public static string ResetPassword(string sUserID) { dataAccess dc = new dataAccess(); acUI.acUI ui = new acUI.acUI(); acUI.AppGlobals ag = new acUI.AppGlobals(); string sSQL = null; string sErr = null; //get the details of this user sSQL = "select u.username, u.full_name, u.email, u.authentication_type" + " from users u " + " where u.user_id = '" + sUserID + "'"; DataRow dr = null; if (!dc.sqlGetDataRow(ref dr, sSQL, ref sErr)) { throw new Exception(sErr); } if (dr != null) { if (!string.IsNullOrEmpty(dr["email"].ToString())) { string sEmail = dr["email"].ToString(); string sNewPassword = dc.GenerateNewPassword(); sSQL = "update users set user_password = '******' where user_id = '" + sUserID + "'"; if (!dc.sqlExecuteUpdate(sSQL, ref sErr)) { throw new Exception(sErr); } // add security log ui.WriteObjectAddLog(Globals.acObjectTypes.User, sUserID, sUserID, "Password Reset"); //email out the password string sBody = ""; if (!dc.sqlGetSingleString(ref sBody, "select new_user_email_message from login_security_settings where id = 1", ref sErr)) { throw new Exception(sErr); } //default message if undefined in the table if (string.IsNullOrEmpty(sBody)) { sBody = dr["full_name"].ToString() + " - your password has been reset by an Administrator." + Environment.NewLine + Environment.NewLine + "Your temporary password is: " + sNewPassword + "." + Environment.NewLine; } //replace our special tokens with the values sBody = sBody.Replace("##FULLNAME##", dr["full_name"].ToString()).Replace("##USERNAME##", dr["username"].ToString()).Replace("##PASSWORD##", sNewPassword); if (!ui.SendEmailMessage(sEmail.Trim(), ag.APP_COMPANYNAME + " Account Management", "Account Action in " + ag.APP_NAME, sBody, ref sErr)) { throw new Exception(sErr); } } else { return("Unable to reset - user does not have an email address defined."); } } return(""); }
public static string SaveNewUser(object[] oUser) { dataAccess dc = new dataAccess(); acUI.acUI ui = new acUI.acUI(); acUI.AppGlobals ag = new acUI.AppGlobals(); string sSql = null; string sErr = null; // check the number of properties if (oUser.Length != 10) { return("Incorrect list of user properties"); } string sLoginID = oUser[0].ToString(); string sFullName = oUser[1].ToString(); string sAuthType = oUser[2].ToString(); string sUserPassword = oUser[3].ToString(); string sGeneratePW = oUser[4].ToString(); string sForcePasswordChange = oUser[5].ToString(); string sUserRole = oUser[6].ToString(); string sEmail = oUser[7].ToString(); string sStatus = oUser[8].ToString(); string sGroupArray = oUser[9].ToString(); // checks that cant be done on the client side // is the name unique? string sInuse = ""; if (!dc.sqlGetSingleString(ref sInuse, "select user_id from users where username = '******' limit 1", ref sErr)) { return("sErr"); } else { if (!string.IsNullOrEmpty(sInuse)) { return("Login ID '" + sLoginID + "' is unavailable, please choose another."); } } // password string sPassword = null; if (sAuthType == "local") { if (sGeneratePW == "1") //generate an initial strong password { sUserPassword = dc.GenerateNewPassword(); } sPassword = "******" + dc.EnCrypt(sUserPassword) + "'"; } else if (sAuthType == "ldap") { sPassword = "******"; } else { return("Unknown Authentication Type."); } // passed client and server validations, create the user string sNewUserID = ui.NewGUID(); try { dataAccess.acTransaction oTrans = new dataAccess.acTransaction(ref sErr); // all good, save the new user and redirect to the user edit page. sSql = "insert users" + " (user_id,username,full_name,authentication_type,user_password,force_change,email,status,user_role)" + " values " + "('" + sNewUserID + "'," + "'" + sLoginID.Trim().Replace("'", "''") + "'," + "'" + sFullName.Trim().Replace("'", "''") + "'," + "'" + sAuthType + "'," + sPassword + "," + "'" + sForcePasswordChange + "'," + "'" + sEmail.Trim() + "'," + "'" + sStatus + "'," + "'" + sUserRole + "'" + ")"; oTrans.Command.CommandText = sSql; if (!oTrans.ExecUpdate(ref sErr)) { throw new Exception(sErr); } #region "groups" // add user groups, if there are any if (sGroupArray.Length > 0) { ArrayList aGroups = new ArrayList(sGroupArray.Split(',')); foreach (string sGroupName in aGroups) { sSql = "insert object_tags (object_id, object_type, tag_name)" + " values ('" + sNewUserID + "', 1, '" + sGroupName + "')"; oTrans.Command.CommandText = sSql; if (!oTrans.ExecUpdate(ref sErr)) { throw new Exception(sErr); } } } #endregion oTrans.Commit(); } catch (Exception ex) { throw new Exception(ex.Message); } // add security log ui.WriteObjectAddLog(Globals.acObjectTypes.User, sNewUserID, sFullName.Trim().Replace("'", "''"), ""); //email out the password string sBody = ""; if (!dc.sqlGetSingleString(ref sBody, "select new_user_email_message from login_security_settings where id = 1", ref sErr)) { throw new Exception(sErr); } //default message if undefined in the table if (string.IsNullOrEmpty(sBody)) { sBody = sFullName + " - an account has been created for you in " + ag.APP_NAME + "." + Environment.NewLine + Environment.NewLine + "Your User Name: " + sLoginID + "." + Environment.NewLine + "Your temporary password: "******"." + Environment.NewLine; } //replace our special tokens with the values sBody = sBody.Replace("##FULLNAME##", sFullName).Replace("##USERNAME##", sLoginID); if (sGeneratePW == "1") { sBody = sBody.Replace("##PASSWORD##", sUserPassword); } else { sBody = sBody.Replace("##PASSWORD##", "Will be provided by an Administrator."); } if (!ui.SendEmailMessage(sEmail.Trim(), ag.APP_COMPANYNAME + " Account Management", "Welcome to " + ag.APP_COMPANYNAME, sBody, ref sErr)) { throw new Exception(sErr); } // no errors to here, so return an empty string return(""); }