Exemple #1
0
        private void butOK_Click(object sender, EventArgs e)
        {
            bool   isEcw    = Programs.UsingEcwTightOrFullMode();
            string userName = "";

            if (PrefC.GetBool(PrefName.UserNameManualEntry))
            {
                //Check the user name using ToLower and Trim because Open Dental is case insensitive and does not allow white-space in regards to user names.
                userName = listUser.Items.Cast <string>().FirstOrDefault(x => x.Trim().ToLower() == textUser.Text.Trim().ToLower());
            }
            else
            {
                userName = listUser.SelectedItem?.ToString();
            }
            if (string.IsNullOrEmpty(userName))
            {
                MsgBox.Show(this, "Login failed");
                return;
            }
            string passwordTyped = textPassword.Text;

            if (RemotingClient.RemotingRole == RemotingRole.ClientWeb && string.IsNullOrEmpty(passwordTyped))
            {
                MsgBox.Show(this, "When using the web service, not allowed to log in with no password.  A password should be added for this user.");
                return;
            }
            Userod userCur = null;

            if (isEcw)             //ecw requires hash, but non-ecw requires actual password
            {
                passwordTyped = Authentication.HashPasswordMD5(passwordTyped, true);
            }
            if (userName == "Stay Open" && _isSimpleSwitch && PrefC.IsODHQ)
            {
                // No need to check password when changing task users at HQ to user "Stay Open".
                userCur = Userods.GetUserByNameNoCache(userName);
            }
            else              //Not HQ (most common scenario)
                              //Middle Tier sessions should not fire the CheckUserAndPasswordFailed exception code in FormLogOn.
                              //That event would cause a second login window to pop with strange behavior.
                              //Invoke the overload for CheckUserAndPassword that does not throw exceptions and give the user a generic error message if necessary.
            {
                if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
                {
                    userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw, false);
                    if (userCur == null)
                    {
                        MsgBox.Show("Userods", "Invalid username, password, or the account has been locked due to failed log in attempts.");
                        return;
                    }
                }
                else                  //Directly connected to the database.  This code will give a more accurate error message to the user when failing to log in.
                {
                    try {
                        userCur = Userods.CheckUserAndPassword(userName, passwordTyped, isEcw);
                    }
                    catch (Exception ex) {
                        MessageBox.Show(ex.Message);
                        return;
                    }
                }
            }
            //successful login.
            if (_isSimpleSwitch)
            {
                CurUserSimpleSwitch = userCur;
            }
            else                            //Not a temporary login.
            {
                Security.CurUser = userCur; //Need to set for SecurityL.ChangePassword and calls.
                if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) && PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong))
                {
                    if (Userods.IsPasswordStrong(passwordTyped) != "")                   //Password is not strong
                    {
                        MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
                        if (!SecurityL.ChangePassword(true, _doRefreshSecurityCache))
                        {
                            return;                            //Failed password update.
                        }
                        _refreshSecurityCache = true;          //Indicate to calling method that they should manually refresh the Security cache.
                    }
                }
                Security.IsUserLoggedIn = true;
                //Jason approved always storing the cleartext password that the user typed in
                //since this is necessary for Reporting Servers over middle tier and was already happening when a user logged in over middle tier.
                Security.PasswordTyped = passwordTyped;
                SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, Lan.g(this, "User:"******" " + Security.CurUser.UserName + " " + Lan.g(this, "has logged on."));
                UserOdPrefs.SetThemeForUserIfNeeded();
            }
            Plugins.HookAddCode(this, "FormLogOn.butOK_Click_end");
            DialogResult = DialogResult.OK;
        }
Exemple #2
0
        private void butLogin_Click(object sender, EventArgs e)
        {
            Userod userEntered;
            string password;

            try {
                bool useEcwAlgorithm = Programs.UsingEcwTightOrFullMode();
                //ecw requires hash, but non-ecw requires actual password
                password = textPassword.Text;
                if (useEcwAlgorithm)
                {
                    //It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time.
                    //It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString.
                    if (Security.CurUser == null)
                    {
                        Security.CurUser = new Userod();
                    }
                    password = Authentication.HashPasswordMD5(password, true);
                }
                string username = textUser.Text;
                                #if DEBUG
                if (username == "")
                {
                    username = "******";
                    password = "******";
                }
                                #endif
                //Set the PasswordTyped property prior to checking the credentials for Middle Tier.
                Security.PasswordTyped = password;
                userEntered            = Userods.CheckUserAndPassword(username, password, useEcwAlgorithm);
            }
            catch (Exception ex) {
                MessageBox.Show(ex.Message);
                return;
            }
            //successful login.
            Security.CurUser              = userEntered;
            Security.IsUserLoggedIn       = true;
            RemotingClient.HasLoginFailed = false;
            UserOdPrefs.SetThemeForUserIfNeeded();
            if (RemotingClient.RemotingRole == RemotingRole.ClientWeb &&
                string.IsNullOrEmpty(userEntered.PasswordHash) &&
                string.IsNullOrEmpty(textPassword.Text))
            {
                MsgBox.Show(this, "When using the web service, not allowed to log in with no password.  A password should be added for this user.");
                if (!SecurityL.ChangePassword(true))                 //Failed password update.
                {
                    return;
                }
            }
            if (PrefC.GetBool(PrefName.PasswordsMustBeStrong) &&
                PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong) &&
                Userods.IsPasswordStrong(textPassword.Text) != "")                  //Password is not strong
            {
                MsgBox.Show(this, "You must change your password to a strong password due to the current Security settings.");
                if (!SecurityL.ChangePassword(true))                 //Failed password update.
                {
                    return;
                }
            }
            SecurityLogs.MakeLogEntry(Permissions.UserLogOnOff, 0, "User: "******" has logged on.");
            DialogResult = DialogResult.OK;
        }