protected void btnSendPass_Click(object sender, EventArgs e) { string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255); //string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255).Replace("_", ""); string strPIN = strSafeSqlLiteral(userPIN.Text.ToString(), 4); if ((strUser == "") || (strPIN.Length != 4)) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "E-Mail and PIN are required!"; return; } if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b"))) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "Invalid User."; return; } string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim(); if (strIPAddress.Length > 20) { strIPAddress = strIPAddress.Substring(0, 20); } DataSet ds1 = new DataSet(); StringBuilder strCmd = new StringBuilder(); strCmd.Append("SELECT * "); strCmd.Append("FROM TMHUsers "); strCmd.Append("WHERE [UserName] ='" + strUser + "' AND [PIN] = '" + strPIN + "'"); db1.mv_OpenConnection2(strIPAddress); ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser"); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql execution if (ds1 == null) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "Your email and PIN do not match or not found!"; return; } if (ds1.Tables["tblUser"].Rows.Count == 0) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "No user account found, or PIN number not matched with our file, Please try again."; return; } if (strUser.IndexOf("@") > 0) { string strNewPass = getRandomPassword(); SmtpClient sc = new SmtpClient(Properties.Settings.Default.SMTP_Server); MailMessage mm = new MailMessage("*****@*****.**", strUser); mm.Subject = "San Diego Sheriff TMH Self-Registry Account Information."; mm.Body = "This email was auto-generated, please do not reply to this email message. "; mm.Body = mm.Body + (char)13 + (char)12; mm.Body = mm.Body + "Your Take Me Home Self-Registry password has been reset. Your new password is: " + strNewPass + (char)13 + (char)12; mm.Body = mm.Body + "This password will allow you to login and then require you to set a new password. "; mm.Body = mm.Body + "Login at: " + Properties.Settings.Default.TMHUrl; mm.Body = mm.Body + (char)13 + (char)12; mm.Body = mm.Body + "Copy and paste the password from this email into the login form. "; mm.Body = mm.Body + "You will then be asked to change your password and you should paste the "; mm.Body = mm.Body + "same password from this email in the old password field. "; mm.Body = mm.Body + "You can pick a new password and enter it into the new password and confirm fields. "; mm.Body = mm.Body + "" + (char)13 + (char)12; mm.Body = mm.Body + "The new password you choose cannot repeat a previous password, cannot be any part of your lastname, firstname, userid, "; mm.Body = mm.Body + "must be at least 8 characters long, contain at least 1 numeric, 1 uppercase letter "; mm.Body = mm.Body + "and 1 lowercase letter. " + (char)13 + (char)12; sc.Send(mm); SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto(); string sPassEnc = SDSheriffCrypto1.Encrypt(strNewPass); //string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString(); try { // reset user password with the random generated password StringBuilder strCmd2 = new StringBuilder(); strCmd2.Append("UPDATE TMHUsers SET [PassWord] = " + "'" + sPassEnc + "', "); strCmd2.Append("[LastActivityDate] = GETDATE(), [Status] = 'X', "); strCmd2.Append("[IP] = '" + strIPAddress + "' "); strCmd2.Append("WHERE [UserName] = '" + strUser + "' AND [PIN] = '" + strPIN + "'"); db1.mv_OpenConnection2(strIPAddress); db1.mv_InsertOrUpdate(strCmd2.ToString()); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql command execution } catch (Exception ex) { string strErr = ex.Message.ToString(); //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "Error Occurred, new password not set or emailed to you!"; return; } msgVal.Attributes["class"] = "alert alert-success"; lblMsg.Text = "Your password has been reset and the new password has been emailed to your email address on file."; } else { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "The confirmation code does not match our records. Please contact your administrator."; } }
protected void btnLogin_Click(object sender, EventArgs e) { lblMsg.Text = ""; string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255); string strPass = strSafeSqlLiteral(userpassword.Text.ToString(), 127); if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b"))) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-100, Invalid User."; return; } if ((strPass.Length < 8) || (strUser.Length < 5)) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-110, No user account found, or bad password."; return; } string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim(); if (strIPAddress.Length > 20) { strIPAddress = strIPAddress.Substring(0, 20); } SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto(); string sPassEnc = SDSheriffCrypto1.Encrypt(strPass); string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString(); //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working"; //else lblMsg.Text = "Success"; DataSet ds1 = new DataSet(); StringBuilder strCmd = new StringBuilder(); strCmd.Append("SELECT * "); strCmd.Append("FROM TMHUsers "); strCmd.Append("WHERE UserName ='******' AND PassWord = '******' AND STATUS in ('A', 'X')"); db1.mv_OpenConnection2(strIPAddress); ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser"); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql cmd execution if (ds1 == null) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-120, Error Occurred - (1) Database Error"; return; } if (ds1.Tables["tblUser"].Rows.Count == 0) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-130, Bad user account or password!"; return; } if (ds1.Tables["tblUser"].Rows.Count > 1) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-140, Multiple user accounts found - Error."; return; } HttpContext.Current.Session["TMHPasswordAccess"] = "Yes"; HttpContext.Current.Session["TMHUser"] = strUser; // need internal user id saved in the session variable for inserting new TMH cases for the user HttpContext.Current.Session["TMHUserId"] = ds1.Tables["tblUser"].Rows[0]["UserId"].ToString().Trim(); HttpContext.Current.Session["TMHUserPIN"] = ds1.Tables["tblUser"].Rows[0]["PIN"].ToString().Trim(); try { // reset user IP address with the current IP address StringBuilder strCmd2 = new StringBuilder(); strCmd2.Append("UPDATE TMHUsers SET [IP] = '" + strIPAddress + "', "); strCmd2.Append("[LastActivityDate] = GETDATE() "); strCmd2.Append("WHERE [UserName] = '" + strUser + "'"); db1.mv_OpenConnection2(strIPAddress); db1.mv_InsertOrUpdate(strCmd2.ToString()); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql command execution } catch (Exception ex) { string strErr = ex.Message.ToString(); //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-150, Login Error, Take Me Home is not available at this time, Please try later."; return; } string strUserStatus = ds1.Tables["tblUser"].Rows[0]["Status"].ToString().Trim(); if (userremember.Checked) { HttpCookie LoginCookie = new HttpCookie("TMHUserId"); LoginCookie.Values.Add("UserName", useremail.Text.ToString().Trim()); LoginCookie.Expires = DateTime.Now.AddYears(100); Response.Cookies.Add(LoginCookie); } // Create the forms authetication ticket FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, useremail.Text, DateTime.Now , DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath); string encryptedTicket = FormsAuthentication.Encrypt(authTicket); // Create a cookie and add the encrypted ticket to the cookie as data. HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); // Add the cookie to the outgoing cookies collection. Response.Cookies.Add(authCookie); if (Request.QueryString["ReturnUrl"] != null) { FormsAuthentication.RedirectFromLoginPage(useremail.Text, false); //Response.Redirect("default.aspx"); } if (strUserStatus == "X") { Server.Transfer("ChangePass.aspx"); } else { Server.Transfer("default.aspx"); } }
//---------------------------- Method --------------------------------------- protected void btnChangePass_Click(object sender, EventArgs e) { lblMsg.Text = ""; string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255); string strPassOld = strSafeSqlLiteral(userpasswordOld.Text.ToString(), 127); string strPassNew = strSafeSqlLiteral(userpasswordNew.Text.ToString(), 127); string strPassNewC = strSafeSqlLiteral(userpasswordNewC.Text.ToString(), 127); if (!IsComplexPassword(strPassNew)) { // at least change the message and write to app event log //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-300, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long."; return; } if (strPassNew.Length < 8) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-310, Error: New password length is less than 8 characters long, Please try again."; return; } if (strPassNew != strPassNewC) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-320, Error: New password and confirm password do not match, Please try again."; return; } string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim(); if (strIPAddress.Length > 20) { strIPAddress = strIPAddress.Substring(0, 20); } SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto(); string sPassEncOld = SDSheriffCrypto1.Encrypt(strPassOld); string sPassDecOld = SDSheriffCrypto1.Decrypt(sPassEncOld).ToString(); //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working"; //else lblMsg.Text = "Success"; DataSet ds1 = new DataSet(); StringBuilder strCmd = new StringBuilder(); strCmd.Append("SELECT * "); strCmd.Append("FROM TMHUsers "); strCmd.Append("WHERE [UserName] ='" + strUser + "' AND [PassWord] = '" + sPassEncOld + "' AND STATUS in ('A', 'X')"); db1.mv_OpenConnection2(strIPAddress); ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser"); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql execution if (ds1 == null) { msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-330, Error: Database Error"; return; } if (ds1.Tables["tblUser"].Rows.Count == 0) { msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-340, Error: No user account found, or old password bad, Please try again."; return; } string sPassEncNew = SDSheriffCrypto1.Encrypt(strPassNew); try { // change user password with the new password selected by the user StringBuilder strCmd2 = new StringBuilder(); strCmd2.Append("UPDATE TMHUsers SET [PassWord] = " + "'" + sPassEncNew + "', "); strCmd2.Append("[LastActivityDate] = GETDATE(), [Status] = 'A', "); strCmd2.Append("[IP] = '" + strIPAddress + "' "); strCmd2.Append("WHERE [UserName] = '" + strUser + "' AND [PassWord] = '" + sPassEncOld + "'"); db1.mv_OpenConnection2(strIPAddress); db1.mv_InsertOrUpdate(strCmd2.ToString()); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql command execution } catch (Exception ex) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; string strErr = ex.Message.ToString(); lblMsg.Text = "TMHSelf-350, Error: Your Password was not changed!"; return; } //lblMsg.ForeColor = System.Drawing.Color.Black; msgVal.Attributes["class"] = "alert alert-success"; lblMsg.Text = "Your password has been changed."; pnlChangePass.Visible = false; pnlindexPage.Visible = true; }
//---------------------------- Method --------------------------------------- protected void btnAddUser_Click(object sender, EventArgs e) { lblMsg.Text = ""; string strUser = strSafeSqlLiteral(useremail.Text.ToString().Trim(), 255); string strpin = strSafeSqlLiteral(userpin.Text.ToString().Trim(), 4); string strPass = strSafeSqlLiteral(userpassword.Text.ToString().Trim(), 127); string strPassC = strSafeSqlLiteral(userpasswordC.Text.ToString().Trim(), 127); if (!IsValidPIN(strpin)) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-200, Error: Invalid PIN, 4 digits please!"; return; } if (!IsComplexPassword(strPass)) { // at least change the message and write to app event log //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-210, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long."; return; } if ((strPass != strPassC) || (strPass == "") || (strPass.Length < 8) || (strpin.Length != 4) || (strUser.Length < 5)) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-220, Error: Required fields are missing, or Password and Password Confirmation do not match, or bad PIN, try again!"; return; } if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b"))) { //lblMsg.ForeColor = System.Drawing.Color.Red; msgVal.Attributes["class"] = "alert alert-danger"; lblMsg.Text = "TMHSelf-230, Error: Invalid User."; return; } string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim(); if (strIPAddress.Length > 20) { strIPAddress = strIPAddress.Substring(0, 20); } SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto(); string sPassEnc = SDSheriffCrypto1.Encrypt(strPass); string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString(); //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working"; //else lblMsg.Text = "Success"; DataSet ds1 = new DataSet(); StringBuilder strCmd = new StringBuilder(); strCmd.Append("SELECT * "); strCmd.Append("FROM TMHUsers "); strCmd.Append("WHERE UserName ='******'"); db1.mv_OpenConnection2(strIPAddress); ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser"); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql command execution if (ds1 == null) { lblMsg.Text = "TMHSelf-240, Error: Error Occurred - (1) Database Error"; return; } if (ds1.Tables["tblUser"].Rows.Count != 0) { lblMsg.Text = "TMHSelf-250, Error: A user account already exist for the email address you entered."; return; } else { try { // register new user account StringBuilder strCmd2 = new StringBuilder(); strCmd2.Append("INSERT INTO TMHUsers ([UserName],[PassWord],[CreatedWhen],[LastActivityDate],[Status],[PIN],[IP])"); strCmd2.Append("VALUES ('" + strUser + "','" + sPassEnc + "', GETDATE(), GETDATE(),'A','" + strpin + "','" + strIPAddress + "')"); db1.mv_OpenConnection2(strIPAddress); db1.mv_InsertOrUpdate(strCmd2.ToString()); db1.mv_CloseConnection(); // check to see if error occurred during database connection and sql command execution } catch (Exception ex) { string strErr = ex.Message.ToString(); lblMsg.Text = "TMHSelf-260, Error: Error Occurred - (1) User Account not Created."; return; } } msgVal.Attributes["class"] = "alert alert-info"; lblMsg.Text = "Your user account has been created, and you are logged in."; pnlAddUser.Visible = false; pnlindexPage.Visible = true; HttpContext.Current.Session["TMHPasswordAccess"] = "Yes"; HttpContext.Current.Session["TMHUser"] = strUser; HttpContext.Current.Session["TMHUserPIN"] = strpin; // need internal user id saved in the session variable for inserting new TMH cases for the user HttpContext.Current.Session["TMHUserId"] = strGetUserId(strUser); // Create the forms authetication ticket FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, strUser, DateTime.Now , DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath); string encryptedTicket = FormsAuthentication.Encrypt(authTicket); // Create a cookie and add the encrypted ticket to the cookie as data. HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); // Add the cookie to the outgoing cookies collection. Response.Cookies.Add(authCookie); if (Request.QueryString["ReturnUrl"] != null) { FormsAuthentication.RedirectFromLoginPage(strUser, false); //Response.Redirect("default.aspx"); } }