private SmtpClient GetClient() { string mailserver = SprocketSettings.GetValue("MailServer"); int port; int.TryParse(SprocketSettings.GetValue("MailServerPort"), out port); string useAuthentication = SprocketSettings.GetValue("MailServerAuthentication"); string authUsername = SprocketSettings.GetValue("MailServerUsername"); string authPassword = SprocketSettings.GetValue("MailServerPassword"); SmtpClient client = new SmtpClient(); if (mailserver != null) { client.Host = mailserver; } else { client.Host = "localhost"; } if (port > 0) { client.Port = port; } if (useAuthentication != null && authUsername != null && authPassword != null) { if (Utilities.MatchesAny(useAuthentication.ToLower(), "true", "yes", "1")) { client.Credentials = new NetworkCredential(authUsername, authPassword); } } return(client); }
public void LoadDefaultDatabase() { Database db = Database.Create(defaultEngine); db.ConnectionString = SprocketSettings.GetValue("ConnectionString"); Database.Add("DEFAULT", db, true); }
void Settings_OnCheckingSettings(SprocketSettings.SettingsErrors errors) { if (!IntegrationEnabled) { return; } if (TestMode) { if (SprocketSettings.GetValue("PayPalTestIdentityToken") == null) { errors.Add("PayPal", "PayPalTestMode setting has been specified, thus a value is required for PayPalTestIdentityToken. This is the PayPal-supplied identity token for use with the PayPal Sandbox development environment. See developer.paypal.com for more info."); errors.SetCriticalError(); } if (SprocketSettings.GetValue("PayPalTestAccountAddress") == null) { errors.Add("PayPal", "PayPalTestMode setting has been specified, thus a value is required for PayPalTestAccountAddress. This is a test PayPal account address for use with the PayPal Sandbox development environment. See developer.paypal.com for more info."); errors.SetCriticalError(); } } else { if (SprocketSettings.GetValue("PayPalIdentityToken") == null) { errors.Add("PayPal", "The PayPalTestMode setting is disabled and the PayPalIntegration setting is enabled, thus a value is required for PayPalIdentityToken. This is the PayPal-supplied identity token for authenticating PayPal responses. See developer.paypal.com for more info."); errors.SetCriticalError(); } if (SprocketSettings.GetValue("PayPalAccountAddress") == null) { errors.Add("PayPal", "The PayPalTestMode setting is disabled and the PayPalIntegration setting is enabled, thus a value is required for PayPalAccountAddress. This is the PayPal account address that is to receive transaction payments. See developer.paypal.com for more info."); errors.SetCriticalError(); } } }
public void LoadConnectionString(string appSettingsKeyName) { if (SprocketSettings.GetValue(appSettingsKeyName) == null) { throw new SprocketException("The application settings file does not contain a connection string for the key \"" + appSettingsKeyName + "\"."); } ConnectionString = SprocketSettings.GetValue(appSettingsKeyName); }
private string PassKeyFromPasswordHash(string passwordHash) { string startIP = HttpContext.Current.Request.UserHostAddress; startIP = startIP.Substring(0, startIP.LastIndexOf('.')); string encKey = SprocketSettings.GetValue("EncryptionKeyWord"); return(StringUtilities.HexStringFromBytes(Crypto.RC2Encrypt(passwordHash, encKey, startIP))); }
internal static string DecryptCAPTCHAKey(string encryptedCaptcha) { string key = SprocketSettings.GetValue("EncryptionKeyWord"); string vector = HttpContext.Current.Request.UserHostAddress; vector = vector.Substring(0, vector.LastIndexOf('.')); return(Crypto.RC2Decrypt(StringUtilities.BytesFromHexString(encryptedCaptcha), key, vector)); }
private string PasswordHashFromPassKey(string passKey) { string startIP = HttpContext.Current.Request.UserHostAddress; startIP = startIP.Substring(0, startIP.LastIndexOf('.')); string encKey = SprocketSettings.GetValue("EncryptionKeyWord"); if (encKey == null) { throw new Exception("Please add a kay named \"EncryptionKeyWord\" to your Web.Config file. This is a secret keyword or phrase of your choice."); } return(Crypto.RC2Decrypt(StringUtilities.BytesFromHexString(passKey), encKey, startIP)); }
void OnAdminRequest(AdminInterface admin, string sprocketPath, string[] pathSections, HandleFlag handled) { // build the "current user" block WebAuthentication auth = (WebAuthentication)Core.Instance["WebAuthentication"]; SecurityProvider.User user = SecurityProvider.User.Load(WebsiteClientID, auth.CurrentUsername); string block = "<div id=\"currentuser-block\">" + "You are currently logged in as <b>{0}</b>." + "</div>"; admin.AddLeftColumnSection(new RankedString( string.Format(block, (user.FirstName + " " + user.Surname).Trim()), -100)); admin.WebsiteName = WebsiteClient.Name; if (!CurrentUser.HasPermission(SecurityProvider.PermissionTypeCodes.UserAdministrator)) { return; } admin.AddMainMenuLink(new AdminMenuLink("Users and Roles", WebUtility.MakeFullPath("admin/security"), 0)); // build the security interface if it has been requested if (sprocketPath.StartsWith("admin/security")) { handled.Set(); int defaultMaxFilterMatches; try { defaultMaxFilterMatches = int.Parse(SprocketSettings.GetValue("WebSecurityDefaultUserFilterMatches")); } catch { defaultMaxFilterMatches = 50; } admin.AddInterfaceScript(WebControlScript.TabStrip); admin.AddInterfaceScript(WebControlScript.Fader); admin.AddInterfaceScript(WebControlScript.AjaxForm); string scr = ResourceLoader.LoadTextResource("Sprocket.Web.CMS.Security.security.js") .Replace("50,//{defaultMaxFilterMatches}", defaultMaxFilterMatches.ToString() + ",") .Replace("if(true)//{ifUserCanAccessRoleManagement}", CurrentUser.HasPermission("ROLEADMINISTRATOR") ? "" : "if(false)"); admin.AddInterfaceScript(new RankedString(scr, 0)); admin.AddBodyOnLoadScript(new RankedString("SecurityInterface.Run()", 0)); admin.ContentHeading = "Users and Roles"; SecurityProvider security = (SecurityProvider)Core.Instance["SecurityProvider"]; string html = "<div id=\"user-admin-container\"></div>"; admin.AddContentSection(new RankedString(html, 0)); admin.AddHeadSection(new RankedString("<link rel=\"stylesheet\" type=\"text/css\" href=\"" + WebUtility.MakeFullPath("resources/admin/security.css") + "\" />", 0)); } }
void OnCheckSettings(SprocketSettings.SettingsErrors errors) { if (SprocketSettings.GetValue("ConnectionString") == null) { errors.Add("DatabaseManager", "The application settings (.config) file requires a valid value for \"ConnectionString\"."); errors.SetCriticalError(); } if (SprocketSettings.GetValue("DatabaseEngine") == null) { errors.Add("DatabaseManager", "The application settings (.config) file requires a valid value for \"DatabaseEngine\"."); errors.SetCriticalError(); } if (errors.HasCriticalError) { return; } DatabaseEngine engType; try { engType = Database.ParseEngineName(SprocketSettings.GetValue("DatabaseEngine")); } catch (SprocketException) { errors.Add("DatabaseManager", "The value for \"DatabaseEngine\" is not valid."); errors.SetCriticalError(); return; } Database db = Database.Create(engType); db.ConnectionString = SprocketSettings.GetValue("ConnectionString"); string errorMessage; if (!db.TestConnectionString(out errorMessage)) { string msg = errorMessage; //if (msg.ToLower().Contains("password") // || msg.ToLower().Contains("pwd") // || msg.ToLower().Contains("pass") // || msg.ToLower().Contains("pword")) // msg = "[error message hidden because it contains password information]"; errors.Add("DatabaseManager", "The supplied connection string didn't work. The error was: " + msg); errors.SetCriticalError(); return; } defaultConnectionString = db.ConnectionString; defaultEngine = db.DatabaseEngine; }
void OnCheckingSprocketSettings(SprocketSettings.SettingsErrors errors) { string psl = SprocketSettings.GetValue("PreventSimultaneousLogins"); if (psl == null) { errors.Add(this, "The Web.config file is missing a value for \"PreventSimultaneousLogins\". The value should be \"True\" or \"False\"."); errors.SetCriticalError(); return; } if (psl.ToLower() != "true" && psl.ToLower() != "false") { errors.Add(this, "The Web.config file value for \"PreventSimultaneousLogins\" is invalid. The value should be \"True\" or \"False\"."); errors.SetCriticalError(); return; } }
public static SprocketFile Upload(HttpPostedFile upload, Guid?clientID, Guid?ownerID, Guid?parentFileID, string sprocketPath, string categoryCode, string moduleRegCode, string description) { if (upload.ContentLength > int.Parse(SprocketSettings.GetValue("FileManagerMaxUploadSizeBytes"))) { return(null); } SprocketFile file = new SprocketFile(); file.sprocketFileID = Guid.NewGuid(); file.clientID = clientID; file.ownerID = ownerID; file.parentFileID = parentFileID; file.sprocketPath = (sprocketPath.Trim('/') + "/" + Path.GetFileName(upload.FileName)).Trim('/'); file.categoryCode = categoryCode; file.moduleRegCode = moduleRegCode; file.description = description; file.contentType = upload.ContentType; file.uploadDate = DateTime.Now; file.FileTypeExtension = Path.GetExtension(upload.FileName); upload.SaveAs(file.PhysicalPath); if (Database.Main.IsTransactionActive) { file.Save(); } else { Database.Main.BeginTransaction(); try { file.Save(); } catch (Exception ex) { Database.Main.RollbackTransaction(); file.EnsureFileDeleted(); throw ex; } Database.Main.CommitTransaction(); } return(file); }
void OnAdminRequest(AdminInterface admin, PageEntry page, HandleFlag handled) { // build the "current user" block User user = User.Select(SecurityProvider.ClientSpaceID, WebAuthentication.Instance.CurrentUsername); string block = "<div id=\"currentuser-block\">" + "You are currently logged in as <b>{0}</b>." + "</div>"; admin.AddLeftColumnSection(new AdminSection( string.Format(block, (user.FirstName + " " + user.Surname).Trim()), ObjectRank.First)); if (!WebAuthentication.VerifyAccess(PermissionType.UserAdministrator)) { return; } admin.AddMainMenuLink(new AdminMenuLink("Users and Roles", WebUtility.MakeFullPath("admin/security"), ObjectRank.Normal)); // build the security interface if it has been requested if (SprocketPath.Value.StartsWith("admin/security")) { //handled.Set(); int defaultMaxFilterMatches; try { defaultMaxFilterMatches = int.Parse(SprocketSettings.GetValue("WebSecurityDefaultUserFilterMatches")); } catch { defaultMaxFilterMatches = 50; } admin.AddInterfaceScript(WebControlScript.TabStrip); admin.AddInterfaceScript(WebControlScript.Fader); admin.AddInterfaceScript(WebControlScript.AjaxForm); string scr = ResourceLoader.LoadTextResource("Sprocket.Security.CMS.security.js") .Replace("50,//{defaultMaxFilterMatches}", defaultMaxFilterMatches.ToString() + ",") .Replace("if(true)//{ifUserCanAccessRoleManagement}", WebAuthentication.VerifyAccess(PermissionType.RoleAdministrator) ? "" : "if(false)"); admin.AddInterfaceScript(new AdminSection(scr, 0)); admin.AddBodyOnLoadScript(new AdminSection("SecurityInterface.Run()", 0)); string html = "<div id=\"user-admin-container\"></div>"; admin.AddPreContentSection(new AdminSection(html, 0)); admin.AddHeadSection(new AdminSection("<link rel=\"stylesheet\" type=\"text/css\" href=\"" + WebUtility.MakeFullPath("resources/admin/security.css") + "\" />", 0)); } }
void Core_OnInitialise(Dictionary <Type, List <Type> > interfaceImplementations) { // need to check web.config to see which database registration name to use // instantiate that Type, if found, or throw an error // raise a notification event specifying the ISqlDatabase object we're using // add an event to this module OnCheckDatabaseStructure, which will eliminate the need for IDataHandlerModule if (interfaceImplementations.ContainsKey(typeof(IDatabaseHandler))) { string databaseEngine = SprocketSettings.GetValue("DatabaseEngine"); if (databaseEngine == null) { return; } foreach (Type t in interfaceImplementations[typeof(IDatabaseHandler)]) { if (t.Name == databaseEngine) { dbHandler = (IDatabaseHandler)Activator.CreateInstance(t); Result result = dbHandler.CheckConfiguration(); if (!result.Succeeded) { SprocketSettings.Errors.Add(this, result.Message); SprocketSettings.Errors.SetCriticalError(); return; } if (OnDatabaseHandlerLoaded != null) { OnDatabaseHandlerLoaded(dbHandler); } return; } } List <string> list = new List <string>(); foreach (Type t in interfaceImplementations[typeof(IDatabaseHandler)]) { list.Add(t.Name); } SprocketSettings.Errors.Add(this, "The application settings (.config) file requires a valid value for \"DatabaseEngine\"."); SprocketSettings.Errors.Add(this, "Current valid values for DatabaseEngine are: " + StringUtilities.CommaJoin(list)); SprocketSettings.Errors.SetCriticalError(); } }
public Result CheckConfiguration() { connectionString = SprocketSettings.GetValue("ConnectionString"); if (connectionString == null) { return(new Result("No value exists in Web.config for ConnectionString. SqlServer2005Database requires a valid connection string.")); } try { SqlConnection conn = new SqlConnection(connectionString); conn.Open(); conn.Close(); conn.Dispose(); } catch (Exception ex) { return(new Result("The ConnectionString value was unable to be used to open the database. The error was: " + ex.Message)); } return(new Result()); }
public static string EncryptNewCAPTCHAKey() { Random r = new Random(); int n1 = Convert.ToInt32('a'); int n2 = Convert.ToInt32('z') + 1; string str = ""; while (str == "" || Instance.expiredCaptchaKeys.Contains(str)) { str = ""; while (str.Length < 6) { str += Convert.ToChar(r.Next(n1, n2)); } } string key = SprocketSettings.GetValue("EncryptionKeyWord"); string vector = HttpContext.Current.Request.UserHostAddress; vector = vector.Substring(0, vector.LastIndexOf('.')); return(StringUtilities.HexStringFromBytes(Crypto.RC2Encrypt(str.ToUpper(), key, vector))); }
/// <summary> /// Sprocket calls this method in response to ASP.Net's AcquireRequestState event. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> internal void FireAcquireRequestState(object sender, EventArgs e) { if (OnRequestStateLoaded != null) // as always, let the other modules know where we are... { OnRequestStateLoaded(); } if (HttpContext.Current.Request.Form != null) { if (HttpContext.Current.Request.Form.Count > 0) { foreach (FormPostAction action in formPostActions) { if (action.PostFromPath != null) { if (action.PostFromPath != SprocketPath.ExtractSprocketPath(HttpContext.Current.Request.UrlReferrer.ToString())) { continue; } } if (action.PostToPath != null) { if (action.PostToPath.ToLower() != SprocketPath.Value) { continue; } } if (action.FieldName != null) { string s = HttpContext.Current.Request.Form[action.FieldName]; if (s == null) { continue; } if (action.FieldValue != null) { if (s != action.FieldValue) { continue; } } } action.PostHandler(); } } } // this is our flag so that request event handlers can let us know if they handled this request. HandleFlag flag = new HandleFlag(); if (OnLoadRequestedPath != null) { OnLoadRequestedPath(flag); if (flag.Handled) { // stop the browser from caching the page // HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache); if (OnRequestedPathProcessed != null) { OnRequestedPathProcessed(); } // if one of the modules handled the request event, then we can stop // doing stuff now. The OnEndRequest event will still be called though. HttpContext.Current.Response.End(); return; } } // if we've reached this point and none of our modules have volunteered to handle // the request, we can check to see if the requested path actually exists (gasp!) // and if so, serve up that file! This is handy if we insist on using the Standard // ASP.Net Page framework (yuck) or want to serve up other things like plain html // files. if (!flag.Handled && File.Exists(HttpContext.Current.Request.PhysicalPath)) { // here we provide a last chance opportunity to alter the response before the // file is served. if (OnBeforeLoadExistingFile != null) { OnBeforeLoadExistingFile(flag); if (flag.Handled) { HttpContext.Current.Response.End(); return; } } HttpContext.Current.RewritePath(HttpContext.Current.Request.Path); return; } // at this point we know that no file matching the exists, so we can check to see // if a directory of the specified name exists. If it does, we can see if there are // any default pages inside the folder that should execute. This requires the a key // to be configured for appSettings in the Web.config file: // <add key="DefaultPageFilenames" value="default.aspx,default.asp,default.htm,index.htm" /> if (Directory.Exists(HttpContext.Current.Request.PhysicalPath)) { string dpgstr = SprocketSettings.GetValue("DefaultPageFilenames"); if (dpgstr != null) { string[] pgarr = dpgstr.Split(','); foreach (string pgname in pgarr) { string pgpath = "/" + HttpContext.Current.Request.Path.Trim('/') + "/" + pgname; string physpath = HttpContext.Current.Request.PhysicalPath + "\\" + pgname; if (File.Exists(physpath)) { HttpContext.Current.Response.Redirect(pgpath); return; } } } } // if we've reached this point and still havent found anything that wants to handle // the current request, we offer up a final chance to respond to this fact... if (OnPathNotFound != null) { OnPathNotFound(flag); if (flag.Handled) { if (OnRequestedPathProcessed != null) { OnRequestedPathProcessed(); } HttpContext.Current.Response.End(); return; } } // if we got this far, sorry folks, but you're about to get a boring ASP.Net 404 page. }
void WebEvents_OnLoadRequestedPath(HandleFlag handled) { if (handled.Handled) { return; } if (!IsAdminRequest) { return; } PageEntry page = pages.FromPath(SprocketPath.Value); if (page == null) { return; } KeyValuePair <string, object>[] vars; if (!SprocketPath.StartsWith("admin", "login")) { if (!WebAuthentication.VerifyAccess(PermissionType.AccessAdminArea)) { WebUtility.Redirect("admin/login"); return; } AdminInterface admin = new AdminInterface(); WebClientScripts scripts = WebClientScripts.Instance; admin.AddMainMenuLink(new AdminMenuLink("Website Home", WebUtility.MakeFullPath(""), ObjectRank.Last, "website_home")); admin.AddMainMenuLink(new AdminMenuLink("Overview", WebUtility.MakeFullPath("admin"), ObjectRank.First, "website_overview")); admin.AddMainMenuLink(new AdminMenuLink("Log Out", WebUtility.MakeFullPath("admin/logout"), ObjectRank.Last, "log_out")); admin.AddFooterLink(new AdminMenuLink("Log Out", WebUtility.MakeFullPath("admin/logout"), ObjectRank.Early)); admin.AddFooterLink(new AdminMenuLink("© 2005-" + DateTime.UtcNow.Year + " " + SprocketSettings.GetValue("WebsiteName"), "", ObjectRank.Late)); admin.AddFooterLink(new AdminMenuLink("Powered by Sprocket", "http://www.sprocketcms.com", ObjectRank.Last)); admin.AddHeadSection(new AdminSection(scripts.BuildStandardScriptsBlock(), ObjectRank.Late)); admin.WebsiteName = GetWebsiteName(); if (OnLoadAdminPage != null) { OnLoadAdminPage(admin, page, handled); if (handled.Handled) { return; } } vars = admin.GetScriptVariables(); } else { vars = new KeyValuePair <string, object> [1]; vars[0] = new KeyValuePair <string, object>("_admin_websitename", GetWebsiteName()); } ContentManager.RequestedPage = page; if (pagePreProcessors.ContainsKey(page.PageCode)) { foreach (PagePreprocessorHandler method in pagePreProcessors[page.PageCode]) { method(page); } } string txt = page.Render(vars); Response.ContentType = page.ContentType; Response.Write(txt); handled.Set(); }
private static string _ppsetting(string suffix) { return(SprocketSettings.GetValue((TestMode ? "PayPalTest" : "PayPal") + suffix)); }
/// <summary> /// Sprocket calls this method in response to ASP.Net's AcquireRequestState event. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> internal void FireAcquireRequestState(object sender, EventArgs e) { if (OnRequestStateLoaded != null) // as always, let the other modules know where we are... { OnRequestStateLoaded((HttpApplication)sender); } HttpContext pg = HttpContext.Current; // The SprocketPath refers to the bit after the application base path and before the // querystring, minus any leading and trailing forward-slashes. (/) For example if the // full URL is "http://www.sprocketcms.com/myapp/admin/users/?edit" and the subdirectory // "myapp" is a virtual directory (IIS application) then the SprocketPath would be // "admin/users". string sprocketPath = null; string appPath = pg.Request.Path.ToLower(); // check to see if there's a trailing slash and if there isn't, redirect to stick a trailing // slash onto the path. This is to keep pathing consistent because otherwise relative paths // (such as to images and css files) aren't pathed as expected. We DON'T do this if a form // has been posted however, because otherwise we lose the contents of the posted form. It is // assumed that if you forget to post to a path with a trailing slash, that once you finish // processing the form that you'll redirect off to a secondary page anyway, which means // sticking a slash on the end of this URL is unnecessary anyway. if (!appPath.EndsWith("/") && !appPath.Contains(".") && HttpContext.Current.Request.Form.Count == 0) { pg.Response.Redirect(appPath + "/"); pg.Response.End(); return; } // changes (e.g.) "http://www.sprocketcms.com/myapp/admin/users/?edit" into "admin/users" sprocketPath = appPath.Remove(0, pg.Request.ApplicationPath.Length).Trim('/'); // split up the path sections to make things even easier for request event handlers string[] pathSections = sprocketPath.Split('/'); // this is our flag so that request event handlers can let us know if they handled this request. HandleFlag flag = new HandleFlag(); if (OnLoadRequestedPath != null) { OnLoadRequestedPath((HttpApplication)sender, sprocketPath, pathSections, flag); if (flag.Handled) { // stop the browser from caching the page // HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache); // if one of the modules handled the request event, then we can stop // doing stuff now. The OnEndRequest event will still be called though. pg.Response.End(); return; } } // if we've reached this point and none of our modules have volunteered to handle // the request, we can check to see if the requested path actually exists (gasp!) // and if so, serve up that file! This is handy if we insist on using the Standard // ASP.Net Page framework (yuck) or want to serve up other things like plain html // files. if (!flag.Handled && File.Exists(pg.Request.PhysicalPath)) { // here we provide a last chance opportunity to alter the response before the // file is served. if (OnBeforeLoadExistingFile != null) { OnBeforeLoadExistingFile((HttpApplication)sender, sprocketPath, pathSections, flag); if (flag.Handled) { pg.Response.End(); return; } } HttpContext.Current.RewritePath(pg.Request.Path); return; } // at this point we know that no file matching the exists, so we can check to see // if a directory of the specified name exists. If it does, we can see if there are // any default pages inside the folder that should execute. This requires the a key // to be configured for appSettings in the Web.config file: // <add key="DefaultPageFilenames" value="default.aspx,default.asp,default.htm,index.htm" /> if (Directory.Exists(pg.Request.PhysicalPath)) { string dpgstr = SprocketSettings.GetValue("DefaultPageFilenames"); if (dpgstr != null) { string[] pgarr = dpgstr.Split(','); foreach (string pgname in pgarr) { string pgpath = "/" + pg.Request.Path.Trim('/') + "/" + pgname; string physpath = pg.Request.PhysicalPath + "\\" + pgname; if (File.Exists(physpath)) { HttpContext.Current.Response.Redirect(pgpath); return; } } } } // if we've reached this point and still havent found anything that wants to handle // the current request, we offer up a final chance to respond to this fact... if (OnPathNotFound != null) { OnPathNotFound((HttpApplication)sender, sprocketPath, pathSections, flag); if (flag.Handled) { pg.Response.End(); return; } } // if we got this far, sorry folks, but you're about to get a boring ASP.Net 404 page. }
void OnLoadRequestedPath(HttpApplication app, string path, string[] pathSections, HandleFlag handled) { if (pathSections.Length == 0) { return; } if (pathSections[0] != "admin") { return; } bool processed = false; string lastchunk = pathSections[pathSections.Length - 1]; switch (lastchunk) { case "admin.css": HttpContext.Current.Response.TransmitFile("~/resources/admin/admin.css"); HttpContext.Current.Response.ContentType = "text/css"; processed = true; break; default: WebAuthentication auth = WebAuthentication.Instance; HttpResponse Response = HttpContext.Current.Response; HttpServerUtility Server = HttpContext.Current.Server; switch (path) { case "admin/login": ShowLoginScreen(); processed = true; break; case "admin/logout": auth.ClearAuthenticationCookie(); Response.Redirect(WebUtility.MakeFullPath("admin/login")); processed = true; break; case "admin/login/process": if (auth.ProcessLoginForm("SprocketUsername", "SprocketPassword", "SprocketPreserveLogin")) { Response.Redirect(WebUtility.MakeFullPath("admin")); } else { ShowLoginScreen("Invalid Username and/or Password."); } processed = true; break; default: if (!auth.IsLoggedIn) { GotoLoginScreen(); processed = true; } else if (OnCMSAdminAuthenticationSuccess != null) { Result result = new Result(); OnCMSAdminAuthenticationSuccess(auth.CurrentUsername, result); if (!result.Succeeded) { ShowLoginScreen(result.Message); processed = true; } } break; } break; } if (processed) { handled.Set(); return; } if (OnAdminRequest != null) { AdminInterface admin = new AdminInterface(); OnAdminRequest(admin, path, pathSections, handled); if (handled.Handled) { WebClientScripts scripts = WebClientScripts.Instance; admin.AddMainMenuLink(new AdminMenuLink("Current Overview", WebUtility.MakeFullPath("admin"), -100)); admin.AddMainMenuLink(new AdminMenuLink("Log Out", WebUtility.MakeFullPath("admin/logout"), 100)); admin.AddFooterLink(new AdminMenuLink("© 2005-" + DateTime.Now.Year + " " + SprocketSettings.GetValue("WebsiteName"), "", 100)); string powered = SprocketSettings.GetValue("ShowPoweredBySprocket"); if (powered != null) { if (StringUtilities.MatchesAny(powered.ToLower(), "true", "yes")) { admin.AddFooterLink(new AdminMenuLink("Powered by Sprocket", "http://www.sprocketcms.com", 1000)); } } admin.AddHeadSection(new RankedString(scripts.BuildStandardScriptsBlock(), 1)); HttpContext.Current.Response.Write(admin.Render(path)); } } }