private void butOK_Click(object sender, EventArgs e)
{
bool isEcw = Programs.UsingEcwTightOrFullMode();
string userName = "";
if (PrefC.GetBool(PrefName.UserNameManualEntry))
{
//Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower());
}
else
{
userName = listUser.SelectedItem?.ToString();
}
if (string.IsNullOrEmpty(userName))
{
MsgBox.Show(this, "Login failed");
return;
}
string passwordTyped = textPassword.Text;
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped))
{
MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
return;
}
Userod userCur = null;
if (isEcw) //ecw requires hash, but non-ecw requires actual password
{
passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true);
}
if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ)
{
// No need to check password when changing task users at HQ to user "Stay Open".
userCur = Userods.GetUserByNameNoCache(userName);
}
else //Not HQ (most common scenario)
//Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn.
//That event would cause a second login window to pop with strange behavior.
//Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary.
{
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
{
userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false);
if (userCur == null)
{
MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts.");
return;
}
}
else //Directly connected to the database. This code will give a more accurate error message to the user when failing to log in.
{
try {
userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
}
}
//successful login.
if (_isSimpleSwitch)
{
CurUserSimpleSwitch = userCur;
}
else //Not a temporary login.
{
Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls.
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
{
if (Userods.IsPasswordStrong(passwordTyped) != "") //Password is not strong
{
MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache))
{
return; //Failed password update.
}
_refreshSecurityCache = true; //Indicate to calling method that they should manually refresh the Security cache.
}
}
Security.IsUserLoggedIn = true;
//Jason approved always storing the cleartext password that the user typed in
//since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
Security.PasswordTyped = passwordTyped;
SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on."));
UserOdPrefs.SetThemeForUserIfNeeded();
}
Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
DialogResult = DialogResult.OK;
}
private void butLogin_Click(object sender, EventArgs e)
{
Userod userEntered;
string password;
try {
bool useEcwAlgorithm = Programs.UsingEcwTightOrFullMode();
//ecw requires hash, but non-ecw requires actual password
password = textPassword.Text;
if (useEcwAlgorithm)
{
//It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time.
//It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString.
if (Security.CurUser == null)
{
Security.CurUser = new Userod();
}
password = Authentication.HashPasswordMD5(password, true);
}
string username = textUser.Text;
#if DEBUG
if (username == "")
{
username = "******";
password = "******";
}
#endif
//Set the PasswordTyped property prior to checking the credentials for Middle Tier.
Security.PasswordTyped = password;
userEntered = Userods.CheckUserAndPassword(username, password, useEcwAlgorithm);
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
return;
}
//successful login.
Security.CurUser = userEntered;
Security.IsUserLoggedIn = true;
RemotingClient.HasLoginFailed = false;
UserOdPrefs.SetThemeForUserIfNeeded();
if (RemotingClient.RemotingRole == RemotingRole.ClientWeb &&
string.IsNullOrEmpty(userEntered.PasswordHash) &&
string.IsNullOrEmpty(textPassword.Text))
{
MsgBox.Show(this, "When using the web service, not allowed to log in with no password. A password should be added for this user.");
if (!SecurityL.ChangePassword(true)) //Failed password update.
{
return;
}
}
if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) &&
PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong) &&
Userods.IsPasswordStrong(textPassword.Text) != "") //Password is not strong
{
MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
if (!SecurityL.ChangePassword(true)) //Failed password update.
{
return;
}
}
SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on.");
DialogResult = DialogResult.OK;
}