protected void btnSendPass_Click(object sender, EventArgs e)
        {
            string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255);
            //string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255).Replace("_", "");
            string strPIN = strSafeSqlLiteral(userPIN.Text.ToString(), 4);

            if ((strUser == "") || (strPIN.Length != 4))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "E-Mail and PIN are required!";
                return;
            }

            if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b")))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "Invalid User.";
                return;
            }

            string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();

            if (strIPAddress.Length > 20)
            {
                strIPAddress = strIPAddress.Substring(0, 20);
            }

            DataSet ds1 = new DataSet();

            StringBuilder strCmd = new StringBuilder();

            strCmd.Append("SELECT * ");
            strCmd.Append("FROM TMHUsers ");
            strCmd.Append("WHERE [UserName] ='" + strUser + "' AND [PIN] = '" + strPIN + "'");

            db1.mv_OpenConnection2(strIPAddress);
            ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
            db1.mv_CloseConnection();
            // check to see if error occurred during database connection and sql execution
            if (ds1 == null)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "Your email and PIN do not match or not found!";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count == 0)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "No user account found, or PIN number not matched with our file, Please try again.";
                return;
            }

            if (strUser.IndexOf("@") > 0)
            {
                string      strNewPass = getRandomPassword();
                SmtpClient  sc         = new SmtpClient(Properties.Settings.Default.SMTP_Server);
                MailMessage mm         = new MailMessage("*****@*****.**", strUser);
                mm.Subject = "San Diego Sheriff TMH Self-Registry Account Information.";
                mm.Body    = "This email was auto-generated, please do not reply to this email message. ";
                mm.Body    = mm.Body + (char)13 + (char)12;
                mm.Body    = mm.Body + "Your Take Me Home Self-Registry password has been reset. Your new password is: " + strNewPass + (char)13 + (char)12;
                mm.Body    = mm.Body + "This password will allow you to login and then require you to set a new password. ";
                mm.Body    = mm.Body + "Login at: " + Properties.Settings.Default.TMHUrl;
                mm.Body    = mm.Body + (char)13 + (char)12;
                mm.Body    = mm.Body + "Copy and paste the password from this email into the login form. ";
                mm.Body    = mm.Body + "You will then be asked to change your password and you should paste the ";
                mm.Body    = mm.Body + "same password from this email in the old password field. ";
                mm.Body    = mm.Body + "You can pick a new password and enter it into the new password and confirm fields. ";
                mm.Body    = mm.Body + "" + (char)13 + (char)12;
                mm.Body    = mm.Body + "The new password you choose cannot repeat a previous password, cannot be any part of your lastname, firstname, userid, ";
                mm.Body    = mm.Body + "must be at least 8 characters long, contain at least 1 numeric, 1 uppercase letter ";
                mm.Body    = mm.Body + "and 1 lowercase letter. " + (char)13 + (char)12;
                sc.Send(mm);

                SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();

                string sPassEnc = SDSheriffCrypto1.Encrypt(strNewPass);
                //string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString();
                try
                {
                    // reset user password with the random generated password
                    StringBuilder strCmd2 = new StringBuilder();

                    strCmd2.Append("UPDATE TMHUsers SET [PassWord] = " + "'" + sPassEnc + "', ");
                    strCmd2.Append("[LastActivityDate] = GETDATE(), [Status] = 'X', ");
                    strCmd2.Append("[IP] = '" + strIPAddress + "' ");
                    strCmd2.Append("WHERE [UserName] = '" + strUser + "' AND [PIN] = '" + strPIN + "'");
                    db1.mv_OpenConnection2(strIPAddress);
                    db1.mv_InsertOrUpdate(strCmd2.ToString());
                    db1.mv_CloseConnection();
                    // check to see if error occurred during database connection and sql command execution
                }
                catch (Exception ex)
                {
                    string strErr = ex.Message.ToString();
                    //lblMsg.ForeColor = System.Drawing.Color.Red;
                    msgVal.Attributes["class"] = "alert alert-danger";
                    lblMsg.Text = "Error Occurred, new password not set or emailed to you!";
                    return;
                }
                msgVal.Attributes["class"] = "alert alert-success";
                lblMsg.Text = "Your password has been reset and the new password has been emailed to your email address on file.";
            }
            else
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "The confirmation code does not match our records. Please contact your administrator.";
            }
        }
        protected void btnLogin_Click(object sender, EventArgs e)
        {
            lblMsg.Text = "";

            string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255);
            string strPass = strSafeSqlLiteral(userpassword.Text.ToString(), 127);

            if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b")))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-100, Invalid User.";
                return;
            }

            if ((strPass.Length < 8) || (strUser.Length < 5))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-110, No user account found, or bad password.";
                return;
            }

            string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();

            if (strIPAddress.Length > 20)
            {
                strIPAddress = strIPAddress.Substring(0, 20);
            }

            SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();

            string sPassEnc = SDSheriffCrypto1.Encrypt(strPass);
            string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString();
            //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
            //else lblMsg.Text = "Success";

            DataSet ds1 = new DataSet();

            StringBuilder strCmd = new StringBuilder();

            strCmd.Append("SELECT * ");
            strCmd.Append("FROM TMHUsers ");
            strCmd.Append("WHERE UserName ='******' AND PassWord = '******' AND STATUS in ('A', 'X')");

            db1.mv_OpenConnection2(strIPAddress);
            ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
            db1.mv_CloseConnection();
            // check to see if error occurred during database connection and sql cmd execution
            if (ds1 == null)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-120, Error Occurred - (1) Database Error";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count == 0)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-130, Bad user account or password!";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count > 1)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-140, Multiple user accounts found - Error.";
                return;
            }

            HttpContext.Current.Session["TMHPasswordAccess"] = "Yes";
            HttpContext.Current.Session["TMHUser"]           = strUser;

            // need internal user id saved in the session variable for inserting new TMH cases for the user
            HttpContext.Current.Session["TMHUserId"]  = ds1.Tables["tblUser"].Rows[0]["UserId"].ToString().Trim();
            HttpContext.Current.Session["TMHUserPIN"] = ds1.Tables["tblUser"].Rows[0]["PIN"].ToString().Trim();

            try
            {
                // reset user IP address with the current IP address
                StringBuilder strCmd2 = new StringBuilder();

                strCmd2.Append("UPDATE TMHUsers SET [IP] = '" + strIPAddress + "', ");
                strCmd2.Append("[LastActivityDate] = GETDATE() ");
                strCmd2.Append("WHERE [UserName] = '" + strUser + "'");
                db1.mv_OpenConnection2(strIPAddress);
                db1.mv_InsertOrUpdate(strCmd2.ToString());
                db1.mv_CloseConnection();
                // check to see if error occurred during database connection and sql command execution
            }
            catch (Exception ex)
            {
                string strErr = ex.Message.ToString();
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-150, Login Error, Take Me Home is not available at this time, Please try later.";
                return;
            }

            string strUserStatus = ds1.Tables["tblUser"].Rows[0]["Status"].ToString().Trim();

            if (userremember.Checked)
            {
                HttpCookie LoginCookie = new HttpCookie("TMHUserId");
                LoginCookie.Values.Add("UserName", useremail.Text.ToString().Trim());
                LoginCookie.Expires = DateTime.Now.AddYears(100);
                Response.Cookies.Add(LoginCookie);
            }

            // Create the forms authetication ticket
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, useremail.Text, DateTime.Now
                                                                                 , DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath);

            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

            // Create a cookie and add the encrypted ticket to the cookie as data.
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

            // Add the cookie to the outgoing cookies collection.
            Response.Cookies.Add(authCookie);

            if (Request.QueryString["ReturnUrl"] != null)
            {
                FormsAuthentication.RedirectFromLoginPage(useremail.Text, false);
                //Response.Redirect("default.aspx");
            }

            if (strUserStatus == "X")
            {
                Server.Transfer("ChangePass.aspx");
            }
            else
            {
                Server.Transfer("default.aspx");
            }
        }
Esempio n. 3
0
        //---------------------------- Method ---------------------------------------
        protected void btnChangePass_Click(object sender, EventArgs e)
        {
            lblMsg.Text = "";

            string strUser = strSafeSqlLiteral(useremail.Text.ToString(), 255);

            string strPassOld  = strSafeSqlLiteral(userpasswordOld.Text.ToString(), 127);
            string strPassNew  = strSafeSqlLiteral(userpasswordNew.Text.ToString(), 127);
            string strPassNewC = strSafeSqlLiteral(userpasswordNewC.Text.ToString(), 127);

            if (!IsComplexPassword(strPassNew))
            {
                // at least change the message and write to app event log
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-300, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long.";
                return;
            }

            if (strPassNew.Length < 8)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-310, Error: New password length is less than 8 characters long, Please try again.";
                return;
            }

            if (strPassNew != strPassNewC)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-320, Error: New password and confirm password do not match, Please try again.";
                return;
            }

            string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();

            if (strIPAddress.Length > 20)
            {
                strIPAddress = strIPAddress.Substring(0, 20);
            }

            SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();

            string sPassEncOld = SDSheriffCrypto1.Encrypt(strPassOld);
            string sPassDecOld = SDSheriffCrypto1.Decrypt(sPassEncOld).ToString();
            //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
            //else lblMsg.Text = "Success";

            DataSet ds1 = new DataSet();

            StringBuilder strCmd = new StringBuilder();

            strCmd.Append("SELECT * ");
            strCmd.Append("FROM TMHUsers ");
            strCmd.Append("WHERE [UserName] ='" + strUser + "' AND [PassWord] = '" + sPassEncOld + "' AND STATUS in ('A', 'X')");

            db1.mv_OpenConnection2(strIPAddress);
            ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
            db1.mv_CloseConnection();
            // check to see if error occurred during database connection and sql execution
            if (ds1 == null)
            {
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-330, Error: Database Error";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count == 0)
            {
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-340, Error: No user account found, or old password bad, Please try again.";
                return;
            }

            string sPassEncNew = SDSheriffCrypto1.Encrypt(strPassNew);

            try
            {
                // change user password with the new password selected by the user
                StringBuilder strCmd2 = new StringBuilder();

                strCmd2.Append("UPDATE TMHUsers SET [PassWord] = " + "'" + sPassEncNew + "', ");
                strCmd2.Append("[LastActivityDate] = GETDATE(), [Status] = 'A', ");
                strCmd2.Append("[IP] = '" + strIPAddress + "' ");
                strCmd2.Append("WHERE [UserName] = '" + strUser + "' AND [PassWord] = '" + sPassEncOld + "'");
                db1.mv_OpenConnection2(strIPAddress);
                db1.mv_InsertOrUpdate(strCmd2.ToString());
                db1.mv_CloseConnection();
                // check to see if error occurred during database connection and sql command execution
            }
            catch (Exception ex)
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                string strErr = ex.Message.ToString();
                lblMsg.Text = "TMHSelf-350, Error: Your Password was not changed!";
                return;
            }


            //lblMsg.ForeColor = System.Drawing.Color.Black;
            msgVal.Attributes["class"] = "alert alert-success";
            lblMsg.Text           = "Your password has been changed.";
            pnlChangePass.Visible = false;
            pnlindexPage.Visible  = true;
        }
Esempio n. 4
0
        //---------------------------- Method ---------------------------------------
        protected void btnAddUser_Click(object sender, EventArgs e)
        {
            lblMsg.Text = "";
            string strUser  = strSafeSqlLiteral(useremail.Text.ToString().Trim(), 255);
            string strpin   = strSafeSqlLiteral(userpin.Text.ToString().Trim(), 4);
            string strPass  = strSafeSqlLiteral(userpassword.Text.ToString().Trim(), 127);
            string strPassC = strSafeSqlLiteral(userpasswordC.Text.ToString().Trim(), 127);

            if (!IsValidPIN(strpin))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-200, Error: Invalid PIN, 4 digits please!";
                return;
            }

            if (!IsComplexPassword(strPass))
            {
                // at least change the message and write to app event log
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-210, Error: Make sure the new password contains numeric, upper and lower case characters and is at least 8 characters long.";
                return;
            }


            if ((strPass != strPassC) || (strPass == "") || (strPass.Length < 8) || (strpin.Length != 4) || (strUser.Length < 5))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-220, Error: Required fields are missing, or Password and Password Confirmation do not match, or bad PIN, try again!";
                return;
            }

            if ((strUser.Length > 0) && (!Regex.IsMatch(strUser, @"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b")))
            {
                //lblMsg.ForeColor = System.Drawing.Color.Red;
                msgVal.Attributes["class"] = "alert alert-danger";
                lblMsg.Text = "TMHSelf-230, Error: Invalid User.";
                return;
            }

            string strIPAddress = Request.ServerVariables["REMOTE_ADDR"].ToString().Trim();

            if (strIPAddress.Length > 20)
            {
                strIPAddress = strIPAddress.Substring(0, 20);
            }

            SDSheriffUtils.SDSheriffCrypto SDSheriffCrypto1 = new SDSheriffUtils.SDSheriffCrypto();

            string sPassEnc = SDSheriffCrypto1.Encrypt(strPass);
            string sPassDec = SDSheriffCrypto1.Decrypt(sPassEnc).ToString();
            //if (strPass != sPassDec) lblMsg.Text = "Enc/Dec not working";
            //else lblMsg.Text = "Success";

            DataSet ds1 = new DataSet();

            StringBuilder strCmd = new StringBuilder();

            strCmd.Append("SELECT * ");
            strCmd.Append("FROM TMHUsers ");
            strCmd.Append("WHERE UserName ='******'");

            db1.mv_OpenConnection2(strIPAddress);
            ds1 = db1.mds_ExecuteQuery(strCmd.ToString(), "tblUser");
            db1.mv_CloseConnection();
            // check to see if error occurred during database connection and sql command execution
            if (ds1 == null)
            {
                lblMsg.Text = "TMHSelf-240, Error: Error Occurred - (1) Database Error";
                return;
            }

            if (ds1.Tables["tblUser"].Rows.Count != 0)
            {
                lblMsg.Text = "TMHSelf-250, Error: A user account already exist for the email address you entered.";
                return;
            }

            else
            {
                try
                {
                    // register new user account
                    StringBuilder strCmd2 = new StringBuilder();

                    strCmd2.Append("INSERT INTO TMHUsers ([UserName],[PassWord],[CreatedWhen],[LastActivityDate],[Status],[PIN],[IP])");
                    strCmd2.Append("VALUES ('" + strUser + "','" + sPassEnc + "', GETDATE(), GETDATE(),'A','" + strpin + "','" + strIPAddress + "')");
                    db1.mv_OpenConnection2(strIPAddress);
                    db1.mv_InsertOrUpdate(strCmd2.ToString());
                    db1.mv_CloseConnection();
                    // check to see if error occurred during database connection and sql command execution
                }
                catch (Exception ex)
                {
                    string strErr = ex.Message.ToString();
                    lblMsg.Text = "TMHSelf-260, Error: Error Occurred - (1) User Account not Created.";
                    return;
                }
            }

            msgVal.Attributes["class"] = "alert alert-info";
            lblMsg.Text          = "Your user account has been created, and you are logged in.";
            pnlAddUser.Visible   = false;
            pnlindexPage.Visible = true;

            HttpContext.Current.Session["TMHPasswordAccess"] = "Yes";
            HttpContext.Current.Session["TMHUser"]           = strUser;
            HttpContext.Current.Session["TMHUserPIN"]        = strpin;

            // need internal user id saved in the session variable for inserting new TMH cases for the user
            HttpContext.Current.Session["TMHUserId"] = strGetUserId(strUser);

            // Create the forms authetication ticket
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, strUser, DateTime.Now
                                                                                 , DateTime.Now.AddMinutes(300), false, String.Empty, FormsAuthentication.FormsCookiePath);

            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

            // Create a cookie and add the encrypted ticket to the cookie as data.
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

            // Add the cookie to the outgoing cookies collection.
            Response.Cookies.Add(authCookie);

            if (Request.QueryString["ReturnUrl"] != null)
            {
                FormsAuthentication.RedirectFromLoginPage(strUser, false);
                //Response.Redirect("default.aspx");
            }
        }