Exemple #1
0
        public static int AuthenticateUser(string username, string password, string ip)
        {
            // start task
            TaskManager.StartTask("USER", "AUTHENTICATE", username);
            TaskManager.WriteParameter("IP", ip);

            try
            {
                int result = 0;

                // try to get user from database
                UserInfoInternal user = GetUserInternally(username);

                // check if the user exists
                if (user == null)
                {
                    TaskManager.WriteWarning("Wrong username");
                    return(BusinessErrorCodes.ERROR_USER_WRONG_USERNAME);
                }

                // check if the user is disabled
                if (user.LoginStatus == UserLoginStatus.Disabled)
                {
                    TaskManager.WriteWarning("User disabled");
                    return(BusinessErrorCodes.ERROR_USER_ACCOUNT_DISABLED);
                }

                // check if the user is locked out
                if (user.LoginStatus == UserLoginStatus.LockedOut)
                {
                    TaskManager.WriteWarning("User locked out");
                    return(BusinessErrorCodes.ERROR_USER_ACCOUNT_LOCKEDOUT);
                }

                //Get the password policy
                UserSettings userSettings = UserController.GetUserSettings(user.UserId, UserSettings.WEBSITEPANEL_POLICY);
                int          lockOut      = -1;

                if (!string.IsNullOrEmpty(userSettings["PasswordPolicy"]))
                {
                    string passwordPolicy = userSettings["PasswordPolicy"];
                    try
                    {
                        // parse settings
                        string[] parts = passwordPolicy.Split(';');
                        lockOut = Convert.ToInt32(parts[7]);
                    }
                    catch { /* skip */ }
                }


                // compare user passwords
                if ((CryptoUtils.SHA1(user.Password) == password) || (user.Password == password))
                {
                    switch (user.OneTimePasswordState)
                    {
                    case OneTimePasswordStates.Active:
                        result = BusinessSuccessCodes.SUCCESS_USER_ONETIMEPASSWORD;
                        OneTimePasswordHelper.FireSuccessAuth(user);
                        break;

                    case OneTimePasswordStates.Expired:
                        if (lockOut >= 0)
                        {
                            DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
                        }
                        TaskManager.WriteWarning("Expired one time password");
                        return(BusinessErrorCodes.ERROR_USER_EXPIRED_ONETIMEPASSWORD);

                        break;
                    }
                }
                else
                {
                    if (lockOut >= 0)
                    {
                        DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
                    }

                    TaskManager.WriteWarning("Wrong password");
                    return(BusinessErrorCodes.ERROR_USER_WRONG_PASSWORD);
                }

                DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, true);

                // check status
                if (user.Status == UserStatus.Cancelled)
                {
                    TaskManager.WriteWarning("Account cancelled");
                    return(BusinessErrorCodes.ERROR_USER_ACCOUNT_CANCELLED);
                }

                if (user.Status == UserStatus.Pending)
                {
                    TaskManager.WriteWarning("Account pending");
                    return(BusinessErrorCodes.ERROR_USER_ACCOUNT_PENDING);
                }

                return(result);
            }
            catch (Exception ex)
            {
                throw TaskManager.WriteError(ex);
            }
            finally
            {
                TaskManager.CompleteTask();
            }
        }
Exemple #2
0
        public static int SendPasswordReminder(string username, string ip)
        {
            // place log record
            TaskManager.StartTask("USER", "SEND_REMINDER", username);
            TaskManager.WriteParameter("IP", ip);

            try
            {
                // try to get user from database
                UserInfoInternal user = GetUserInternally(username);
                if (user == null)
                {
                    TaskManager.WriteWarning("Account not found");
                    // Fix for item #273 (NGS-9)
                    //return BusinessErrorCodes.ERROR_USER_NOT_FOUND;
                    return(0);
                }

                UserSettings settings = UserController.GetUserSettings(user.UserId, UserSettings.PASSWORD_REMINDER_LETTER);
                string       from     = settings["From"];
                string       cc       = settings["CC"];
                string       subject  = settings["Subject"];
                string       body     = user.HtmlMail ? settings["HtmlBody"] : settings["TextBody"];
                bool         isHtml   = user.HtmlMail;

                MailPriority priority = MailPriority.Normal;
                if (!String.IsNullOrEmpty(settings["Priority"]))
                {
                    priority = (MailPriority)Enum.Parse(typeof(MailPriority), settings["Priority"], true);
                }

                if (body == null || body == "")
                {
                    return(BusinessErrorCodes.ERROR_SETTINGS_PASSWORD_LETTER_EMPTY_BODY);
                }

                // One Time Password feature
                user.Password = OneTimePasswordHelper.SetOneTimePassword(user.UserId);

                // set template context items
                Hashtable items = new Hashtable();
                items["user"]  = user;
                items["Email"] = true;

                // get reseller details
                UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
                if (reseller != null)
                {
                    items["reseller"] = new UserInfo(reseller);
                }

                subject = PackageController.EvaluateTemplate(subject, items);
                body    = PackageController.EvaluateTemplate(body, items);

                // send message
                MailHelper.SendMessage(from, user.Email, cc, subject, body, priority, isHtml);

                return(0);
            }
            catch (Exception ex)
            {
                throw TaskManager.WriteError(ex);
            }
            finally
            {
                TaskManager.CompleteTask();
            }
        }