protected void Page_Load(object sender, EventArgs e)
{
if (!PermissionHelper.bIsSessionOK())
{
return;
}
if (!Page.IsPostBack && !Page.IsCallback)
{
txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
txtCategoryFirstID.Text = AESUtil.DecryptString(Request["CFID"].ToWSSafeString());
List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtCategoryFirstID.Text, new List <String>()
{
m_field_sectionName, m_field_mainCategory
});
txtSection.Text = listInfo[0];
txtCategory.Text = listInfo[1];
lblBuildingName.Text = DBUtil.DoLookup("OLEDB", SqlFacility, "Building_ID", txtBuildingID.Text, "NUMBER", "LOCATION", "SELECT * FROM BUILDING");
lblSection.Text = txtSection.Text;
lblCategory.Text = txtCategory.Text;
}
HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
HttpContext.Current.Session["LastRequest"] = DateTime.Now;
lnkSelectCategory.DataBind();
SqlFacility.Selected += new SqlDataSourceStatusEventHandler(SqlFacility_Selected);
}
protected void DownloadFile()
{
try
{
String FileNum = String.Empty;
try { FileNum = AESUtil.DecryptString(Request["FILE"].ToWSSafeString()); } catch { FileNum = Request["FILE"].ToWSSafeString(); }
String sFileToSend = Session["FILETOSEND" + FileNum].ToString();
if (String.IsNullOrEmpty(sFileToSend) || !System.IO.File.Exists(sFileToSend))
{
String js = "alert('Error. The specified file cannot be downloaded because it does not exist.');window.close();";
Page.ClientScript.RegisterClientScriptBlock(Page.GetType(), "FILESENDERROR", js, true);
return;
}
Response.ContentType = WebMap.Web.StringUtil.GetMimetype(System.IO.Path.GetExtension(sFileToSend));
Response.Clear();
Response.ClearContent();
Response.ClearHeaders();
Response.Buffer = true;
Response.AppendHeader("Content-Disposition", "attachment; filename=" + System.IO.Path.GetFileName(sFileToSend));
Response.AppendHeader("Content-Length", (new System.IO.FileInfo(sFileToSend)).Length.ToString());
Response.TransmitFile(sFileToSend);
Response.Flush();
Context.ApplicationInstance.CompleteRequest();
}
catch (Exception)
{
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!PermissionHelper.bIsSessionOK())
{
return;
}
if (!Page.IsPostBack && !Page.IsCallback)
{
txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
txtSubCatID.Text = AESUtil.DecryptString(Request["SCID"].ToWSSafeString());
List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtSubCatID.Text, new List <String>()
{
m_field_sectionName, m_field_mainCategory, m_field_subCategory
});
txtSection.Text = listInfo[0];
txtCategory.Text = listInfo[1];
txtSubCategory.Text = listInfo[2];
lblBuildingName.Text = DBUtil.DoLookup(DBUtil.DBType.oledb, SqlFacility, "Building_ID", txtBuildingID.Text, DBUtil.FieldType.number, "LOCATION", "SELECT * FROM BUILDING");
lblSection.Text = txtSection.Text;
lblCategory.Text = txtCategory.Text;
}
HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
HttpContext.Current.Session["LastRequest"] = DateTime.Now;
lnkSelectSubCategory.DataBind();
ltNoData.Visible = true;
ltNoData.Text = String.Format("<p class=\"ui-body ui-body-c message\"><strong>No data entered for {0}. Please use the Add New Record button below to add a new record.</strong></p>", txtSubCategory.Text.ToWSTitleCase());
}
protected void DateButton_Click(object sender, EventArgs e)
{
//update database
txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString()); //viewstate is disabled, need to update this on postback
String fld = "INSP" + ConfigurationManager.AppSettings["InspectionYear"].ToWSSafeString();
String sSql = String.Format("UPDATE [{0}] SET [{1}] = DATE() WHERE [BUILDING_ID]={2} AND [{1}] IS NULL", m_FeatureClassTable, fld, txtBuildingID.Text);
DBUtil.ConnExecute(DBUtil.DBConnType.Oledb, m_LookupTablesDBConnection, sSql);
Response.Redirect(Request.RawUrl);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!PermissionHelper.bIsSessionOK())
{
return;
}
if (!Page.IsPostBack && !Page.IsCallback)
{
txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
txtSubCatID.Text = AESUtil.DecryptString(Request["SCID"].ToWSSafeString());
List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtSubCatID.Text, new List <String>()
{
m_field_sectionName, m_field_mainCategory, m_field_subCategory
});
txtSection.Text = listInfo[0];
txtCategory.Text = listInfo[1];
txtSubCategory.Text = listInfo[2];
String sEntryUid = AESUtil.DecryptString(Request["EntryUID"].ToWSSafeString());
txtInspector.Text = User.Identity.Name.ToWSSafeString();
lblBuildingName.Text = DBUtil.DoLookup(DBUtil.DBType.oledb, SqlFacility, "Building_ID", txtBuildingID.Text, DBUtil.FieldType.number, "LOCATION", "SELECT * FROM BUILDING");
lblSection.Text = txtSection.Text;
lblCategory.Text = txtCategory.Text;
lblSubcategory.Text = txtSubCategory.Text;
txtEntryUID.Text = sEntryUid == AddNewKey ? "-1" : sEntryUid;
lblMessage.Text = sEntryUid == AddNewKey ? "Adding New Record" : "Viewing Record";
}
HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
HttpContext.Current.Session["LastRequest"] = DateTime.Now;
if (txtEntryUID.Text == "-1")
{
if (IsEditEnabled())
{
DetailsView1.ChangeMode(DetailsViewMode.Insert);
}
else
{
lblMessage.Text = "Sorry, your user account does not have permission to edit the data.";
}
}
if (!IsEditEnabled())
{
addJS("jsIsEditEnabled", "var jsIsEditEnabled = false;");
}
else
{
addJS("jsIsEditEnabled", "var jsIsEditEnabled = true;");
}
lnkBack.DataBind();
}
protected void Page_Load(object sender, EventArgs e)
{
if (!PermissionHelper.bIsSessionOK())
{
return;
}
if (!Page.IsPostBack && !Page.IsCallback)
{
txtBuildingID.Text = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
txtSectionExpanded.Text = AESUtil.DecryptString(Request["CFID"].ToWSSafeString()); //coming back from SelectSubCategory this is CategoryFirstOfID but if navigate through to edit form, when you come back this is actually SCID
if (!String.IsNullOrWhiteSpace(txtSectionExpanded.Text))
{
List <String> listInfo = DBUtil.DoLookupOLEDB(m_LookupTablesDBConnection, m_catTable, "ID", DBUtil.FieldTypeEnum2.Number, txtSectionExpanded.Text, new List <String>()
{
m_field_sectionName, m_field_mainCategory, "FirstOfID"
});
txtSectionExpanded.Text = listInfo[0];
String sCatName = listInfo[1];
String sCFID = listInfo[2];
//function loadSubMenu(divid, firstid, _buildingid, _sectionname, _maincategory) {
String js = String.Format("loadSubMenu('{0}','{1}','{2}','{3}','{4}');scroolToDivID('{0}');", GetCategorySubMenuID(sCFID), sCFID, txtBuildingID.Text, txtSectionExpanded.Text, sCatName);
addJS("init-cat-expand", js, true);
}
lblBuildingName.Text = DBUtil.DoLookup("OLEDB", SqlFacility, "Building_ID", txtBuildingID.Text, "NUMBER", "LOCATION", "SELECT * FROM BUILDING");
if (collapseSection)
{
ltCollapseULBegin.Text = "<div data-role=\"collapsible-set\" data-theme=\"b\" data-content-theme=\"c\" >";
ltCollapseULEnd.Text = "</div>";
}
else
{
ltCollapseULBegin.Text = "<ul data-role=\"listview\" data-inset=\"true\" data-filter=\"false\" data-filter-theme=\"false\">";
ltCollapseULEnd.Text = "</ul>";
}
}
HttpContext.Current.Application["User" + HttpContext.Current.Session["SID"]] = HttpContext.Current.User.Identity.Name.ToString().ToUpper() + "|" + DateTime.Now.ToString();
HttpContext.Current.Session["LastRequest"] = DateTime.Now;
}
protected string sqlFeatureInsertCommand()
{
//this sub-routine read field lists from sqlDataSource insert parameters.
//Parameter names are case-sensitive and must match those used by Bind or Eval statement in GridView / DetailsView
String FieldList = String.Empty;
String ValueList = String.Empty;
bool bFirst = true;
//time stamp
if (!String.IsNullOrEmpty(m_FeatureClassTimeStampField))
{
if (bFirst)
{
bFirst = false;
}
else
{
FieldList += ","; ValueList += ",";
}
FieldList += m_FeatureClassTimeStampField;
//ValueList += "GETDATE()";
ValueList += "Now()";
}
//inspector
if (!String.IsNullOrEmpty(m_InspectorField))
{
if (bFirst)
{
bFirst = false;
}
else
{
FieldList += ","; ValueList += ",";
}
FieldList += m_InspectorField;
ValueList += String.Format("'{0}'", User.Identity.Name.ToWSSafeString());
}
//building id
if (bFirst)
{
bFirst = false;
}
else
{
FieldList += ","; ValueList += ",";
}
FieldList += "Building_ID";
String bldgID = String.Empty;
if (txtBuildingID == null || String.IsNullOrWhiteSpace(txtBuildingID.Text))
{
bldgID = AESUtil.DecryptString(Request["BuildingID"].ToWSSafeString());
}
else
{
bldgID = txtBuildingID.Text;
}
ValueList += String.Format("{0}", bldgID);
//sub-category id
if (bFirst)
{
bFirst = false;
}
else
{
FieldList += ","; ValueList += ",";
}
FieldList += "Sub_Category_ID";
String subCatID = String.Empty;
if (txtSubCatID == null || String.IsNullOrWhiteSpace(txtSubCatID.Text))
{
subCatID = AESUtil.DecryptString(Request["SCID"].ToWSSafeString());
}
else
{
subCatID = txtSubCatID.Text;
}
ValueList += String.Format("{0}", subCatID);
//all other fields
for (int i = 0; i <= SqlFacility.InsertParameters.Count - 1; i++)
{
Parameter uPrm = SqlFacility.UpdateParameters[i];
if (bFirst)
{
bFirst = false;
}
else
{
FieldList += ","; ValueList += ",";
}
FieldList += uPrm.Name;
ValueList += String.Format("@{0}", uPrm.Name);
}
string sSql = String.Format("INSERT INTO [{0}] ({1}) VALUES ({2})", m_FeatureClassTable.ToUpper(), FieldList, ValueList);
return(sSql);
}
protected void Page_Load(object sender, EventArgs e)
{
//Custom Client Names.
string clientName = ConfigurationManager.AppSettings["ClientName"];
Page.Title = clientName + " LOGIN PAGE";
messageContainer.Visible = false;
//PersistCookie.Checked = false;
//PersistCookie.Visible = false;
Session["INTERNAL_IP"] = false;
System.Data.OleDb.OleDbConnection IPDBConnection = new System.Data.OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings["_InternalIPDB"].ConnectionString);
//check session to prevent logs from being created twice [1st on page load, 2nd when user click login button]
if (Session["SID"] == null)
{
string sHost = "";
try
{
sHost = System.Net.Dns.GetHostEntry(Request.Params["REMOTE_ADDR"]).HostName.ToString().ToUpper();
}
catch (Exception ex)
{
}
finally
{
Session["sHOST"] = sHost.ToUpper();
}
System.Data.OleDb.OleDbConnection myConnection = new System.Data.OleDb.OleDbConnection(ConfigurationManager.ConnectionStrings["_UserDatabase"].ConnectionString);
string strCommand = string.Format("Insert into [LOG] (IP_ADDRESS,COMPUTER_NAME, TIME_START) values ('{0}','{1}','{2}')", Request.Params["REMOTE_ADDR"], sHost, DateTime.Now.ToString());
System.Data.OleDb.OleDbCommand myCommand = new System.Data.OleDb.OleDbCommand(strCommand, myConnection);
myCommand.Connection.Open();
myCommand.ExecuteNonQuery();
System.Data.OleDb.OleDbCommand cmdGetidentity = new System.Data.OleDb.OleDbCommand("SELECT @@IDENTITY", myConnection);
long lngNewID = Convert.ToInt64(cmdGetidentity.ExecuteScalar());
Session["SID"] = lngNewID;
myCommand.Connection.Close();
}
if (Page.Request["NoByPass"] == "TRUE")
{
if ((Session["CurrentEditor"] != null))
//user has already authenticated through one of the ASP edit forms
{
FormsAuthentication.RedirectFromLoginPage(Session["CurrentEditor"].ToString(), false);
}
return;
}
if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["No_Internal_IP_L123_Bypass"]) && bool.Parse(ConfigurationManager.AppSettings["No_Internal_IP_L123_Bypass"]) && Request["Token"] == null)
{
return;
}
if ((Session["sHost"].ToString().IndexOf("GIS1") == 0 || Session["sHost"].ToString().IndexOf("PROD3") == 0) && Request["Token"] == null)
{
//logged in from WS PC
DeveloperBypass();
return;
}
else if (Request.UserHostAddress == "127.0.0.1" || Request.UserHostAddress == "::1")
{
//logged in from server using localhost in browser address
DeveloperBypass_InitiallyReadOnly("ADMIN", "L3 Bypass (Debug)"); //will be prompted for password if trying to edit
return;
}
else
{
//check ip address
DataSet myData = new DataSet();
//Level II bypass - GIS PC
string strGISPCQuery = string.Format("select * from [IP_List_GIS] where [PCNAME] like '{0}'", Session["sHost"].ToString());
OleDbDataAdapter dsGISCmd = new OleDbDataAdapter(strGISPCQuery, IPDBConnection);
dsGISCmd.Fill(myData, "GIS_PC");
DataTable pTableGIS = myData.Tables["GIS_PC"];
if (pTableGIS.Rows.Count > 0)
{
DeveloperBypass_InitiallyReadOnly(pTableGIS.Rows[0]["LOGIN"].ToString(), string.Format("L2 Bypass ({0})", pTableGIS.Rows[0]["LOGIN"].ToString())); //will be prompted for password if trying to edit
return;
}
//Level I bypass - Wendel Intranet
bool bIpOk = false;
string strIPQuery = string.Format("select * from [IP_List] where [IP] = '{0}'", Request.UserHostAddress);
OleDbDataAdapter dsCmd = new OleDbDataAdapter(strIPQuery, IPDBConnection);
dsCmd.Fill(myData, "IP_Exact");
DataTable pTable = myData.Tables["IP_Exact"];
if (pTable.Rows.Count > 0)
{
//Exact match to IP address
bIpOk = true;
//
}
else
{
strIPQuery = "select * from [IP_List] where instr(1,[IP],'*')";
dsCmd = new OleDbDataAdapter(strIPQuery, IPDBConnection);
dsCmd.Fill(myData, "IP_SubNet");
pTable = myData.Tables["IP_SubNet"];
System.Data.DataRow pRow = null;
foreach (DataRow pRow_loopVariable in pTable.Rows)
{
pRow = pRow_loopVariable;
Wildcard wildcard = new Wildcard(pRow["IP"].ToString(), RegexOptions.IgnoreCase);
if (wildcard.IsMatch(Request.UserHostAddress) || wildcard.IsMatch(Session["sHOST"].ToString()))
{
bIpOk = true;
break; // TODO: might not be correct. Was : Exit For
}
}
}
//'Level 1 DNS lookup bypass
//'disable DNS lookup. it's slow
//If Not bIpOk Then
// strIPQuery = "select * from [IP_List] where [DNSLookup] = true"
// dsCmd = New OleDbDataAdapter(strIPQuery, IPDBConnection)
// dsCmd.Fill(myData, "DNS_SubNet")
// pTable = myData.Tables("DNS_SubNet")
// Dim pRow As System.Data.DataRow
// For Each pRow In pTable.Rows
// Try
// If Request.UserHostAddress = System.Net.Dns.GetHostEntry(pRow.Item("IP").ToString).AddressList(0).ToString Then
// bIpOk = True
// Exit For
// End If
// Catch ex As Exception
// End Try
// Next
//End If
//token in URL
if (Request["Token"] != null)
{
String[] userInfo = AESUtil.DecryptString(Request["Token"]).Split(new String[] { "|" }, StringSplitOptions.None);
//if ip matched the token - allow regardless of ip address
if (userInfo[0].ToUpper() == "WARIT" && userInfo[1] == Request.UserHostAddress)
{
//token valid
DeveloperBypass();
return;
}
//developer bypass - allow if coming from any of the recognized ip and token contains any of the recognized ip
else if (bIpOk)
{
String strTokenIPQuery = String.Format("select * from [IP_List] where [IP] = '{0}'", userInfo[1]);
OleDbDataAdapter dsTokenIPCmd = new OleDbDataAdapter(strTokenIPQuery, IPDBConnection);
dsCmd.Fill(myData, "Token_IP_Exact");
DataTable pTokenIPTable = myData.Tables["Token_IP_Exact"];
if (pTable.Rows.Count > 0)
{
//token valid
DeveloperBypass();
return;
}
}
}
if (bIpOk)
{
Session["INTERNAL_IP"] = true;
if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["No_Internal_IP_Bypass"]) && bool.Parse(ConfigurationManager.AppSettings["No_Internal_IP_Bypass"]))
{
messageContainer.Visible = true;
lblResults.Text = "Internal IP bypass is disabled in this application. You need to login.";
lblResults.Font.Bold = true;
}
else
{
UpdateLogUser("ADMIN", "L1 Bypass");
//Level I bypass
//Internal Access - bypass login screen
Session["AllowEdit"] = false;
FormsAuthentication.RedirectFromLoginPage("ADMIN", false);
return;
}
}
}
//Restrict_IP_Address
if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["Restrict_IP_Address"]) && bool.Parse(ConfigurationManager.AppSettings["Restrict_IP_Address"]))
{
bool bUserIPOK = false;
OleDbConnection myUserIPConnection = new OleDbConnection(ConfigurationManager.ConnectionStrings["_UserDatabase"].ConnectionString);
string strUserIPQuery = "select * from [IP_Allow_List] where [IP] = '" + Request.UserHostAddress + "'";
OleDbDataAdapter dsUserIPCmd = new OleDbDataAdapter(strUserIPQuery, myUserIPConnection);
DataSet myUserIPData = new DataSet();
dsUserIPCmd.Fill(myUserIPData, "IP_Exact");
DataTable pUserIPTable = myUserIPData.Tables["IP_Exact"];
if (pUserIPTable.Rows.Count > 0)
{
//Exact match to IP address
bUserIPOK = true;
}
else
{
strUserIPQuery = "select * from [IP_Allow_List] where instr(1,[IP],'*')";
dsUserIPCmd = new OleDbDataAdapter(strUserIPQuery, myUserIPConnection);
dsUserIPCmd.Fill(myUserIPData, "IP_SubNet");
pUserIPTable = myUserIPData.Tables["IP_SubNet"];
System.Data.DataRow pRow = null;
foreach (DataRow pRow_loopVariable in pUserIPTable.Rows)
{
pRow = pRow_loopVariable;
if (Request.UserHostAddress.Length >= pRow["IP"].ToString().Length)
{
if (Request.UserHostAddress.Substring(0, pRow["IP"].ToString().Length - 1) == pRow["IP"].ToString().Substring(0, pRow["IP"].ToString().Length - 1))
{
bUserIPOK = true;
break; // TODO: might not be correct. Was : Exit For
}
}
}
}
if (!bUserIPOK)
{
UserName.Disabled = true;
UserPass.Disabled = true;
cmdLogin.Enabled = false;
messageContainer.Visible = true;
lblResults.Text = "Sorry, access is not permitted from your IP Address. Please contact Wendel GIS department for assistance.";
lblResults.Font.Bold = true;
}
}
}