protected void SubmitButton_OnClick(object sender, EventArgs e)
{
bool errorMsg = false;
if (SecurityQuestionAnswer.Text.Length == 0 || SecurityQuestionAnswer.Text.Trim().Length == 0 || SecurityQuestionAnswer.Text.Length >= 250)
{
errorMsg = true;
}
if (!errorMsg)
{
PhytelEncrypter phytelEncrypter = new PhytelEncrypter();
string securityAnswerEncrypted = phytelEncrypter.Encrypt(SecurityQuestionAnswer.Text.ToLower());
string[] selectedQuestionId = SecurityQuestionList.GetSelectedItems();
string selectedQuestionText = selectedQuestionId[0];
CurrentUser.SetSecurityQuestion(selectedQuestionText, securityAnswerEncrypted);
//Log audit of Security Question Change
LogAuditEvent("SecurityQuestionChange", null);
UserHelper.RedirectUser(CurrentUser, true);
}
else
{
UserPageInfo.ErrorMessageCode = "ERR_007";
SetPageErrorText(ApplicationMessageService.Instance.GetMessage("ERR_007"));
}
}
protected void QuestionSubmitButton_OnClick(object sender, EventArgs e)
{
bool errorMsg = false;
muser = Membership.GetUser(txtUserName.Text);
C3User user = new C3User(muser);
passwordAnswerCount = user.FailedPasswordAnswerAttemptCount;
if (txtAnswer.Text.Length == 0)
{
errorMsg = true;
}
else
{
PhytelEncrypter phytelEncrypter = new PhytelEncrypter();
string passwordAnswerEncrypted = phytelEncrypter.Encrypt(txtAnswer.Text.ToLower());
if (user.PasswordAnswer == passwordAnswerEncrypted)
{
user.ResetPassword();
DateTime expiration = System.DateTime.Now.AddMinutes(-1);
//string expiration = System.DateTime.Today.ToShortDateString();
user.SetPasswordExpiration(expiration.ToString());
Membership.ValidateUser(user.UserName, user.GetPassword());
FormsAuthentication.SetAuthCookie(user.UserName, false);
user.ResetFailedAttemptCounts();
Session.Add("C3User", user);
UserPageInfo.ErrorMessageCode = string.Empty;
Response.Redirect(GlobalSiteRoot + "ChangePassword.aspx");
}
else
{
errorMsg = true;
passwordAnswerCount += 1;
user.SetFailedPasswordAnswerAttemptCount(passwordAnswerCount);
}
}
if (errorMsg == true)
{
if (passwordAnswerCount == 5)
{
//Lock out user
user.LockOutUser();
UserPageInfo.ErrorMessageCode = "ERR_009";
Response.Redirect(GlobalSiteRoot + "Login.aspx");
}
else
{
UserPageInfo.InformationMessageCode = "INF_018";
UserPageInfo.ErrorMessageCode = "ERR_004";
SetPageErrorText(ApplicationMessageService.Instance.GetMessage(UserPageInfo.ErrorMessageCode));
SetInformationText(ApplicationMessageService.Instance.GetMessage(UserPageInfo.InformationMessageCode));
}
}
}
private bool ValidateNewPassword()
{
bool newPasswordValid = true;
bool confirmNewPasswordValid = true;
bool passwordHistryNotExists = true;
string newPasswordEncrypted = string.Empty;
// New Password Validation
if (NewPassword.Text.Trim().Length < 6)
{
newPasswordValid = false;
}
if (!(System.Text.RegularExpressions.Regex.IsMatch(NewPassword.Text, "[A-Z]")))
{
newPasswordValid = false;
}
if (!(System.Text.RegularExpressions.Regex.IsMatch(NewPassword.Text, "[a-z]")))
{
newPasswordValid = false;
}
if (!System.Text.RegularExpressions.Regex.IsMatch(NewPassword.Text, "\\d"))
{
newPasswordValid = false;
}
if (!(System.Text.RegularExpressions.Regex.IsMatch(NewPassword.Text, "[^0-9a-zA-Z]")))
{
newPasswordValid = false;
}
if (System.Text.RegularExpressions.Regex.IsMatch(NewPassword.Text.ToLower(), CurrentUser.UserName.ToLower()))
{
newPasswordValid = false;
}
// Confirm New Password Validation
if (ConfirmNewPassword.Text.Trim().Length < 6)
{
confirmNewPasswordValid = false;
}
if (!(System.Text.RegularExpressions.Regex.IsMatch(ConfirmNewPassword.Text, "[A-Z]")))
{
confirmNewPasswordValid = false;
}
if (!(System.Text.RegularExpressions.Regex.IsMatch(ConfirmNewPassword.Text, "[a-z]")))
{
confirmNewPasswordValid = false;
}
if (!System.Text.RegularExpressions.Regex.IsMatch(ConfirmNewPassword.Text, "\\d"))
{
confirmNewPasswordValid = false;
}
if (!(System.Text.RegularExpressions.Regex.IsMatch(ConfirmNewPassword.Text, "[^0-9a-zA-Z]")))
{
confirmNewPasswordValid = false;
}
if (System.Text.RegularExpressions.Regex.IsMatch(ConfirmNewPassword.Text.ToLower(), CurrentUser.UserName.ToLower()))
{
confirmNewPasswordValid = false;
}
// Password Histry Validation
PhytelEncrypter phytelEncrypter = new PhytelEncrypter();
newPasswordEncrypted = phytelEncrypter.Encrypt(NewPassword.Text);
PasswordHistory pwdHistory = CurrentUser.HistoricalPasswords.Find(delegate(PasswordHistory a) { return(a.Password == newPasswordEncrypted); });
if (pwdHistory != null || CurrentUser.GetPassword().Equals(NewPassword.Text))
{
passwordHistryNotExists = false;
}
if (!newPasswordValid)
{
hdnValidationFlag.Value = "NewPasswordMinReq";
return(newPasswordValid);
}
else if (!confirmNewPasswordValid)
{
hdnValidationFlag.Value = "ConfirmNewPasswordMinReq";
return(confirmNewPasswordValid);
}
else if (!passwordHistryNotExists)
{
hdnValidationFlag.Value = "HistryExists";
return(passwordHistryNotExists);
}
return(true);
}