DateTime.Today
});
if (tries == 2)
{
lblMessage.Text = Constants.Leftwith1Attempts;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
else
{
chlm.SetCardHolderInActive(_cardHolderId);
//ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAttempts + "');", true);
//viewCheckUsernameError.Text = Constants.InactiveAttempts;
ClearControls(EnumInactiveAttempts);
}
}
}
}
else
{
chlm.SaveCardHolderLoginInfo(new CardHolderLogin_InfoDTO()
{
CardHolder_Id = _cardHolderId,
Login_Attempts = tries,
IP_Address = Request.UserHostAddress,
Login_Attempt_FirstDt = System.DateTime.Today
});
lblMessage.Text = Constants.Leftwith2Attempts;
DivMessage.Attributes.CssStyle.Add("display", "block");
}
}
else if (hdnTabIndex.Value == "1" && String.CompareOrdinal(txtOTP.Text, hdnOTP.Value.ToString()) != 0)
{
lblMessage.Text = Constants.IncorrectOTP;
DivMessage.Attributes.CssStyle.Add("display", "block");
divIncorrectOTP.Attributes.CssStyle.Add("display", "flex");
divOTPSent.Attributes.CssStyle.Add("display", "block");
divremaining.Attributes.CssStyle.Add("display", "block");
hideResultMobile.Text = strMobile;
txtOTP.Focus();
StartOTPTimer();
return;
}
else
{
UserStatus = cmn.AuthenticateUserStatus(cardHolder.creditcard_acc_number.Decrypt());
if (UserStatus)
{
string blocked = Constants.BlockedAccount;
Session["AccountNumber"] = cardHolder.creditcard_acc_number.Decrypt();
if (cardHolder.IsPermanentDisable == true && cardHolder.IsActive == false)
{
//ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "return Blokalert('" + blocked + "');",true);
//hdnErrormsgFromLoginNext.Value = Constants.BlockedAccount;
ClearControls(EnumBlockedAccount);
}
else if (cardHolder.IsPermanentDisable == true)
{
// ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.BlockedAccount + "');", true);
//viewCheckUsernameError.Text = Constants.BlockedAccount;
ClearControls(EnumBlockedAccount);
}
else if (cardHolder.IsActive == false)
{
// ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.InactiveAccount + "');", true);
//viewCheckUsernameError.Text = Constants.InactiveAccount;
ClearControls(EnumInactiveAccount);
}
else
{
Session["CardHolderId"] = cardHolder.CardHolder_Id;
chlm.DeleteCardHolderLoginInfo(_cardHolderId);
#region Create Session of IP and AntiFix for Privilege escalation (Horizontal)
// Random Token antifix
Random random = new Random();
string rndstr = random.Next(100000).ToString();
rndstr = Functions.GenerateHash(rndstr);
Session["STTLII"] = rndstr;
Response.Cookies["STTLII"].Value = rndstr;
Response.Cookies["STTLII"].HttpOnly = true;
//IP Of User
Session["STTLI"] = Functions.GenerateHash(Functions.GetIP());
Response.Cookies["STTLI"].Value = Functions.GenerateHash(Functions.GetIP());
Response.Cookies["STTLI"].HttpOnly = true;
#endregion
//Step 3 Submit CardHolder Master Data
CardHolderManager chm = new CardHolderManager();
CardHolder_MstDTO user = new CardHolder_MstDTO();
user.CardHolder_Id = _cardHolderId;
//chm.UpdateCardHolderLastLoginDetails(user);
chm.UpdateCardHolderDetailByID(user);
SetCookieAndRedirectToProfilePage(Encoder.HtmlEncode(txtUsername.Text.Trim()),
cardHolder.CardHolder_Id.ToString());
}
}
else
{
// ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('" + Constants.AccNotInNormalState + "');", true);
// viewCheckUsernameError.Text = Constants.AccNotInNormalState;
ClearControls(EnumAccNotInNormalState);
}
}
}