public static void InitializeSecurity(SRPUser u, int TID, string newPassword) { var MTID = Core.Utilities.Tenant.GetMasterID(); u.TenID = TID; u.MustResetPassword = true; u.Insert(); var g = new SRPGroup(); g.GID = 0; g.GroupName = "Superuser group"; g.GroupDescription = "All permissions enabled."; g.TenID = TID; g.Insert(); var PermissionID_LIST = "1000,2000,2100,2200,3000,4000,4100,4200,4300,4400,4500,4600,4700,4800,4900,5000,5100,5200,5300,8000"; SRPGroup.UpdatePermissions(g.GID, PermissionID_LIST, ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username); SRPGroup.UpdateMemberUsers(g.GID, u.Uid.ToString(), ((SRPUser)HttpContext.Current.Session[SessionData.UserProfile.ToString()]).Username); var Message = "Summer Reading Program - Your account has been created"; // TODO security - this should not email the password in cleartext string baseUrl = WebTools.GetBaseUrl(HttpContext.Current.Request); var EmailBody = "<h1>Dear " + u.FirstName + ",</h1><br><br>Your account has been created and has full administrative access to your organization's reading rogram. <br>This is your current account information. Please make sure you reset your password as soon as you are able to log back in.<br><br>" + "Username: "******"<br>Password: "******"<br><br>If you have any questions regarding your account please contact " + SRPSettings.GetSettingValue("ContactName") + " at " + SRPSettings.GetSettingValue("ContactEmail") + "." + "<br><br><br><a href='" + baseUrl + "'>" + baseUrl + "</a> <br> "; new EmailService().SendEmail(u.EmailAddress, Message, EmailBody); }
protected void uvButton_Click(object sender, EventArgs e) { SRPUser user = new SRPUser((int)((SRPUser)Session[SessionData.UserProfile.ToString()]).Uid); var valid = SRPUser.VerifyPassword(user.Username, uxCPass.Text); if(!valid) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, "Your current password is invalid."); return; } user.LastPasswordReset = DateTime.Now; user.MustResetPassword = false; user.NewPassword = uxPassword.Text; try { user.ClearErrorCodes(); if(user.Update()) { Session[SessionData.UserProfile.ToString()] = user; MasterPage.PageMessage = String.Format("Password has been changed."); } else { string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach(BusinessRulesValidationMessage m in user.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch(Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } }
protected void Page_Load(object sender, EventArgs e) { MasterPage.IsSecure = true; MasterPage.PageTitle = "User Login History"; lblUID.Text = Session["UID"] == null ? "" : Session["UID"].ToString(); //Session["UID"]= string.Empty; if (lblUID.Text == "") Response.Redirect("~/ControlRoom/"); if (!IsPostBack) { //lblUID.Text = Request["UID"].ToString(); var user = new SRPUser(int.Parse(lblUID.Text)); lblUsername.Text = user.Username; lblName.Text = user.FirstName + " " + user.LastName; lblUsername.Visible = lblName.Visible = true; } ControlRoomAccessPermission.CheckControlRoomAccessPermission(1000); // User Security; if (!IsPostBack) { List<RibbonPanel> moduleRibbonPanels = StandardModuleRibbons.SecurityRibbon(); foreach (var moduleRibbonPanel in moduleRibbonPanels) { MasterPage.PageRibbon.Add(moduleRibbonPanel); } MasterPage.PageRibbon.DataBind(); } _mStrSortExp = String.Empty; if (!IsPostBack) { _mStrSortExp = String.Empty; } else { if (null != ViewState["_SortExp_"]) { _mStrSortExp = ViewState["_SortExp_"] as String; } if (null != ViewState["_Direction_"]) { _mSortDirection = (SortDirection)ViewState["_Direction_"]; } } if (!IsPostBack) { LoadData(); } }
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) { string returnURL = "~/ControlRoom/Modules/Tenant/TenantList.aspx"; if (e.CommandName.ToLower() == "back") { Response.Redirect(returnURL); } if (e.CommandName.ToLower() == "refresh") { try { odsData.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); var masterPage = (IControlRoomMaster)Master; if (masterPage != null) masterPage.PageMessage = SRPResources.RefreshOK; } catch (Exception ex) { var masterPage = (IControlRoomMaster)Master; masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if (e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback") { try { var obj = new Core.Utilities.Tenant(); obj.Name = ((TextBox)((DetailsView)sender).FindControl("Name")).Text; obj.LandingName = ((TextBox)((DetailsView)sender).FindControl("LandingName")).Text; obj.AdminName = ((TextBox)((DetailsView)sender).FindControl("AdminName")).Text; obj.isActiveFlag = ((CheckBox)((DetailsView)sender).FindControl("isActiveFlag")).Checked; obj.isMasterFlag = ((CheckBox)((DetailsView)sender).FindControl("isMasterFlag")).Checked; obj.Description = ((HtmlTextArea)((DetailsView)sender).FindControl("Description")).InnerHtml; obj.DomainName = ((TextBox)((DetailsView)sender).FindControl("DomainName")).Text; try { obj.showNotifications = ((CheckBox)((DetailsView)sender).FindControl("showNotifications")).Checked; obj.showOffers = ((CheckBox)((DetailsView)sender).FindControl("showOffers")).Checked; obj.showBadges = ((CheckBox)((DetailsView)sender).FindControl("showBadges")).Checked; obj.showEvents = ((CheckBox)((DetailsView)sender).FindControl("showEvents")).Checked; obj.NotificationsMenuText = ((TextBox)((DetailsView)sender).FindControl("NotificationsMenuText")).Text; obj.OffersMenuText = ((TextBox)((DetailsView)sender).FindControl("OffersMenuText")).Text; obj.BadgesMenuText = ((TextBox)((DetailsView)sender).FindControl("BadgesMenuText")).Text; obj.EventsMenuText = ((TextBox)((DetailsView)sender).FindControl("EventsMenuText")).Text; obj.FldInt1 = ((TextBox)((DetailsView)sender).FindControl("FldInt1")).Text.SafeToInt(); } catch (Exception exc) { this.Log().Error("Error parsing new tenant information: {0}", exc.Message); } /* obj.FldInt2 = ((TextBox)((DetailsView)sender).FindControl("FldInt2")).Text.SafeToInt(); obj.FldInt3 = ((TextBox)((DetailsView)sender).FindControl("FldInt3")).Text.SafeToInt(); obj.FldBit1 = ((CheckBox)((DetailsView)sender).FindControl("FldBit1")).Checked; obj.FldBit2 = ((CheckBox)((DetailsView)sender).FindControl("FldBit2")).Checked; obj.FldBit3 = ((CheckBox)((DetailsView)sender).FindControl("FldBit3")).Checked; obj.FldText1 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText1")).Text; obj.FldText2 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText2")).Text; obj.FldText3 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText3")).Text; */ // TODO security - don't give all new tenants the same password string newPassword = "******"; obj.AddedDate = DateTime.Now; obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session obj.LastModDate = obj.AddedDate; obj.LastModUser = obj.AddedUser; var sysadmin = new SRPUser(); sysadmin.Username = ((TextBox)((DetailsView)sender).FindControl("sysadmin")).Text; sysadmin.NewPassword = newPassword; sysadmin.FirstName = ((TextBox)((DetailsView)sender).FindControl("fname")).Text; sysadmin.LastName = ((TextBox)((DetailsView)sender).FindControl("lname")).Text; sysadmin.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("email")).Text; sysadmin.Division = ((TextBox)((DetailsView)sender).FindControl("Name")).Text; sysadmin.Department = sysadmin.Title= string.Empty; sysadmin.AddedDate = DateTime.Now; sysadmin.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session sysadmin.LastModDate = sysadmin.AddedDate; sysadmin.LastModUser = sysadmin.AddedUser; sysadmin.IsActive = true; if (sysadmin.IsValid(BusinessRulesValidationMode.INSERT)) { if (obj.IsValid(BusinessRulesValidationMode.INSERT)) { obj.Insert(); var TID = obj.TenID; TenantInitialize.InitializeSecurity(sysadmin, TID, newPassword); TenantInitialize.InitializeData(TID); if (e.CommandName.ToLower() == "addandback") { Response.Redirect(returnURL); } lblPK.Text = obj.TenID.ToString(); odsData.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); var masterPage = (IControlRoomMaster)Master; masterPage.PageMessage = SRPResources.AddedOK; } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); masterPage.PageError = message; } } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in sysadmin.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); masterPage.PageError = message; } } catch (Exception ex) { var masterPage = (IControlRoomMaster)Master; masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); this.Log().Error("Error adding tenant: {0}", ex.Message); } } if (e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") { try { var obj = new GRA.SRP.Core.Utilities.Tenant(); int pk = int.Parse(lblPK.Text); obj.Fetch(pk); obj.Name = ((TextBox)((DetailsView)sender).FindControl("Name")).Text; obj.LandingName = ((TextBox)((DetailsView)sender).FindControl("LandingName")).Text; obj.AdminName = ((TextBox)((DetailsView)sender).FindControl("AdminName")).Text; obj.isActiveFlag = ((CheckBox)((DetailsView)sender).FindControl("isActiveFlag")).Checked; obj.isMasterFlag = ((CheckBox)((DetailsView)sender).FindControl("isMasterFlag")).Checked; obj.Description = ((HtmlTextArea)((DetailsView)sender).FindControl("Description")).InnerHtml; obj.DomainName = ((TextBox)((DetailsView)sender).FindControl("DomainName")).Text; try { obj.showNotifications = ((CheckBox)((DetailsView)sender).FindControl("showNotifications")).Checked; obj.showOffers = ((CheckBox)((DetailsView)sender).FindControl("showOffers")).Checked; obj.showBadges = ((CheckBox)((DetailsView)sender).FindControl("showBadges")).Checked; obj.showEvents = ((CheckBox)((DetailsView)sender).FindControl("showEvents")).Checked; obj.NotificationsMenuText = ((TextBox)((DetailsView)sender).FindControl("NotificationsMenuText")).Text; obj.OffersMenuText = ((TextBox)((DetailsView)sender).FindControl("OffersMenuText")).Text; obj.BadgesMenuText = ((TextBox)((DetailsView)sender).FindControl("BadgesMenuText")).Text; obj.EventsMenuText = ((TextBox)((DetailsView)sender).FindControl("EventsMenuText")).Text; obj.FldInt1 = ((TextBox)((DetailsView)sender).FindControl("FldInt1")).Text.SafeToInt(); } catch(Exception exc) { this.Log().Error("Error in tenant save: {0}", exc.Message); } /* obj.FldInt2 = ((TextBox)((DetailsView)sender).FindControl("FldInt2")).Text.SafeToInt(); obj.FldInt3 = ((TextBox)((DetailsView)sender).FindControl("FldInt3")).Text.SafeToInt(); obj.FldBit1 = ((CheckBox)((DetailsView)sender).FindControl("FldBit1")).Checked; obj.FldBit2 = ((CheckBox)((DetailsView)sender).FindControl("FldBit2")).Checked; obj.FldBit3 = ((CheckBox)((DetailsView)sender).FindControl("FldBit3")).Checked; obj.FldText1 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText1")).Text; obj.FldText2 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText2")).Text; obj.FldText3 = ((HtmlTextArea)((DetailsView)sender).FindControl("FldText3")).Text; */ obj.LastModDate = DateTime.Now; obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session if (obj.IsValid(BusinessRulesValidationMode.UPDATE)) { obj.Update(); if (e.CommandName.ToLower() == "saveandback") { Response.Redirect(returnURL); } odsData.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); var masterPage = (IControlRoomMaster)Master; masterPage.PageMessage = SRPResources.SaveOK; } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); masterPage.PageError = message; } } catch (Exception ex) { var masterPage = (IControlRoomMaster)Master; masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } }
protected void GvRowCommand(object sender, GridViewCommandEventArgs e) { string editpage = "~/ControlRoom/Modules/Security/UserAddEdit.aspx"; if(e.CommandName.ToLower() == "addrecord") { Session["UID"]= string.Empty; Response.Redirect(editpage); } if(e.CommandName.ToLower() == "editrecord") { int key = Convert.ToInt32(e.CommandArgument); Session["UID"] = key; Response.Redirect(editpage); //Response.Redirect(String.Format("{0}?PK={1}", editpage, key)); } if(e.CommandName.ToLower() == "audituser") { int key = Convert.ToInt32(e.CommandArgument); Session["UID"] = key; Response.Redirect("~/ControlRoom/Modules/Security/UserAudit.aspx"); //Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/UserAudit.aspx", key)); } if(e.CommandName.ToLower() == "loginhistory") { int key = Convert.ToInt32(e.CommandArgument); Session["UID"] = key; Response.Redirect("~/ControlRoom/Modules/Security/LoginHistory.aspx"); //Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/LoginHistory.aspx", key)); } if(e.CommandName.ToLower() == "deleterecord") { int key = Convert.ToInt32(e.CommandArgument); try { var obj = new SRPUser(key); if(obj.IsValid(BusinessRulesValidationMode.DELETE)) { SRPUser.Delete(key); LoadData(); var masterPage = (IControlRoomMaster)Master; if(masterPage != null) masterPage.PageMessage = SRPResources.DeleteOK; } else { var masterPage = (IControlRoomMaster)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); if(masterPage != null) masterPage.PageError = message; } } catch(Exception ex) { var masterPage = (IControlRoomMaster)Master; if(masterPage != null) masterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } }
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) { string returnURL = "~/ControlRoom/Modules/Security/Default.aspx"; if(e.CommandName.ToLower() == "back") { Response.Redirect(returnURL); } if(e.CommandName.ToLower() == "refresh") { try { odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.RefreshOK; } catch(Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if(e.CommandName.ToLower() == "add" || e.CommandName.ToLower() == "addandback") { try { SRPUser obj = new SRPUser(); obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text; obj.NewPassword = ((TextBox)((DetailsView)sender).FindControl("Password")).Text; obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text; obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text; obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; //((TextBox)((DetailsView)sender).FindControl("Password")).Attributes["value"] = obj.Password; obj.IsActive = true; obj.MustResetPassword = true; obj.IsDeleted = false; obj.AddedDate = DateTime.Now; obj.AddedUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session obj.LastModDate = obj.AddedDate; obj.LastModUser = obj.AddedUser; obj.TenID = (int)CRTenantID; if(obj.IsValid(BusinessRulesValidationMode.INSERT)) { obj.Insert(); if(e.CommandName.ToLower() == "addandback") { Response.Redirect(returnURL); } lblUID.Text = obj.Uid.ToString(); odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.AddedOK; } else { string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch(Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if(e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") { try { int pk = int.Parse(((DetailsView)sender).Rows[0].Cells[1].Text); SRPUser obj = new SRPUser(pk); obj.Username = ((TextBox)((DetailsView)sender).FindControl("Username")).Text; obj.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; obj.LastName = ((TextBox)((DetailsView)sender).FindControl("LastName")).Text; obj.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("EmailAddress")).Text; obj.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; obj.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; obj.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; obj.IsActive = ((CheckBox)((DetailsView)sender).FindControl("IsActive")).Checked; obj.MustResetPassword = ((CheckBox)((DetailsView)sender).FindControl("MustResetPassword")).Checked; //((TextBox)((DetailsView)sender).FindControl("Password")).Attributes.Add("value", obj.Password); //obj.IsDeleted = ((TextBox)((DetailsView)sender).FindControl("IsDeleted")).Text; //obj.LastPasswordReset = ((TextBox)((DetailsView)sender).FindControl("LastPasswordReset")).Text; //obj.DeletedDate = ((TextBox)((DetailsView)sender).FindControl("DeletedDate")).Text; //obj.LastModDate = ((TextBox)((DetailsView)sender).FindControl("LastModDate")).Text; //obj.LastModUser = ((TextBox)((DetailsView)sender).FindControl("LastModUser")).Text; //obj.AddedDate = ((TextBox)((DetailsView)sender).FindControl("AddedDate")).Text; //obj.AddedUser = ((TextBox)((DetailsView)sender).FindControl("AddedUser")).Text; obj.LastModDate = DateTime.Now; obj.LastModUser = ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username; //"N/A"; // Get from session if(obj.IsValid(BusinessRulesValidationMode.UPDATE)) { obj.Update(); SaveGroups((DetailsView)sender, obj); //SavePermissions((DetailsView)sender, obj); //SaveFolders((DetailsView)sender, obj); if(e.CommandName.ToLower() == "saveandback") { Response.Redirect(returnURL); } odsSRPUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); MasterPage.PageMessage = SRPResources.SaveOK; } else { string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach(BusinessRulesValidationMessage m in obj.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); MasterPage.PageError = message; } } catch(Exception ex) { MasterPage.PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if(e.CommandName.ToLower() == "loginhistory") { int key = Convert.ToInt32(lblUID.Text); Session["UID"] = key; Response.Redirect("~/ControlRoom/Modules/Security/LoginHistory.aspx"); //Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/LoginHistory.aspx", key)); } //if (e.CommandName.ToLower() == "audituser") //{ // int key = Convert.ToInt32(lblUID.Text); // Response.Redirect(String.Format("{0}?UID={1}", "~/ControlRoom/Modules/Security/UserAudit.aspx", key)); //} }
protected void SavePermissions(DetailsView dv, SRPUser obj) { GridView gv = (GridView)dv.FindControl("gvUserPermissions"); string groupPermissions= string.Empty; foreach(GridViewRow row in gv.Rows) { if(((CheckBox)row.FindControl("isChecked")).Checked) { groupPermissions = string.Format("{0},{1}", groupPermissions, ((Label)row.FindControl("PermissionID")).Text); } } if(groupPermissions.Length > 0) groupPermissions = groupPermissions.Substring(1, groupPermissions.Length - 1); SRPUser.UpdatePermissions((int)obj.Uid, groupPermissions, ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username); }
protected void SaveGroups(DetailsView dv, SRPUser obj) { GridView gv = (GridView)dv.FindControl("gvUserGroups"); string memberGroups= string.Empty; foreach(GridViewRow row in gv.Rows) { if(((CheckBox)row.FindControl("isMember")).Checked) { memberGroups = string.Format("{0},{1}", memberGroups, ((Label)row.FindControl("GID")).Text); } } if(memberGroups.Length > 0) memberGroups = memberGroups.Substring(1, memberGroups.Length - 1); SRPUser.UpdateMemberGroups((int)obj.Uid, memberGroups, ((SRPUser)Session[SessionData.UserProfile.ToString()]).Username); }
protected void Button1_Click(object sender, EventArgs e) { string userId = new SRPUser().GetUsernameByEmail(uxEmailaddress.Text); string remoteAddress = Request.UserHostAddress; if(string.IsNullOrEmpty(userId)) { // user requested a password for an email address that is not in the database // if account doesn't exist, send an email saying so var values = new { SystemName = SRPSettings.GetSettingValue("SysName", 1), ControlRoomLink = string.Format("{0}{1}", BaseUrl, "/ControlRoom/LoginRecovery.aspx"), ContactName = SRPSettings.GetSettingValue("ContactName", 1), ContactEmail = SRPSettings.GetSettingValue("ContactEmail", 1), RemoteAddress = remoteAddress, UserEmail = uxEmailaddress.Text, PasswordResetSubject = SRPResources.PasswordEmailSubject }; this.Log().Info("User at {0} requested password reset for nonexistent email {1}", values.RemoteAddress, values.UserEmail); // TODO email - move this template out to the database StringBuilder body = new StringBuilder(); body.Append("<p>A password reset request was received by {SystemName} for your "); body.Append("address. Unfortunately no account could be found associated with "); body.Append("this email address.</p>"); body.Append("<p>If you initiated this request, feel free to "); body.Append("<a href=\"{ControlRoomLink}\">try requesting the password</a> "); body.Append("for any other email address you might have used.</p>"); body.Append("<p>If you have any comments or questions, please contact "); body.Append("{ContactName} at <a href=\"mailto:{ContactEmail}\">{ContactEmail}"); body.Append("</a>.</p>"); body.Append("<p style=\"font-size: smaller;\"><em>This password request was "); body.Append("submitted from: {RemoteAddress}.</em></p>"); new EmailService().SendEmail(uxEmailaddress.Text, "{SystemName} - {PasswordResetSubject}".FormatWith(values), body.ToString().FormatWith(values)); } else { SRPUser lookupUser = SRPUser.FetchByUsername(userId); string passwordResetToken = lookupUser.GeneratePasswordResetToken(); if(string.IsNullOrEmpty(passwordResetToken)) { lblMessage.Text = "Unable to initiate password reset process."; return; } var values = new { SystemName = SRPSettings.GetSettingValue("SysName", lookupUser.TenID), PasswordResetLink = string.Format("{0}{1}?token={2}", BaseUrl, "/ControlRoom/PasswordRecovery.aspx", passwordResetToken), ContactName = SRPSettings.GetSettingValue("ContactName", lookupUser.TenID), ContactEmail = SRPSettings.GetSettingValue("ContactEmail", lookupUser.TenID), RemoteAddress = remoteAddress, UserEmail = uxEmailaddress.Text, PasswordResetSubject = SRPResources.PasswordEmailSubject, }; this.Log().Info("User at {0} requested password reset for email {1}", values.RemoteAddress, values.UserEmail); // TODO email - move this template out to the database StringBuilder body = new StringBuilder(); body.Append("<p>A password reset request was received by {SystemName} for your "); body.Append("address.</p>"); body.Append("<p>Please <a href=\"{PasswordResetLink}\">click here</a> "); body.Append("to create a new password for your account.</p>"); body.Append("<p>If you did not initiate this request, take no action and your "); body.Append("password will not be changed.</p>"); body.Append("<p>If you have any comments or questions, please contact "); body.Append("{ContactName} at <a href=\"mailto:{ContactEmail}\">{ContactEmail}"); body.Append("</a>.</p>"); body.Append("<p style=\"font-size: smaller;\"><em>This password request was "); body.Append("submitted from: {RemoteAddress}.</em></p>"); new EmailService().SendEmail(uxEmailaddress.Text, "{SystemName} - {PasswordResetSubject}".FormatWith(values), body.ToString().FormatWith(values)); } lblMessage.Text = "Processing your password reset request, you should receive an email soon."; }
protected override void OnPreLoad(EventArgs e) { MasterPage = (IControlRoomMaster)Master; if(MasterPage != null) MasterPage.IsSecure = true; SRPUser = (SRPUser)Session[SessionData.UserProfile.ToString()]; //UserPermissions = (List<SRPPermission>)Session[SessionData.PermissionList.ToString()]; UserPermissionList = (string)Session[SessionData.StringPermissionList.ToString()]; base.OnPreLoad(e); }
public static List<SRPUser> FetchAll(bool forCurrentTenantOnly = true) { var arrParams = new SqlParameter[1]; if(forCurrentTenantOnly) { arrParams[0] = new SqlParameter("@TenID", (HttpContext.Current.Session["TenantID"] == null || HttpContext.Current.Session["TenantID"].ToString() == "" ? -1 : (int)HttpContext.Current.Session["TenantID"]) ); } else { arrParams[0] = new SqlParameter("@TenID", DBNull.Value); } var reader = SqlHelper.ExecuteReader(conn, CommandType.StoredProcedure, "cbspSRPUser_GetAll", arrParams); List<SRPUser> retValue = new List<SRPUser>(); while(reader.Read()) { SRPUser aUser = new SRPUser(); aUser.Uid = (int)reader["UID"]; aUser.Username = (string)reader["Username"]; aUser.FirstName = (string)reader["FirstName"]; aUser.LastName = (string)reader["LastName"]; aUser.EmailAddress = (string)reader["EmailAddress"]; aUser.Division = (string)reader["Division"]; aUser.Department = (string)reader["Department"]; aUser.Title = (string)reader["Title"]; aUser.IsActive = (bool)reader["IsActive"]; aUser.MustResetPassword = (bool)reader["MustResetPassword"]; aUser.IsDeleted = (bool)reader["IsDeleted"]; aUser.LastPasswordReset = reader.IsDBNull(reader.GetOrdinal("LastPasswordReset")) ? null : (DateTime?)reader["LastPasswordReset"]; aUser.DeletedDate = reader.IsDBNull(reader.GetOrdinal("DeletedDate")) ? null : (DateTime?)reader["DeletedDate"]; aUser.LastModDate = reader.IsDBNull(reader.GetOrdinal("LastModDate")) ? null : (DateTime?)reader["LastModDate"]; aUser.AddedDate = reader.IsDBNull(reader.GetOrdinal("AddedDate")) ? null : (DateTime?)reader["AddedDate"]; aUser.LastModUser = (string)reader["LastModUser"]; aUser.AddedUser = (string)reader["AddedUser"]; aUser.TenID = (int)reader["TenID"]; aUser.FldInt1 = (int)reader["FldInt1"]; aUser.FldInt2 = (int)reader["FldInt2"]; aUser.FldInt3 = (int)reader["FldInt3"]; aUser.FldBit1 = (bool)reader["FldBit1"]; aUser.FldBit2 = (bool)reader["FldBit2"]; aUser.FldBit3 = (bool)reader["FldBit3"]; aUser.FldText1 = reader["FldText1"].ToString(); aUser.FldText2 = reader["FldText2"].ToString(); aUser.FldText3 = reader["FldText3"].ToString(); retValue.Add(aUser); } return retValue; }
public static SRPUser GetFromReader(SqlDataReader reader) { SRPUser returnVal = null; if(reader.Read()) { returnVal = new SRPUser(); returnVal.Uid = (int)reader["UID"]; returnVal.Username = reader["Username"].ToString(); returnVal.FirstName = reader["FirstName"].ToString(); returnVal.LastName = reader["LastName"].ToString(); returnVal.EmailAddress = reader["EmailAddress"].ToString(); returnVal.Division = reader["Division"].ToString(); returnVal.Department = reader["Department"].ToString(); returnVal.Title = reader["Title"].ToString(); returnVal.IsActive = (bool)reader["IsActive"]; returnVal.MustResetPassword = (bool)reader["MustResetPassword"]; returnVal.IsDeleted = (bool)reader["IsDeleted"]; returnVal.LastPasswordReset = reader.IsDBNull(reader.GetOrdinal("LastPasswordReset")) ? null : (DateTime?)reader["LastPasswordReset"]; returnVal.DeletedDate = reader.IsDBNull(reader.GetOrdinal("DeletedDate")) ? null : (DateTime?)reader["DeletedDate"]; returnVal.LastModDate = reader.IsDBNull(reader.GetOrdinal("LastModDate")) ? null : (DateTime?)reader["LastModDate"]; returnVal.AddedDate = reader.IsDBNull(reader.GetOrdinal("AddedDate")) ? null : (DateTime?)reader["AddedDate"]; returnVal.LastModUser = reader["LastModUser"].ToString(); returnVal.AddedUser = reader["AddedUser"].ToString(); returnVal.TenID = (int)reader["TenID"]; returnVal.FldInt1 = (int)reader["FldInt1"]; returnVal.FldInt2 = (int)reader["FldInt2"]; returnVal.FldInt3 = (int)reader["FldInt3"]; returnVal.FldBit1 = (bool)reader["FldBit1"]; returnVal.FldBit2 = (bool)reader["FldBit2"]; returnVal.FldBit3 = (bool)reader["FldBit3"]; returnVal.FldText1 = reader["FldText1"].ToString(); returnVal.FldText2 = reader["FldText2"].ToString(); returnVal.FldText3 = reader["FldText3"].ToString(); } reader.Close(); return returnVal; }
public void OnAuthenticate(object sender, AuthenticateEventArgs e) { if (Page.IsValid) { SRPUser user = new SRPUser(); bool auth = SRPUser.Login(uxLogin.UserName, uxLogin.Password, Session.SessionID, Request.UserHostAddress == "::1" ? "127.0.0.1" : Request.UserHostAddress, Request.UserHostName == "::1" ? "localhost" : Request.UserHostName, Request.Browser.Browser + " - v" + Request.Browser.MajorVersion + Request.Browser.MinorVersionString); if (!auth) { uxMessageBox.Visible = true; FailureText.Text = SRPResources.BadUserPass; //Account Inactive // e.Authenticated = false; } else { e.Authenticated = true; } if (e.Authenticated) { // handle remember me if (uxLogin.RememberMeSet == true) { var rememberMe = new HttpCookie("ControlRoomUsername", uxLogin.UserName); rememberMe.Expires = DateTime.Now.AddDays(14); Response.Cookies.Set(rememberMe); } else { var rememberMe = new HttpCookie("ControlRoomUsername", string.Empty); rememberMe.Expires = DateTime.Now.AddDays(-1); Response.Cookies.Set(rememberMe); } // Put User Profile into Session. // Put Security roles into session // = ConfigurationManager.AppSettings["ApplicationName"]; user = SRPUser.FetchByUsername(uxLogin.UserName); Session[SessionData.IsLoggedIn.ToString()] = true; Session[SessionData.UserProfile.ToString()] = user; List<SRPPermission> perms = user.EffectiveUserPermissions(); //Session[SessionData.PermissionList.ToString()] = perms; string permList = string.Empty; foreach (SRPPermission perm in perms) permList += String.Format("#{0}", perm.Permission); Session[SessionData.StringPermissionList.ToString()] = permList; Session["TenantID"] = user.TenID; Session[CRSessionKey.TenantID] = user.TenID; var tenant = Tenant.FetchObject(user.TenID); Session[CRSessionKey.IsMaster] = tenant.isMasterFlag; if (user.MustResetPassword) { this.Log().Info("Redirecting {0} to mandatory password reset.", user.Username); Response.Redirect("~/ControlRoom/PasswordReset.aspx"); } //List<CMSFolder> folders = user.EffectiveUserFolders(); //Session[SessionData.FoldersList.ToString()] = folders; //string foldersList= string.Empty; //foreach (CMSFolder folder in folders) // foldersList += string.Format("#{0}", folder.Folder); //Session[SessionData.StringFoldersList.ToString()] = foldersList; ////// to do - make sure these are in the settings module/ complete the settings module ////string[] HideFolders = new string[] { ".svn", "CVS", "app_data", "properties", "bin", "obj", "controls", "core", "controlroom", "app_themes" }; ////CMSSettings.SetSetting("HideFolders", HideFolders, ","); ////string[] HideFiles = new string[] { ".*" }; ////CMSSettings.SetSetting("HideFiles", HideFiles, ","); ////string[] AllowedExtensions = new string[] { }; ////CMSSettings.SetSetting("AllowedExtensions", AllowedExtensions, ","); ////string[] DeniedExtensions = new string[] { }; ////CMSSettings.SetSetting("DeniedExtensions", DeniedExtensions, ","); ////// end to do FormsAuthentication.RedirectFromLoginPage(uxLogin.UserName, false); } } else { uxMessageBox.Visible = true; } }
protected void DvItemCommand(object sender, DetailsViewCommandEventArgs e) { string returnURL = "~/ControlRoom/"; if (e.CommandName.ToLower() == "back") { Response.Redirect(returnURL); } if (e.CommandName.ToLower() == "password") { Response.Redirect("~/ControlRoom/Modules/PortalUser/PasswordReset.aspx"); } if (e.CommandName.ToLower() == "refresh") { try { odsCMSUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageMessage = SRPResources.RefreshOK; } catch (Exception ex) { //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } if (e.CommandName.ToLower() == "save" || e.CommandName.ToLower() == "saveandback") { try { SRPUser updateSrpUser = new SRPUser(); int pk = (int)SRPUser.Uid; updateSrpUser = SRPUser.Fetch(pk); updateSrpUser.FirstName = ((TextBox)((DetailsView)sender).FindControl("FirstName")).Text; updateSrpUser.LastName = ((TextBox)((DetailsView)sender).FindControl("Lastname")).Text; updateSrpUser.LastName = ((TextBox)((DetailsView)sender).FindControl("Lastname")).Text; updateSrpUser.EmailAddress = ((TextBox)((DetailsView)sender).FindControl("Emailaddress")).Text; updateSrpUser.Title = ((TextBox)((DetailsView)sender).FindControl("Title")).Text; updateSrpUser.Department = ((TextBox)((DetailsView)sender).FindControl("Department")).Text; updateSrpUser.Division = ((TextBox)((DetailsView)sender).FindControl("Division")).Text; updateSrpUser.LastModDate = DateTime.Now; updateSrpUser.LastModUser = "******"; // Get from session string signature = ((TextBox)((DetailsView)sender).FindControl("MailSignature")).Text; if(!string.IsNullOrWhiteSpace(signature.Trim())) { updateSrpUser.MailSignature = signature.Trim(); } if (updateSrpUser.IsValid(BusinessRulesValidationMode.UPDATE)) { updateSrpUser.Update(); SRPUser = updateSrpUser; Session[SessionData.UserProfile.ToString()] = updateSrpUser; if (e.CommandName.ToLower() == "saveandback") { Response.Redirect(returnURL); } odsCMSUser.DataBind(); dv.DataBind(); dv.ChangeMode(DetailsViewMode.Edit); //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageMessage = SRPResources.SaveOK; } else { //ICMSMasterPage masterPage = (ICMSMasterPage)Master; string message = String.Format(SRPResources.ApplicationError1, "<ul>"); foreach (BusinessRulesValidationMessage m in updateSrpUser.ErrorCodes) { message = string.Format(String.Format("{0}<li>{{0}}</li>", message), m.ErrorMessage); } message = string.Format("{0}</ul>", message); //masterPage. PageError = message; } } catch (Exception ex) { //ICMSMasterPage masterPage = (ICMSMasterPage)Master; //masterPage. PageError = String.Format(SRPResources.ApplicationError1, ex.Message); } } }