Esempio n. 1
0
        private ActionResult ReturnLoginView(LoginFormViewData data)
        {
            // For Custom site member logins, you can return a different view here
            // note you also need to change the default URL above
            if ((Session["LastUrl"] + "").Contains("admin") || !EnableMemberLogin)
            {
                return(View("Login", data));
            }

            return(View("LoginMember", data));
        }
Esempio n. 2
0
        public ActionResult LoginSubmit(string username, string pCode, bool?rememberPwd)
        {
            bool remember = rememberPwd ?? false;

            Beweb.Security s = new Beweb.Security();
            s.AllCurrentRoles = SecurityRoles.Roles;
            // Login user by other fields, eg FacebookID
            //var fbUserID = Request["FacebookID"];
            //if (fbUserID.IsNotBlank()) {
            //	var p = Person.LoadByFacebookUserID(fbUserID);
            //	if (p == null) {
            //		var data = new LoginFormViewData();
            //		Web.ErrorMessage = "Sorry, no family member found with the provided Facebook account. Please <a href=\""+Web.Root+"Family/Join\">Join the Family</a> first. ";
            //		return ReturnLoginView(data);
            //	}
            //	if (s.Login(p.Email, Crypto.Decrypt(p.Password), remember)) {
            //		return Redirect(s.RedirectUrl);
            //	}
            //}
            if (Web.Session["Impersonating"] == null)
            {
                RemoteTwitchLogin(s, username, ref pCode);
            }
            else
            {
                Web.Session.Remove("Impersonating");
            }
            if (s.Login(username, pCode, remember))
            {
                // ok
                if (EnableSavvySingleSignOn)
                {
                    s.SetSavvySingleSignOnCookie(username, SSODomain);
                }
                return(Redirect(s.RedirectUrl));
            }
            else
            {
                // a problem
                ModelState.AddModelError("Login", s.ResultMessage);
                var data = new LoginFormViewData();
                data.Username    = username;
                data.PCode       = "";
                data.RememberPwd = remember;
                return(ReturnLoginView(data));
            }
        }
Esempio n. 3
0
        public ActionResult Login(string t, string u)
        {
            if (t.IsNotBlank() && u.IsNotBlank())
            {
                bool isImpersonateOk = Crypto.CheckMinuteCypher(t, 1);

                if (!isImpersonateOk)
                {
                    Web.ErrorMessage = "Impersonating failed";
                    return(Redirect(Web.Root));
                }

                int    id = Crypto.DecryptID(u);
                Person p  = Person.LoadByPersonID(id);
                if (p != null)
                {
                    Web.Session.Add("Impersonating", true);

                    //string passwordToken = "|" + "|" + "|" + "|";
                    string password = Crypto.Decrypt(p.Password);

                    return(LoginSubmit(p.Email, password, true));
                }
                else
                {
                    Web.ErrorMessage = "Impersonating failed";
                    return(Redirect(Web.Root));
                }
            }



            var data = new LoginFormViewData();

            TrackingBreadcrumb.Current.AddBreadcrumb(1, "Login");

            // save the lastUrl - for login redirect later
            //if (Request.UrlReferrer != null && !Request.UrlReferrer.AbsoluteUri.ContainsInsensitive("security/login")) {
            //	Session["LastUrl"] = Request.UrlReferrer.AbsoluteUri;
            //} else {
            //	Session["LastUrl"] = "~/admin/";
            //}
            if (!Request["ReturnUrl"].ContainsInsensitive("loginsubmit"))               // this will prevent login submit not found after first login fails(i.e. using the wrong username and password) JC 20140427
            {
                Session["LastUrl"] = Request["ReturnUrl"];
            }

            if (Session["LastUrl"] + "" == "")
            {
                if (EnableMemberLogin)
                {
                    Session["LastUrl"] = MemberWelcomeUrl;                     // you can change this to the default URL people go to after logging in - eg Members Section - this applies when browsing directly to login page
                }
                else
                {
                    Session["LastUrl"] = Web.AdminRoot;                      // by default, we go to admin menu after logging in
                }
            }

            // if logged in AND we have a ReturnUrl in the querystring, the person must not be authorised for that page - hopefully this assumption is always correct
            if (Security.IsLoggedIn && Request["ReturnUrl"].IsNotBlank())
            {
                ModelState.AddModelError("Login", "Sorry, your user name doesn't have permission to access that area.");
            }

            // get the remembered values
            var s = new Beweb.Security();

            s.GetRemembered();
            data.Username = s.RememberedUser;
            data.ForgottenPasswordEmailAddress = s.RememberedUser;
            data.RememberPwd = s.IsRemembered;
            data.PCode       = s.RememberedPassword;          // if cookied this will be an encrypted version
            if (s.IsRemembered && AutologinSkipLoginScreen && ModelState.Count == 0)
            {
                if (Request["logout"] == "1")
                {
                    // user has just chosen to log out, so they will want to log in with a different user or at least not auto-login again
                    Security.ClearSecurityCookies();
                    data.Username    = "";
                    data.PCode       = "";
                    data.RememberPwd = false;
                    Web.InfoMessage  = "Your login details have been removed from this computer.";
                }
                else
                {
                    return(LoginSubmit(data.Username, data.PCode, true));
                }
            }
            else if (EnableSavvySingleSignOn && ModelState.Count == 0 && s.CheckSavvySingleSignOn())
            {
                // single sign in Savvy Classic ASP to Savvy MVC .Net
                return(LoginSubmit(s.RememberedUser, s.RememberedPassword, true));
            }

            return(ReturnLoginView(data));
        }