private void ChangePassword(int iUserID, string strUserName, string strCurrentPassword, string strNewPassword) { int iReturnVal = 0; EncryptJKS objEncrypt = new EncryptJKS(); //blocked by kuntalkarar on 31stMay2016 //iReturnVal = objUsers.ChangePassword(iUserID, strUserName, EncryptJKS.EncryptData(strCurrentPassword), EncryptJKS.EncryptData(strNewPassword)); //Added by kuntalkarar on 31stMay2016 iReturnVal = objUsers.ChangePassword(iUserID, strUserName, objEncrypt.RijndaelEncription(strCurrentPassword), objEncrypt.RijndaelEncription(strNewPassword)); if (iReturnVal == -101) { //Modified by Mainak 2018-03-15 //lblMessage.Text = "Error changing password."; lblMessage.Text = "Incorrect Current Password"; } else { if (objUsers.RecordFirstLogin(Convert.ToInt32(Session["UserID"]))) { lblMessage.Text = "Password changed successfully."; Session["FirstLoginPageVisited"] = "No"; hdProceedFlag.Value = "1"; } else { lblMessage.Text = "Password changed successfully. Error recording first login."; } } }
private void ChangePassword(int iUserID, string strUserName, string strCurrentPassword, string strNewPassword) { int iReturnVal = 0; //blocked by kuntalkarar on 28thMay2016 //iReturnVal = objUsers.ChangePassword(iUserID, strUserName, EncryptJKS.EncryptData(strCurrentPassword), EncryptJKS.EncryptData(strNewPassword)); //added by kuntalkarar on 28thMay2016 iReturnVal = objUsers.ChangePassword(iUserID, strUserName, objEncrypt.RijndaelEncription(strCurrentPassword), objEncrypt.RijndaelEncription(strNewPassword)); if (iReturnVal == -101) { //lblMessage.Text = "Error changing password."; lblMessage.Text = "ERROR CHANGING PASSWORD."; } else { //lblMessage.Text = "Password changed successfully."; lblMessage.Text = "PASSWORD CHANGED SUCCESSFULLY ."; } }
protected void btnlogin_Click(object sender, EventArgs e) { if (cnt == 0) { if (IsPostBack) { int iLogStatusCount = 0; txtNetworkID.Text = Convert.ToString("9ae44765-e9");//Changed 9ae44765-e9 of JKS from 0e8e82fa-14 of BBR // Session["networkID"] = txtNetworkID.Text;// blocked By Rimi on 8th August 2015 Session["networkID"] = Convert.ToString("9ae44765-e9");//Changed 9ae44765-e9 of JKS from 0e8e82fa-14 of BBR if (txtNetworkID.Text.Length == 0 || txtUserName.Text.Length == 0 || txtPassword.Text.Length == 0) { lblValidateMessage.Visible = true; } else { CBSAppUtils.PrimaryConnectionString = System.Configuration.ConfigurationManager.AppSettings["ConnectionString"]; DataAccess da = new DataAccess(CBSAppUtils.PrimaryConnectionString); //Modified by kuntalkarar on 28thMay2016 for Rijndael + LOCKOUT system as COOP/WELL RecordSet rsLogin = da.ExecuteSP("up_security_Login_Encrpyt_JKS", txtNetworkID.Text, txtUserName.Text, txtPassword.Text, objEncrypt.RijndaelEncription(txtPassword.Text));// Commenetd By Rimi on 22nd July 2015 //blocked by kuntalkarar on 28thMay2016 for Rijndael //RecordSet rsLogin = da.ExecuteSP("userLogInGRH", txtNetworkID.Text, txtUserName.Text, txtPassword.Text, EncryptJKS.EncryptData(txtPassword.Text));// Added By Rimi on 22nd July 2015 //Added by kuntalkarar on 28thMay2016 for Rijndael //RecordSet rsLogin = da.ExecuteSP("userLogInGRH", txtNetworkID.Text, txtUserName.Text, txtPassword.Text, objEncrypt.RijndaelEncription(txtPassword.Text));// Added By Rimi on 22nd July 2015 /* we will have two resultsets - the first one containing the LoginStatus * and the other one containing the user details in case of successful login */ if (rsLogin.ParentDataSet != null)//Added By Rimi on 24thJuly2015 { rsLogin.ParentTable.TableName = "Users"; if (rsLogin.ParentDataSet.Tables.Count > 1) { RecordSet rsUser = new RecordSet(rsLogin.ParentDataSet, 1); for (int i = 0, j = rsUser.ColumnCount; i < j; i++) { string columnName = rsUser.Columns[i].ColumnName; Session.Add(columnName, rsUser[columnName]); } //get the user's security access information and load that into session RecordSet rsAccess = new RecordSet(rsLogin.ParentDataSet, 2); Session.Add("Access", rsAccess); // CBSAppUtils.AppUserId = (int)Session["UserID"];// Commented By Rimi on 24thJuly2015 //========================Added By Rimi on 24thJuly2015================================= if (!string.IsNullOrEmpty(Convert.ToString(Session["UserID"]))) { CBSAppUtils.AppUserId = (int)Session["UserID"]; } else { CBSAppUtils.AppUserId = 0; } //========================Added By Rimi on 24thJuly2015================================= Session["JKS"] = 0; RecordSet rsComp = da.ExecuteQuery("vUserCompany", "UserID= " + CBSAppUtils.AppUserId); if (rsComp.RecordCount > 0) { if (rsComp["ParentCompanyID"] == DBNull.Value) { iParentCompanyID = 0; } else { iParentCompanyID = Convert.ToInt32(rsComp["ParentCompanyID"]); } // iParentCompanyID = 116065; if (rsComp["CompanyName"].ToString().ToLower().Trim() == "JKS" || iParentCompanyID == 116065) { Session["CompanyID"] = Convert.ToInt32(rsComp["CompanyID"]); // Session["CompanyID"] = 116065; Session["JKS"] = 1; } if (rsComp["ParentCompanyID"] == DBNull.Value) { Session["ParentCompanyID"] = 0; } else { Session["ParentCompanyID"] = Convert.ToInt32(rsComp["ParentCompanyID"]); } if (rsComp["UserTypeID"] == DBNull.Value) { Session["UserTypeID"] = 1; } else { Session["UserTypeID"] = Convert.ToInt32(rsComp["UserTypeID"]); } if (iSession == 0) { // Added By Mrinal on 30th December 2013 if (Session["UserTypeID"] != null) { int utid = Convert.ToInt32(Session["UserTypeID"]); if (utid == 3) { Session.Timeout = 300; iSession = 1; } else { Session.Timeout = 300; } } } if (rsComp["CompanyTypeID"] != DBNull.Value) { Session["CompanyID"] = Convert.ToInt32(rsComp["CompanyID"]); // Session["CompanyID"] = 116065; Session["CompanyTypeID"] = Convert.ToInt32(rsComp["CompanyTypeID"]); } else { Session["CompanyTypeID"] = 0; } if (rsComp["New_UserGroup"] != DBNull.Value) { Session["UserGroupCode"] = rsComp["New_UserGroup"]; } } da.CloseConnection(); if (Convert.ToInt32(Session["UserID"]) != 0)//========================Added By Rimi on 24thJuly2015================================= { if (objUser.CheckFirstLogin(Convert.ToInt32(Session["UserID"]))) { if (Convert.ToInt32(Session["UserTypeID"]) == 11) { Response.Redirect(ConfigurationManager.AppSettings["CMS_JKS"].Trim()); } else { Response.Redirect(ConfigurationManager.AppSettings["UserMainPage_JKS"].Trim()); } } else { Response.Redirect(ConfigurationManager.AppSettings["FirstLoginPage_JKS"].Trim()); } } //========================Added By Rimi on 24thJuly2015================================= else { lblValidateMessage.Visible = true; } //========================Added By Rimi on 24thJuly2015================================= } else { //login failed! to inspect what went wrong, we need //to extract information from the first table inside //the rsLogin, but we don't need to do that now. //blocked by kuntalkarar on 30thMay2016 //lblValidateMessage.Visible = true; //addedby kuntalkarar on 30thMay2016 for lockout msg after 6 failed log in DataSet ds = new DataSet(); DataTable dtnew = new DataTable(); SqlConnection sqlConn = new SqlConnection(CBSAppUtils.PrimaryConnectionString); SqlDataAdapter sqlDA = new SqlDataAdapter("CheckFailedLogIn", sqlConn); sqlDA.SelectCommand.CommandType = CommandType.StoredProcedure; sqlDA.SelectCommand.Parameters.Add("@username", Convert.ToString(txtUserName.Text)); sqlDA.SelectCommand.Parameters.Add("@networkId", Convert.ToString(txtNetworkID.Text)); sqlConn.Open(); sqlDA.Fill(dtnew); if (dtnew.Rows.Count > 0) { iLogStatusCount = Convert.ToInt32(dtnew.Rows[0]["lockout"].ToString()); sqlConn.Close(); if (iLogStatusCount >= 6) { //string sScript = "<SCRIPT language='javascript'>alert('Your account has been locked out following 3 successive failed log-ins. Please contact your business nominated IS Helpdesk and request a password reset'); </SCRIPT>"; //Page.RegisterStartupScript("Focus",sScript); Page.RegisterStartupScript("Reg", "<script>LoginFailureMessage();</script>"); } else { lblValidateMessage.Visible = true; } } else { lblValidateMessage.Visible = true; } //addition ends by kuntalkarar on 2ndJune2016 for lockout msg after 6 failed log in } //========================Added By Rimi on 24thJuly2015================================= } else { lblValidateMessage.Visible = true; } //========================Added By Rimi on 24thJuly2015================================= } } cnt += 1; } }
protected void btnSubmit_Click(object sender, EventArgs e) { //added by kuntal karar on 26thMay 2016to make user force to change password JKS.Users objUsers = new JKS.Users(); string strResetAnswer = string.Empty; if (txtResetQuestionAnswer.Text.Trim().Length == 0) { this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Please enter Answer.'); </script>"); return; } else { // Salting Password Needed SimpleHash objSimpleHash = new SimpleHash(); string salt = ConfigurationManager.AppSettings["SaltingKey"].Trim().ToString(); strResetAnswer = objSimpleHash.ComputeHash(txtResetQuestionAnswer.Text.Trim().ToString().ToUpper(), "SHA1", System.Text.Encoding.ASCII.GetBytes(salt)); // strResetAnswer=txtResetQuestionAnswer.Text.Trim().ToString().ToUpper(); } int UserID = 0; if (Request.QueryString["UserID"] != null) { UserID = Convert.ToInt32(Request.QueryString["UserID"]); } int iReturnValue = 0; //blocked by kuntalkarar on 26thMay2016 // List<PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, txtResetQuestionAnswer.Text);//strResetAnswer //added by kuntalkarar on 26thMay2016 List <PasswordReset> lstSaltedPassword = objPasswordReset.checkSaltedPassword(UserID, strResetAnswer); if (lstSaltedPassword.Count > 0) { iReturnValue = lstSaltedPassword[0].iReturnValue; } if (iReturnValue == 1) { string strPassword = Guid.NewGuid().ToString().Substring(0, 8); int strDbUserID = Convert.ToInt32(Request.QueryString["UserID"]); ChangePassword(strDbUserID, strPassword); // Change Password Section int iReturnVal = 0; //blocked by kuntal karar on 28thMay 2016 for RijnDael encryption. //iReturnVal = ForgotChangePassword(strDbUserID, EncryptJKS.EncryptData(strPassword)); //Added by kuntal karar on 28thMay 2016 for RijnDael encryption. iReturnVal = ForgotChangePassword(strDbUserID, objEncrypt.RijndaelEncription(strPassword)); if (iReturnVal == -101) { this.RegisterClientScriptBlock("clientScript", "<script language=javascript>alert('Error Changing Password.'); </script>"); return; } else { //added by kuntal karar on 26thMay 2016 to make user force to change password objUsers.PasswordChangeRequired(strDbUserID); } string Email = FetchUserEmail(strDbUserID); SendMailInfo(strDbUserID, Email, strPassword); Response.Redirect("JKSSecurityIntermediate.aspx"); // need to create this page.. } else if (iReturnValue == -501) { Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-501);</script>"); return; } else if (iReturnValue == -500) { Page.RegisterStartupScript("Reg", "<script>PopulateMessage(-500);</script>"); return; } }